program:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f00000007c0)={[{@nr_inodes={'nr_inodes', 0x3d, [0x6b]}}]})
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'das16m1\x00', [0x2f00, 0xffffffff, 0xd09a, 0xffff0001, 0xfffffffe, 0xd1, 0x1, 0xff, 0xffe, 0x1, 0xc, 0x1, 0x7, 0x4, 0x10002, 0x4, 0xffffffa7, 0x175, 0x832, 0x30000, 0x400, 0x6, 0x1, 0xe2df, 0x2, 0x30000000, 0x4, 0x8, 0x6, 0x4, 0x70c]})
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) (async)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f00000007c0)={[{@nr_inodes={'nr_inodes', 0x3d, [0x6b]}}]}) (async)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'das16m1\x00', [0x2f00, 0xffffffff, 0xd09a, 0xffff0001, 0xfffffffe, 0xd1, 0x1, 0xff, 0xffe, 0x1, 0xc, 0x1, 0x7, 0x4, 0x10002, 0x4, 0xffffffa7, 0x175, 0x832, 0x30000, 0x400, 0x6, 0x1, 0xe2df, 0x2, 0x30000000, 0x4, 0x8, 0x6, 0x4, 0x70c]}) (async)

[   85.281630][ T5322] Bluetooth: hci0: command tx timeout
[   85.351918][ T5343] ------------[ cut here ]------------
[   85.354409][ T5343] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/das16m1.c:525:9
[   85.357892][ T5343] shift exponent -1 is negative
[   85.359892][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[   85.359928][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.359936][ T5343] Call Trace:
[   85.359947][ T5343]  <TASK>
[   85.359954][ T5343]  dump_stack_lvl+0x189/0x250
[   85.360042][ T5343]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.360055][ T5343]  ? __pfx__printk+0x10/0x10
[   85.360080][ T5343]  ubsan_epilogue+0xa/0x40
[   85.360098][ T5343]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   85.360151][ T5343]  ? __comedi_request_region+0x74/0x140
[   85.360197][ T5343]  das16m1_attach+0x8ee/0xb20
[   85.360218][ T5343]  comedi_device_attach+0x520/0x670
[   85.360234][ T5343]  comedi_unlocked_ioctl+0x686/0xf40
[   85.360255][ T5343]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   85.360290][ T5343]  ? __lock_acquire+0xab9/0xd20
[   85.360316][ T5343]  ? __fget_files+0x2a/0x420
[   85.360334][ T5343]  ? __fget_files+0x2a/0x420
[   85.360347][ T5343]  ? __fget_files+0x3a0/0x420
[   85.360360][ T5343]  ? __fget_files+0x2a/0x420
[   85.360377][ T5343]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.360389][ T5343]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   85.360404][ T5343]  __se_sys_ioctl+0xfc/0x170
[   85.360419][ T5343]  do_syscall_64+0xfa/0x3b0
[   85.360465][ T5343]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.360483][ T5343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.360502][ T5343]  ? clear_bhb_loop+0x60/0xb0
[   85.360516][ T5343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.360533][ T5343] RIP: 0033:0x7ffb48b8e929
[   85.360546][ T5343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.360564][ T5343] RSP: 002b:00007ffb49a27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.360578][ T5343] RAX: ffffffffffffffda RBX: 00007ffb48db5fa0 RCX: 00007ffb48b8e929
[   85.360586][ T5343] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
[   85.360594][ T5343] RBP: 00007ffb48c10ca1 R08: 0000000000000000 R09: 0000000000000000
[   85.360601][ T5343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.360608][ T5343] R13: 0000000000000000 R14: 00007ffb48db5fa0 R15: 00007ffe053291b8
[   85.360624][ T5343]  </TASK>
[   85.568119][ T5343] ---[ end trace ]---
[   85.569808][ T5343] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[   85.572971][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00037-ge2291551827f #0 PREEMPT(full) 
[   85.577872][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.582276][ T5343] Call Trace:
[   85.583734][ T5343]  <TASK>
[   85.585041][ T5343]  dump_stack_lvl+0x99/0x250
[   85.587109][ T5343]  ? __asan_memcpy+0x40/0x70
[   85.588914][ T5343]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.591109][ T5343]  ? __pfx__printk+0x10/0x10
[   85.593118][ T5343]  panic+0x2db/0x790
[   85.594774][ T5343]  ? __pfx_panic+0x10/0x10
[   85.596765][ T5343]  ? _printk+0xcf/0x120
[   85.598759][ T5343]  ? __pfx__printk+0x10/0x10
[   85.600950][ T5343]  check_panic_on_warn+0x89/0xb0
[   85.603920][ T5343]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   85.608291][ T5343]  ? __comedi_request_region+0x74/0x140
[   85.611223][ T5343]  das16m1_attach+0x8ee/0xb20
[   85.613178][ T5343]  comedi_device_attach+0x520/0x670
[   85.615512][ T5343]  comedi_unlocked_ioctl+0x686/0xf40
[   85.617919][ T5343]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   85.620560][ T5343]  ? __lock_acquire+0xab9/0xd20
[   85.622800][ T5343]  ? __fget_files+0x2a/0x420
[   85.624940][ T5343]  ? __fget_files+0x2a/0x420
[   85.627063][ T5343]  ? __fget_files+0x3a0/0x420
[   85.629198][ T5343]  ? __fget_files+0x2a/0x420
[   85.631188][ T5343]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.633252][ T5343]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   85.636002][ T5343]  __se_sys_ioctl+0xfc/0x170
[   85.638274][ T5343]  do_syscall_64+0xfa/0x3b0
[   85.640262][ T5343]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.642548][ T5343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.645163][ T5343]  ? clear_bhb_loop+0x60/0xb0
[   85.647266][ T5343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.649925][ T5343] RIP: 0033:0x7ffb48b8e929
[   85.651973][ T5343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.660434][ T5343] RSP: 002b:00007ffb49a27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.663913][ T5343] RAX: ffffffffffffffda RBX: 00007ffb48db5fa0 RCX: 00007ffb48b8e929
[   85.667304][ T5343] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
[   85.670538][ T5343] RBP: 00007ffb48c10ca1 R08: 0000000000000000 R09: 0000000000000000
[   85.674323][ T5343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.677737][ T5343] R13: 0000000000000000 R14: 00007ffb48db5fa0 R15: 00007ffe053291b8
[   85.681105][ T5343]  </TASK>
[   85.682930][ T5343] Kernel Offset: disabled
[   85.684875][ T5343] Rebooting in 86400 seconds..