program:
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000005c0)={'pcl726\x00', [0x4f27, 0xfffffffc, 0x4, 0x4, 0x3, 0x5, 0x4, 0x7, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x2, 0x7f, 0x3, 0x40000005, 0x8d, 0xcaa3, 0x0, 0x20001e5b, 0x3, 0xe66, 0x1000003, 0x100008, 0x4086, 0x0, 0xfffffff8]})

[   86.539255][ T5337] Bluetooth: hci0: command tx timeout
[   86.608928][ T5364] ------------[ cut here ]------------
[   86.611252][ T5364] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/pcl726.c:331:46
[   86.615239][ T5364] shift exponent -4 is negative
[   86.628275][ T5364] CPU: 0 UID: 0 PID: 5364 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.628292][ T5364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.628299][ T5364] Call Trace:
[   86.628305][ T5364]  <TASK>
[   86.628311][ T5364]  dump_stack_lvl+0x189/0x250
[   86.629595][ T5364]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.629611][ T5364]  ? __pfx__printk+0x10/0x10
[   86.629648][ T5364]  ubsan_epilogue+0xa/0x40
[   86.629666][ T5364]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   86.629730][ T5364]  ? __kmalloc_noprof+0x29b/0x4f0
[   86.629752][ T5364]  pcl726_attach+0xac4/0xd50
[   86.629802][ T5364]  ? comedi_device_attach+0x300/0x720
[   86.629822][ T5364]  comedi_device_attach+0x51f/0x720
[   86.629841][ T5364]  comedi_unlocked_ioctl+0x5ff/0x1020
[   86.629858][ T5364]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   86.629888][ T5364]  ? __lock_acquire+0xab9/0xd20
[   86.629919][ T5364]  ? __fget_files+0x2a/0x420
[   86.629937][ T5364]  ? __fget_files+0x2a/0x420
[   86.629950][ T5364]  ? __fget_files+0x3a0/0x420
[   86.629964][ T5364]  ? __fget_files+0x2a/0x420
[   86.629981][ T5364]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.629994][ T5364]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   86.630005][ T5364]  __se_sys_ioctl+0xfc/0x170
[   86.630019][ T5364]  do_syscall_64+0xfa/0x3b0
[   86.630068][ T5364]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.630085][ T5364]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.630096][ T5364]  ? clear_bhb_loop+0x60/0xb0
[   86.630111][ T5364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.630122][ T5364] RIP: 0033:0x7f08e298ebe9
[   86.630134][ T5364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.630145][ T5364] RSP: 002b:00007f08e378f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.630158][ T5364] RAX: ffffffffffffffda RBX: 00007f08e2bb5fa0 RCX: 00007f08e298ebe9
[   86.630167][ T5364] RDX: 00002000000005c0 RSI: 0000000040946400 RDI: 0000000000000003
[   86.630175][ T5364] RBP: 00007f08e2a11e19 R08: 0000000000000000 R09: 0000000000000000
[   86.630183][ T5364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.630191][ T5364] R13: 00007f08e2bb6038 R14: 00007f08e2bb5fa0 R15: 00007ffe321a1e58
[   86.630212][ T5364]  </TASK>
[   86.630217][ T5364] ---[ end trace ]---
[   86.786034][ T5364] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[   86.789424][ T5364] CPU: 0 UID: 0 PID: 5364 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.793379][ T5364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.798167][ T5364] Call Trace:
[   86.799813][ T5364]  <TASK>
[   86.801290][ T5364]  dump_stack_lvl+0x99/0x250
[   86.803734][ T5364]  ? __asan_memcpy+0x40/0x70
[   86.806191][ T5364]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.808803][ T5364]  ? __pfx__printk+0x10/0x10
[   86.810991][ T5364]  vpanic+0x281/0x750
[   86.812860][ T5364]  ? __pfx_vpanic+0x10/0x10
[   86.814858][ T5364]  panic+0xb9/0xc0
[   86.816613][ T5364]  ? __pfx_panic+0x10/0x10
[   86.818731][ T5364]  ? __pfx__printk+0x10/0x10
[   86.821092][ T5364]  check_panic_on_warn+0x89/0xb0
[   86.824679][ T5364]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   86.828143][ T5364]  ? __kmalloc_noprof+0x29b/0x4f0
[   86.830791][ T5364]  pcl726_attach+0xac4/0xd50
[   86.832943][ T5364]  ? comedi_device_attach+0x300/0x720
[   86.835376][ T5364]  comedi_device_attach+0x51f/0x720
[   86.837822][ T5364]  comedi_unlocked_ioctl+0x5ff/0x1020
[   86.840417][ T5364]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   86.843214][ T5364]  ? __lock_acquire+0xab9/0xd20
[   86.845633][ T5364]  ? __fget_files+0x2a/0x420
[   86.847784][ T5364]  ? __fget_files+0x2a/0x420
[   86.849916][ T5364]  ? __fget_files+0x3a0/0x420
[   86.852023][ T5364]  ? __fget_files+0x2a/0x420
[   86.854063][ T5364]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.856460][ T5364]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   86.859478][ T5364]  __se_sys_ioctl+0xfc/0x170
[   86.861713][ T5364]  do_syscall_64+0xfa/0x3b0
[   86.863909][ T5364]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.866405][ T5364]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.868992][ T5364]  ? clear_bhb_loop+0x60/0xb0
[   86.871107][ T5364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.874186][ T5364] RIP: 0033:0x7f08e298ebe9
[   86.876459][ T5364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.884882][ T5364] RSP: 002b:00007f08e378f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.888596][ T5364] RAX: ffffffffffffffda RBX: 00007f08e2bb5fa0 RCX: 00007f08e298ebe9
[   86.892007][ T5364] RDX: 00002000000005c0 RSI: 0000000040946400 RDI: 0000000000000003
[   86.895337][ T5364] RBP: 00007f08e2a11e19 R08: 0000000000000000 R09: 0000000000000000
[   86.899543][ T5364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.903816][ T5364] R13: 00007f08e2bb6038 R14: 00007f08e2bb5fa0 R15: 00007ffe321a1e58
[   86.907483][ T5364]  </TASK>
[   86.909278][ T5364] Kernel Offset: disabled
[   86.911307][ T5364] Rebooting in 86400 seconds..