program:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) (async)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) (async)
ioctl$SIOCGETMIFCNT_IN6(r1, 0x89e0, &(0x7f0000000000)={0xffffffffffffffff}) (async)
madvise(&(0x7f0000000000/0x4000)=nil, 0x0, 0x4) (async)
r2 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000080)={'pcl812\x00', [0x2f00, 0x80008000, 0x1, 0xa, 0x0, 0x2, 0x1, 0xf, 0x1000, 0x1000001, 0x8, 0x2, 0x80001008, 0x4, 0xffff, 0x6, 0xffffffa7, 0xffff, 0xfffffffd, 0x1, 0x3ff, 0x10000, 0x7fb, 0xe2df, 0x9, 0x1, 0x4, 0x3, 0x7, 0x6, 0x5]})
[ 75.163048][ T5320] Bluetooth: hci0: command tx timeout
[ 75.256356][ T5341] ------------[ cut here ]------------
[ 75.265699][ T5341] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/pcl812.c:1152:10
[ 75.275268][ T5341] shift exponent -2147450880 is negative
[ 75.296274][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full)
[ 75.296295][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 75.296302][ T5341] Call Trace:
[ 75.296306][ T5341]
[ 75.296311][ T5341] dump_stack_lvl+0x189/0x250
[ 75.296409][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10
[ 75.296421][ T5341] ? __pfx__printk+0x10/0x10
[ 75.296445][ T5341] ubsan_epilogue+0xa/0x40
[ 75.296459][ T5341] __ubsan_handle_shift_out_of_bounds+0x386/0x410
[ 75.296513][ T5341] pcl812_attach+0x1b9e/0x2300
[ 75.296566][ T5341] comedi_device_attach+0x51d/0x670
[ 75.296583][ T5341] comedi_unlocked_ioctl+0x686/0xf40
[ 75.296604][ T5341] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 75.296634][ T5341] ? __lock_acquire+0xab9/0xd20
[ 75.296657][ T5341] ? __fget_files+0x2a/0x420
[ 75.296675][ T5341] ? __fget_files+0x2a/0x420
[ 75.296686][ T5341] ? __fget_files+0x3a0/0x420
[ 75.296697][ T5341] ? __fget_files+0x2a/0x420
[ 75.296712][ T5341] ? bpf_lsm_file_ioctl+0x9/0x20
[ 75.296723][ T5341] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 75.296737][ T5341] __se_sys_ioctl+0xf9/0x170
[ 75.296751][ T5341] do_syscall_64+0xfa/0x3b0
[ 75.296786][ T5341] ? lockdep_hardirqs_on+0x9c/0x150
[ 75.296793][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.296800][ T5341] ? clear_bhb_loop+0x60/0xb0
[ 75.296809][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.296815][ T5341] RIP: 0033:0x7f7ec978e9a9
[ 75.296823][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 75.296828][ T5341] RSP: 002b:00007f7eca55a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 75.296837][ T5341] RAX: ffffffffffffffda RBX: 00007f7ec99b6080 RCX: 00007f7ec978e9a9
[ 75.296842][ T5341] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000005
[ 75.296846][ T5341] RBP: 00007f7ec9810d69 R08: 0000000000000000 R09: 0000000000000000
[ 75.296850][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 75.296854][ T5341] R13: 0000000000000000 R14: 00007f7ec99b6080 R15: 00007fff4cf84b28
[ 75.296872][ T5341]
[ 75.296876][ T5341] ---[ end trace ]---
[ 75.421205][ T5341] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[ 75.424297][ T5341] CPU: 0 UID: 0 PID: 5341 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00121-g6832a9317eee #0 PREEMPT(full)
[ 75.429192][ T5341] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 75.433800][ T5341] Call Trace:
[ 75.435368][ T5341]
[ 75.436644][ T5341] dump_stack_lvl+0x99/0x250
[ 75.438623][ T5341] ? __asan_memcpy+0x40/0x70
[ 75.440457][ T5341] ? __pfx_dump_stack_lvl+0x10/0x10
[ 75.442675][ T5341] ? __pfx__printk+0x10/0x10
[ 75.444752][ T5341] panic+0x2db/0x790
[ 75.446539][ T5341] ? __pfx_panic+0x10/0x10
[ 75.448617][ T5341] ? _printk+0xcf/0x120
[ 75.450453][ T5341] ? __pfx__printk+0x10/0x10
[ 75.452495][ T5341] check_panic_on_warn+0x89/0xb0
[ 75.454733][ T5341] __ubsan_handle_shift_out_of_bounds+0x386/0x410
[ 75.457539][ T5341] pcl812_attach+0x1b9e/0x2300
[ 75.459627][ T5341] comedi_device_attach+0x51d/0x670
[ 75.461876][ T5341] comedi_unlocked_ioctl+0x686/0xf40
[ 75.464128][ T5341] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 75.466618][ T5341] ? __lock_acquire+0xab9/0xd20
[ 75.468860][ T5341] ? __fget_files+0x2a/0x420
[ 75.471042][ T5341] ? __fget_files+0x2a/0x420
[ 75.473276][ T5341] ? __fget_files+0x3a0/0x420
[ 75.475440][ T5341] ? __fget_files+0x2a/0x420
[ 75.477432][ T5341] ? bpf_lsm_file_ioctl+0x9/0x20
[ 75.479565][ T5341] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 75.482158][ T5341] __se_sys_ioctl+0xf9/0x170
[ 75.484196][ T5341] do_syscall_64+0xfa/0x3b0
[ 75.486156][ T5341] ? lockdep_hardirqs_on+0x9c/0x150
[ 75.488299][ T5341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.491019][ T5341] ? clear_bhb_loop+0x60/0xb0
[ 75.493279][ T5341] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.496116][ T5341] RIP: 0033:0x7f7ec978e9a9
[ 75.498094][ T5341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 75.506660][ T5341] RSP: 002b:00007f7eca55a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 75.510639][ T5341] RAX: ffffffffffffffda RBX: 00007f7ec99b6080 RCX: 00007f7ec978e9a9
[ 75.514278][ T5341] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000005
[ 75.517893][ T5341] RBP: 00007f7ec9810d69 R08: 0000000000000000 R09: 0000000000000000
[ 75.521278][ T5341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 75.524685][ T5341] R13: 0000000000000000 R14: 00007f7ec99b6080 R15: 00007fff4cf84b28
[ 75.528249][ T5341]
[ 75.530112][ T5341] Kernel Offset: disabled
[ 75.532170][ T5341] Rebooting in 86400 seconds..