program: r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @multicast2}, @in6={0xa, 0x4e21, 0x76, @dev={0xfe, 0x80, '\x00', 0x33}, 0x2}], 0x2c) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) r3 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r3, &(0x7f00000001c0)=@profile={'permprofile ', ':\':\x02'}, 0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000040)={r4, 0x2}, 0x8) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000200)=0x0) fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000002c0)={r5, r6, 0xffffffffffffffff}, 0xc) r7 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, &(0x7f0000000080)={'pcl812\x00', [0x2f00, 0x40, 0xd09a, 0x2, 0x2, 0x3, 0xfff, 0x6, 0xffe, 0x1, 0x1000000c, 0x1, 0x4, 0x4, 0x1, 0x6, 0xffffffa7, 0x40000009, 0x832, 0xfffffff7, 0x3ff, 0x9, 0x800, 0xe2df, 0x4, 0x0, 0x6, 0x3, 0x4, 0x9, 0x70f]}) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x40, &(0x7f0000000340), 0x1, 0x55d, &(0x7f0000000ec0)="$eJzs3U1oHFUcAPD/zGbtVzQVFFR6KCpUKN0k/dDqqb2KhUIPgpcaNtsQssmG7EabkEN6L2IPotJLvenBo+LBg3jx6NWL4lkQDQpND7KyX2mb7KbbmmZr5/eD2X1v3mT/783sf2ZnmCEBZNbhxksa8XxEnE8iRu5oG4p24+HWcutrK8VbayvFJOr1C38kkUTEzbWVYmf5pP1+ICJWI+K5iPg+H3E03Rq3urQ8M1Eulxba9dHa7PxodWn52PTsxFRpqjR34rXXT50+eWr8+PiOjfXqL9c+uPrjmzeuffHlodXiRxNJnInhdtud49hJrXWSjzOb5p98GMEGKBl0B3gguXae5yPi2RiJXDvrgcdffU9EHcioRP5DRnV+BzTOfzvTbv7++P1s6wSkEXe9PbVahlrXJmJv89xk/1/JXWcmjfPNg7vZUR5Lq1ciYmxoaOv3P2l//x7c2E50kIfqu7OtDbV1+6cb+5/osv8Z7lw7/Y86+7/1Lfu/2/FzPfZ/5/uM8c87v37aM/6ViBe6xk824idd4qcR8W6f8a+//c3pXm31zyKORPf4Hcn214dHL02XS2Ot164xvj1y6I3txr+/R/zWNdu9zcNMt/U/3+f4v/7hqxdXt4n/ykvbb/9u639fRHzYZ/ynb37+Vq+2RvzJHuPfLn5j3o0+47965vDPfS4KAAAAAAAAAADch7R5L1uSFjbKaVootJ7hfSb2p+VKtXb0UmVxbrJ1z9vByKedO61GWvWkUR9v34/bqR/fVD+RawfM7WvWC8VKeXLAYwcAAAAAAAAAAAAAAAAAAIBHxYFNz///nWs9/w9khH/5Ddkl/yG77s7/ZGD9AHaf4z9kVl3+Q3bJf8gu+Q/ZJf8BIHsc/yG75D8AAAAAAAAAAAAAAAAAAAAAAAAAADwU58+da0z1W2srxUZ9cmhpcaby3rHJUnWmMLtYLBQrC/OFqUplqlwqFCuz9/q8cqUyPxZzi5dHa6VqbbS6tHxxtrI4V7s4PTuRi4ul/K6MCgAAAAAAAAAAAAAAAAAAAP5fhptTkhYiIm2W07RQiHgyIg5GPrk0XS6NRcRTEfFTLr+nUR8fdKcBAAAAAAAAAAAAAAAAAADgMVNdWp6ZKJdLCwpbCxGxurOf3PjE+/6rfHtbPSqrRSELhQHvmAAAAAAAAAAAAAAAAAAAIINuP/Q76J4AAAAAAAAAAAAAAAAAAABAlqW/JRHRmI6MvDy8ufWJZD3XfI+I969f+PjyRK22MN6Y/+fG/Non7fnHB9F/oF+dPO3kMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBbdWl5ZqJcLi30LuyLey+zbWHQYwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4EP8GAAD///Ce0wY=") r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4000, 0x0) pwritev2(r8, &(0x7f0000000140)=[{&(0x7f0000000000)="e8ab0ca3d22a80b40f208b9c22cd63ff", 0x10}], 0x1, 0x5402, 0x0, 0x0) sendfile(r8, r8, 0x0, 0x7a680000) [ 74.024156][ T5318] Bluetooth: hci0: command tx timeout [ 74.061728][ T25] audit: type=1400 audit(1752793641.731:2): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A273A02 pid=5339 comm="syz.0.0" [ 74.084421][ T5340] ------------[ cut here ]------------ [ 74.087039][ T5340] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/pcl812.c:1152:10 [ 74.100854][ T5340] shift exponent 64 is too large for 32-bit type 'int' [ 74.104850][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) [ 74.104862][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.104868][ T5340] Call Trace: [ 74.104872][ T5340] [ 74.104875][ T5340] dump_stack_lvl+0x189/0x250 [ 74.104978][ T5340] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.104992][ T5340] ? __pfx__printk+0x10/0x10 [ 74.105015][ T5340] ubsan_epilogue+0xa/0x40 [ 74.105029][ T5340] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 74.105084][ T5340] pcl812_attach+0x1b9e/0x2300 [ 74.105125][ T5340] comedi_device_attach+0x51d/0x670 [ 74.105136][ T5340] comedi_unlocked_ioctl+0x686/0xf40 [ 74.105151][ T5340] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 74.105173][ T5340] ? __lock_acquire+0xab9/0xd20 [ 74.105190][ T5340] ? __fget_files+0x2a/0x420 [ 74.105201][ T5340] ? __fget_files+0x2a/0x420 [ 74.105210][ T5340] ? __fget_files+0x3a0/0x420 [ 74.105218][ T5340] ? __fget_files+0x2a/0x420 [ 74.105228][ T5340] ? bpf_lsm_file_ioctl+0x9/0x20 [ 74.105236][ T5340] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 74.105244][ T5340] __se_sys_ioctl+0xf9/0x170 [ 74.105252][ T5340] do_syscall_64+0xfa/0x3b0 [ 74.105295][ T5340] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.105307][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.105316][ T5340] ? clear_bhb_loop+0x60/0xb0 [ 74.105328][ T5340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.105338][ T5340] RIP: 0033:0x7fef77f8e9a9 [ 74.105350][ T5340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.105360][ T5340] RSP: 002b:00007fef78d86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 74.105373][ T5340] RAX: ffffffffffffffda RBX: 00007fef781b5fa0 RCX: 00007fef77f8e9a9 [ 74.105382][ T5340] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000007 [ 74.105387][ T5340] RBP: 00007fef78010ca1 R08: 0000000000000000 R09: 0000000000000000 [ 74.105392][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.105397][ T5340] R13: 0000000000000000 R14: 00007fef781b5fa0 R15: 00007ffe71b1b4b8 [ 74.105408][ T5340] [ 74.105411][ T5340] ---[ end trace ]--- [ 74.230241][ T5341] loop0: detected capacity change from 0 to 1024 [ 74.239121][ T5341] ======================================================= [ 74.239121][ T5341] WARNING: The mand mount option has been deprecated and [ 74.239121][ T5341] and is ignored by this kernel. Remove the mand [ 74.239121][ T5341] option from the mount to silence this warning. [ 74.239121][ T5341] ======================================================= [ 74.300446][ T5340] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 74.303950][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full) [ 74.308867][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.313435][ T5340] Call Trace: [ 74.314918][ T5340] [ 74.316275][ T5340] dump_stack_lvl+0x99/0x250 [ 74.318261][ T5340] ? __asan_memcpy+0x40/0x70 [ 74.320273][ T5340] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.322595][ T5340] ? __pfx__printk+0x10/0x10 [ 74.324700][ T5340] panic+0x2db/0x790 [ 74.326471][ T5340] ? __pfx_panic+0x10/0x10 [ 74.328376][ T5340] ? _printk+0xcf/0x120 [ 74.330209][ T5340] ? __pfx__printk+0x10/0x10 [ 74.332306][ T5340] check_panic_on_warn+0x89/0xb0 [ 74.334466][ T5340] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 74.337255][ T5340] pcl812_attach+0x1b9e/0x2300 [ 74.339288][ T5340] comedi_device_attach+0x51d/0x670 [ 74.341578][ T5340] comedi_unlocked_ioctl+0x686/0xf40 [ 74.343972][ T5340] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 74.346624][ T5340] ? __lock_acquire+0xab9/0xd20 [ 74.348820][ T5340] ? __fget_files+0x2a/0x420 [ 74.350859][ T5340] ? __fget_files+0x2a/0x420 [ 74.352969][ T5340] ? __fget_files+0x3a0/0x420 [ 74.355047][ T5340] ? __fget_files+0x2a/0x420 [ 74.357083][ T5340] ? bpf_lsm_file_ioctl+0x9/0x20 [ 74.359223][ T5340] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 74.361827][ T5340] __se_sys_ioctl+0xf9/0x170 [ 74.363960][ T5340] do_syscall_64+0xfa/0x3b0 [ 74.366105][ T5340] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.368432][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.371280][ T5340] ? clear_bhb_loop+0x60/0xb0 [ 74.373430][ T5340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.375993][ T5340] RIP: 0033:0x7fef77f8e9a9 [ 74.377944][ T5340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.386175][ T5340] RSP: 002b:00007fef78d86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 74.389894][ T5340] RAX: ffffffffffffffda RBX: 00007fef781b5fa0 RCX: 00007fef77f8e9a9 [ 74.393378][ T5340] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000007 [ 74.396713][ T5340] RBP: 00007fef78010ca1 R08: 0000000000000000 R09: 0000000000000000 [ 74.400142][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.403309][ T5340] R13: 0000000000000000 R14: 00007fef781b5fa0 R15: 00007ffe71b1b4b8 [ 74.406750][ T5340] [ 74.408442][ T5340] Kernel Offset: disabled [ 74.410410][ T5340] Rebooting in 86400 seconds..