program:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)=ANY=[@ANYRES16=r0], 0x50}}, 0x20000)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000380)='./bus\x00', 0x0, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000002c0)={0x30, 0x5, 0x0, {0x0, 0x2000000000000, 0x0, 0x9}}, 0x30)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x21201, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000003c0)=0x14)
r6 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
inotify_init1(0xc00)
r7 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, &(0x7f0000000080)={'aio_iiro_16\x00', [0x80c, 0x2166, 0x6, 0x100, 0x88d6, 0x2fd, 0x8, 0x10, 0xfffffffd, 0xffffffff, 0x200, 0xfff, 0x344, 0x6, 0x2, 0x200, 0x9, 0x3, 0x3, 0x1, 0x4, 0x0, 0xffffffff, 0x10000, 0x1, 0x1, 0xb0c4, 0x5f, 0x8, 0xf3, 0x1]})
setns(r6, 0x40000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
ioctl$TIOCVHANGUP(r5, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendfile(r2, r1, 0x0, 0x4000000053d2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = openat$cgroup_ro(r1, &(0x7f0000000300)='blkio.throttle.io_serviced\x00', 0x26e1, 0x0)
setresuid(0x0, 0x0, 0x0)
close(r8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000900))
ioctl$SIOCSIFHWADDR(r8, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="018d000007ff"})

[   85.424523][ T4690] Bluetooth: hci0: command tx timeout
[   85.534509][ T5344] ------------[ cut here ]------------
[   85.536486][ T5344] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/aio_iiro_16.c:180:9
[   85.539575][ T5344] shift exponent 8550 is too large for 32-bit type 'int'
[   85.542123][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[   85.542135][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.542140][ T5344] Call Trace:
[   85.542145][ T5344]  <TASK>
[   85.542148][ T5344]  dump_stack_lvl+0x189/0x250
[   85.542216][ T5344]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.542230][ T5344]  ? __pfx__printk+0x10/0x10
[   85.542249][ T5344]  ? __pfx___request_region_locked+0x10/0x10
[   85.542266][ T5344]  ubsan_epilogue+0xa/0x40
[   85.542275][ T5344]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   85.542313][ T5344]  ? __request_region+0xc2/0xe0
[   85.542325][ T5344]  ? comedi_request_region+0x7b/0x180
[   85.542363][ T5344]  aio_iiro_16_attach+0x5e8/0x790
[   85.542380][ T5344]  comedi_device_attach+0x520/0x670
[   85.542397][ T5344]  comedi_unlocked_ioctl+0x686/0xf40
[   85.542411][ T5344]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   85.542432][ T5344]  ? __lock_acquire+0xab9/0xd20
[   85.542448][ T5344]  ? __fget_files+0x2a/0x420
[   85.542460][ T5344]  ? __fget_files+0x2a/0x420
[   85.542470][ T5344]  ? __fget_files+0x3a0/0x420
[   85.542478][ T5344]  ? __fget_files+0x2a/0x420
[   85.542490][ T5344]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.542499][ T5344]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   85.542509][ T5344]  __se_sys_ioctl+0xfc/0x170
[   85.542518][ T5344]  do_syscall_64+0xfa/0x3b0
[   85.542550][ T5344]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.542561][ T5344]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.542568][ T5344]  ? clear_bhb_loop+0x60/0xb0
[   85.542577][ T5344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.542584][ T5344] RIP: 0033:0x7fd7ae18e929
[   85.542594][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.542601][ T5344] RSP: 002b:00007fd7aa5f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.542610][ T5344] RAX: ffffffffffffffda RBX: 00007fd7ae3b5fa0 RCX: 00007fd7ae18e929
[   85.542616][ T5344] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 000000000000000a
[   85.542621][ T5344] RBP: 00007fd7ae210b39 R08: 0000000000000000 R09: 0000000000000000
[   85.542625][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.542630][ T5344] R13: 0000000000000000 R14: 00007fd7ae3b5fa0 R15: 00007ffcb5b3ee58
[   85.542648][ T5344]  </TASK>
[   85.542675][ T5344] ---[ end trace ]---
[   85.646011][ T5344] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[   85.649380][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) 
[   85.654986][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.660303][ T5344] Call Trace:
[   85.662200][ T5344]  <TASK>
[   85.663828][ T5344]  dump_stack_lvl+0x99/0x250
[   85.666249][ T5344]  ? __asan_memcpy+0x40/0x70
[   85.668679][ T5344]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.671587][ T5344]  ? __pfx__printk+0x10/0x10
[   85.673983][ T5344]  panic+0x2db/0x790
[   85.676001][ T5344]  ? __pfx_panic+0x10/0x10
[   85.678485][ T5344]  ? _printk+0xcf/0x120
[   85.680836][ T5344]  ? __pfx__printk+0x10/0x10
[   85.683259][ T5344]  check_panic_on_warn+0x89/0xb0
[   85.685667][ T5344]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   85.688702][ T5344]  ? __request_region+0xc2/0xe0
[   85.690837][ T5344]  ? comedi_request_region+0x7b/0x180
[   85.693288][ T5344]  aio_iiro_16_attach+0x5e8/0x790
[   85.695442][ T5344]  comedi_device_attach+0x520/0x670
[   85.697757][ T5344]  comedi_unlocked_ioctl+0x686/0xf40
[   85.700183][ T5344]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   85.702377][ T5344]  ? __lock_acquire+0xab9/0xd20
[   85.704105][ T5344]  ? __fget_files+0x2a/0x420
[   85.705688][ T5344]  ? __fget_files+0x2a/0x420
[   85.707376][ T5344]  ? __fget_files+0x3a0/0x420
[   85.709243][ T5344]  ? __fget_files+0x2a/0x420
[   85.711462][ T5344]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.713890][ T5344]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   85.716570][ T5344]  __se_sys_ioctl+0xfc/0x170
[   85.718763][ T5344]  do_syscall_64+0xfa/0x3b0
[   85.720737][ T5344]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.723064][ T5344]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.725502][ T5344]  ? clear_bhb_loop+0x60/0xb0
[   85.727516][ T5344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.729985][ T5344] RIP: 0033:0x7fd7ae18e929
[   85.732111][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.740150][ T5344] RSP: 002b:00007fd7aa5f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.743864][ T5344] RAX: ffffffffffffffda RBX: 00007fd7ae3b5fa0 RCX: 00007fd7ae18e929
[   85.747234][ T5344] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 000000000000000a
[   85.750440][ T5344] RBP: 00007fd7ae210b39 R08: 0000000000000000 R09: 0000000000000000
[   85.753740][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.757212][ T5344] R13: 0000000000000000 R14: 00007fd7ae3b5fa0 R15: 00007ffcb5b3ee58
[   85.760604][ T5344]  </TASK>
[   85.762247][ T5344] Kernel Offset: disabled
[   85.764125][ T5344] Rebooting in 86400 seconds..