BUG: stack guard page was hit at ffffc90003417fe8 (stack is ffffc90003418000..ffffc9000341ffff)
kernel stack overflow (double-fault): 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 11876 Comm: syz-executor.1 Tainted: G        W         5.10.186-syzkaller-01315-g59b65efafe20 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
RIP: 0010:update_stack_state+0x11d/0x460
Code: 45 a8 48 01 c1 48 89 4d 80 49 8d 47 18 48 89 85 60 ff ff ff 49 8d 5f 28 49 8d 47 20 48 89 85 68 ff ff ff 4c 89 e0 48 c1 e8 03 <48> 89 85 48 ff ff ff 48 89 95 70 ff ff ff 48 c1 ea 03 48 89 95 50
RSP: 0018:ffffc90003417ff8 EFLAGS: 00010a02
RAX: 1ffff92000683029 RBX: ffffc90003418168 RCX: ffffc90003418140
RDX: ffffc90003418150 RSI: ffffc90003418130 RDI: ffffc90003418198
RBP: ffffc900034180b0 R08: dffffc0000000001 R09: ffffc90003418140
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90003418148
R13: ffff88810c1bcf00 R14: dffffc0000000000 R15: ffffc90003418140
FS:  00007f97065a1700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90003417fe8 CR3: 000000011ede3000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <#DF>
 </#DF>
Modules linked in:
---[ end trace 6b2b0efa9c9536e0 ]---
RIP: 0010:update_stack_state+0x11d/0x460
Code: 45 a8 48 01 c1 48 89 4d 80 49 8d 47 18 48 89 85 60 ff ff ff 49 8d 5f 28 49 8d 47 20 48 89 85 68 ff ff ff 4c 89 e0 48 c1 e8 03 <48> 89 85 48 ff ff ff 48 89 95 70 ff ff ff 48 c1 ea 03 48 89 95 50
RSP: 0018:ffffc90003417ff8 EFLAGS: 00010a02
RAX: 1ffff92000683029 RBX: ffffc90003418168 RCX: ffffc90003418140
RDX: ffffc90003418150 RSI: ffffc90003418130 RDI: ffffc90003418198
RBP: ffffc900034180b0 R08: dffffc0000000001 R09: ffffc90003418140
R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc90003418148
R13: ffff88810c1bcf00 R14: dffffc0000000000 R15: ffffc90003418140
FS:  00007f97065a1700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90003417fe8 CR3: 000000011ede3000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	45 a8 48             	rex.RB test $0x48,%al
   3:	01 c1                	add    %eax,%ecx
   5:	48 89 4d 80          	mov    %rcx,-0x80(%rbp)
   9:	49 8d 47 18          	lea    0x18(%r15),%rax
   d:	48 89 85 60 ff ff ff 	mov    %rax,-0xa0(%rbp)
  14:	49 8d 5f 28          	lea    0x28(%r15),%rbx
  18:	49 8d 47 20          	lea    0x20(%r15),%rax
  1c:	48 89 85 68 ff ff ff 	mov    %rax,-0x98(%rbp)
  23:	4c 89 e0             	mov    %r12,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	48 89 85 48 ff ff ff 	mov    %rax,-0xb8(%rbp) <-- trapping instruction
  31:	48 89 95 70 ff ff ff 	mov    %rdx,-0x90(%rbp)
  38:	48 c1 ea 03          	shr    $0x3,%rdx
  3c:	48                   	rex.W
  3d:	89                   	.byte 0x89
  3e:	95                   	xchg   %eax,%ebp
  3f:	50                   	push   %rax