BUG: TASK stack guard page was hit at ffffc9000d31ff98 (stack is ffffc9000d320000..ffffc9000d328000)
Oops: stack guard page: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 UID: 0 PID: 962 Comm: syz.2.196 Not tainted syzkaller #0 29c6904b08c3b1e8518f4116e2e8016f6159917e
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
RIP: 0010:update_stack_state+0x4c/0x4b0 arch/x86/kernel/unwind_frame.c:205
Code: ff df 48 89 f8 48 c1 e8 03 48 89 45 b8 42 0f b6 04 28 84 c0 0f 85 02 04 00 00 8b 03 89 45 ac 48 8d 7b 58 48 89 f8 48 c1 e8 03 <48> 89 45 98 42 80 3c 28 00 48 89 7d c8 74 09 e8 b0 9b 9b 00 48 8b
RSP: 0018:ffffc9000d31ffa0 EFLAGS: 00010a02
RAX: 1ffff92001a64038 RBX: ffffc9000d320168 RCX: 1ffff92001a64034
RDX: dffffc0000000000 RSI: ffffc9000d3201f0 RDI: ffffc9000d3201c0
RBP: ffffc9000d320060 R08: ffffc9000d320101 R09: 0000000000000000
R10: ffffc9000d320168 R11: fffff52001a64039 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc9000d3201c0 R15: ffffc9000d3201f0
FS:  00007fc6743f36c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000d31ff98 CR3: 000000011e822000 CR4: 00000000003526b0
Call Trace:
 <TASK>
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:update_stack_state+0x4c/0x4b0 arch/x86/kernel/unwind_frame.c:205
Code: ff df 48 89 f8 48 c1 e8 03 48 89 45 b8 42 0f b6 04 28 84 c0 0f 85 02 04 00 00 8b 03 89 45 ac 48 8d 7b 58 48 89 f8 48 c1 e8 03 <48> 89 45 98 42 80 3c 28 00 48 89 7d c8 74 09 e8 b0 9b 9b 00 48 8b
RSP: 0018:ffffc9000d31ffa0 EFLAGS: 00010a02
RAX: 1ffff92001a64038 RBX: ffffc9000d320168 RCX: 1ffff92001a64034
RDX: dffffc0000000000 RSI: ffffc9000d3201f0 RDI: ffffc9000d3201c0
RBP: ffffc9000d320060 R08: ffffc9000d320101 R09: 0000000000000000
R10: ffffc9000d320168 R11: fffff52001a64039 R12: 0000000000000000
R13: dffffc0000000000 R14: ffffc9000d3201c0 R15: ffffc9000d3201f0
FS:  00007fc6743f36c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc9000d31ff98 CR3: 000000011e822000 CR4: 00000000003526b0
----------------
Code disassembly (best guess):
   0:	ff                   	lcall  (bad)
   1:	df 48 89             	fisttps -0x77(%rax)
   4:	f8                   	clc
   5:	48 c1 e8 03          	shr    $0x3,%rax
   9:	48 89 45 b8          	mov    %rax,-0x48(%rbp)
   d:	42 0f b6 04 28       	movzbl (%rax,%r13,1),%eax
  12:	84 c0                	test   %al,%al
  14:	0f 85 02 04 00 00    	jne    0x41c
  1a:	8b 03                	mov    (%rbx),%eax
  1c:	89 45 ac             	mov    %eax,-0x54(%rbp)
  1f:	48 8d 7b 58          	lea    0x58(%rbx),%rdi
  23:	48 89 f8             	mov    %rdi,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	48 89 45 98          	mov    %rax,-0x68(%rbp) <-- trapping instruction
  2e:	42 80 3c 28 00       	cmpb   $0x0,(%rax,%r13,1)
  33:	48 89 7d c8          	mov    %rdi,-0x38(%rbp)
  37:	74 09                	je     0x42
  39:	e8 b0 9b 9b 00       	call   0x9b9bee
  3e:	48                   	rex.W
  3f:	8b                   	.byte 0x8b