loop0: detected capacity change from 0 to 4096
ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
overlayfs: upper fs does not support tmpfile.
overlayfs: upper fs does not support RENAME_WHITEOUT.
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: __schedule+0x1aa0/0x4cd0 kernel/sched/core.c:-1
CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.15.0-rc3-syzkaller-00283-gf1a3944c860b #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0x99/0x250 lib/dump_stack.c:120
 panic+0x2db/0x790 kernel/panic.c:354
 __stack_chk_fail+0x26/0x30 kernel/panic.c:841
 __schedule+0x1aa0/0x4cd0 kernel/sched/core.c:-1
 preempt_schedule_irq+0xb5/0x150 kernel/sched/core.c:7090
 irqentry_exit+0x6f/0x90 kernel/entry/common.c:354
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:memcg1_commit_charge+0x1f4/0x2b0 mm/memcontrol-v1.c:582
Code: d4 9e ff 48 c7 44 24 40 00 00 00 00 9c 8f 44 24 40 f6 44 24 41 02 75 6e f7 c3 00 02 00 00 74 01 fb 48 c7 44 24 20 0e 36 e0 45 <4b> c7 44 3d 00 00 00 00 00 66 43 c7 44 3d 09 00 00 43 c6 44 3d 0b
RSP: 0018:ffffc9000d5669a0 EFLAGS: 00000206
RAX: 7702f46a1bf52300 RBX: 0000000000000a02 RCX: 7702f46a1bf52300
RDX: 0000000000000006 RSI: ffffffff8d748fd9 RDI: ffffffff8bc1cde0
RBP: ffffc9000d566a70 R08: ffffffff8f7ec977 R09: 1ffffffff1efd92e
R10: dffffc0000000000 R11: fffffbfff1efd92f R12: 0000000000000001
R13: 1ffff92001aacd38 R14: ffffea00013152c0 R15: dffffc0000000000
 charge_memcg+0x10b/0x180 mm/memcontrol.c:4598
 __mem_cgroup_charge+0x25/0x80 mm/memcontrol.c:4609
 mem_cgroup_charge include/linux/memcontrol.h:642 [inline]
 filemap_add_folio+0x49/0x270 mm/filemap.c:964
 __filemap_get_folio+0x4f6/0xaf0 mm/filemap.c:1979
 ntfs_write_begin+0x161/0x310 fs/ntfs3/inode.c:922
 generic_perform_write+0x2c4/0x910 mm/filemap.c:4103
 ntfs_file_write_iter+0x71c/0x820 fs/ntfs3/file.c:1287
 iter_file_splice_write+0x937/0x1000 fs/splice.c:738
 do_splice_from fs/splice.c:935 [inline]
 direct_splice_actor+0xfe/0x160 fs/splice.c:1158
 splice_direct_to_actor+0x5a5/0xcc0 fs/splice.c:1102
 do_splice_direct_actor fs/splice.c:1201 [inline]
 do_splice_direct+0x181/0x270 fs/splice.c:1227
 ovl_copy_up_file+0x4bb/0x6a0 fs/overlayfs/copy_up.c:349
 ovl_copy_up_data+0x1fe/0x280 fs/overlayfs/copy_up.c:654
 ovl_copy_up_workdir fs/overlayfs/copy_up.c:796 [inline]
 ovl_do_copy_up fs/overlayfs/copy_up.c:1001 [inline]
 ovl_copy_up_one fs/overlayfs/copy_up.c:1202 [inline]
 ovl_copy_up_flags+0x120b/0x2fb0 fs/overlayfs/copy_up.c:1257
 ovl_rename+0x5ca/0x1650 fs/overlayfs/dir.c:1122
 vfs_rename+0xb99/0xec0 fs/namei.c:5121
 do_renameat2+0x878/0xc50 fs/namei.c:5270
 __do_sys_rename fs/namei.c:5317 [inline]
 __se_sys_rename fs/namei.c:5315 [inline]
 __x64_sys_rename+0x82/0x90 fs/namei.c:5315
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcc7998e969
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcc7a8db038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
RAX: ffffffffffffffda RBX: 00007fcc79bb5fa0 RCX: 00007fcc7998e969
RDX: 0000000000000000 RSI: 0000200000000f40 RDI: 00002000000003c0
RBP: 00007fcc79a10ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fcc79bb5fa0 R15: 00007fffb1a76b98
 </TASK>
Kernel Offset: disabled
Rebooting in 86400 seconds..
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	9e                   	sahf
   1:	ff 48 c7             	decl   -0x39(%rax)
   4:	44 24 40             	rex.R and $0x40,%al
   7:	00 00                	add    %al,(%rax)
   9:	00 00                	add    %al,(%rax)
   b:	9c                   	pushf
   c:	8f 44 24 40          	pop    0x40(%rsp)
  10:	f6 44 24 41 02       	testb  $0x2,0x41(%rsp)
  15:	75 6e                	jne    0x85
  17:	f7 c3 00 02 00 00    	test   $0x200,%ebx
  1d:	74 01                	je     0x20
  1f:	fb                   	sti
  20:	48 c7 44 24 20 0e 36 	movq   $0x45e0360e,0x20(%rsp)
  27:	e0 45
* 29:	4b c7 44 3d 00 00 00 	movq   $0x0,0x0(%r13,%r15,1) <-- trapping instruction
  30:	00 00
  32:	66 43 c7 44 3d 09 00 	movw   $0x0,0x9(%r13,%r15,1)
  39:	00
  3a:	43                   	rex.XB
  3b:	c6                   	.byte 0xc6
  3c:	44                   	rex.R
  3d:	3d                   	.byte 0x3d
  3e:	0b                   	.byte 0xb