program:
r0 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}}, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f00000000c0)={'aio_iiro_16\x00', [0x4f2b, 0x1000009, 0x2, 0x4, 0x5, 0x6, 0xa, 0x7, 0xa, 0x100, 0x2, 0x80000, 0x1, 0x8, 0x1e, 0x1, 0x0, 0x1a449, 0x3, 0x6, 0x81, 0xcaa7, 0x4, 0x1e58, 0x6, 0x3, 0x3c, 0x8, 0x80000000, 0x0, 0xa38e]})
sendmsg$nl_route(r2, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c000000210001003b0113000000080081"], 0x2c}, 0x1, 0x0, 0x0, 0x4004080}, 0x40008d0)
ioctl$SIOCSIFMTU(r1, 0x8923, &(0x7f0000000140)={'macvtap0\x00', 0x1})
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000400)={{0x1, 0x0, 0x7ffffe, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_START(r5, 0x54a0)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000400)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_START(r6, 0x54a0)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, 0x0, 0x0)
r9 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r9, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r10 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(r10, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000003c80)=ANY=[], 0x12f4}}, 0x0)
recvmsg$unix(r10, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)=""/13, 0xd}, {&(0x7f0000000480)=""/233, 0xe9}], 0x2}, 0x10002)
statx(0xffffffffffffff9c, &(0x7f00000000c0)='\x00', 0x7000, 0x240, &(0x7f0000000200))
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
[ 84.764211][ T5318] Bluetooth: hci0: command tx timeout
[ 84.828926][ T5340] ------------[ cut here ]------------
[ 84.831455][ T5340] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/aio_iiro_16.c:180:9
[ 84.835667][ T5340] shift exponent 16777225 is too large for 32-bit type 'int'
[ 84.892310][ T5341] netlink: 16 bytes leftover after parsing attributes in process `syz.0.0'.
[ 84.920236][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full)
[ 84.920257][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 84.920265][ T5340] Call Trace:
[ 84.920270][ T5340]
[ 84.920276][ T5340] dump_stack_lvl+0x189/0x250
[ 84.920380][ T5340] ? __pfx_dump_stack_lvl+0x10/0x10
[ 84.920394][ T5340] ? __pfx__printk+0x10/0x10
[ 84.920415][ T5340] ? __pfx___request_region_locked+0x10/0x10
[ 84.920435][ T5340] ubsan_epilogue+0xa/0x40
[ 84.920451][ T5340] __ubsan_handle_shift_out_of_bounds+0x386/0x410
[ 84.920505][ T5340] ? __request_region+0xc2/0xe0
[ 84.920524][ T5340] ? comedi_request_region+0x7b/0x180
[ 84.920571][ T5340] aio_iiro_16_attach+0x5e8/0x790
[ 84.920590][ T5340] comedi_device_attach+0x520/0x670
[ 84.920608][ T5340] comedi_unlocked_ioctl+0x686/0xf40
[ 84.920632][ T5340] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 84.920665][ T5340] ? __lock_acquire+0xab9/0xd20
[ 84.920690][ T5340] ? __fget_files+0x2a/0x420
[ 84.920708][ T5340] ? __fget_files+0x2a/0x420
[ 84.920730][ T5340] ? __fget_files+0x3a0/0x420
[ 84.920777][ T5340] ? __fget_files+0x2a/0x420
[ 84.920796][ T5340] ? bpf_lsm_file_ioctl+0x9/0x20
[ 84.920810][ T5340] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 84.920826][ T5340] __se_sys_ioctl+0xfc/0x170
[ 84.920841][ T5340] do_syscall_64+0xfa/0x3b0
[ 84.920888][ T5340] ? lockdep_hardirqs_on+0x9c/0x150
[ 84.920907][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.920919][ T5340] ? clear_bhb_loop+0x60/0xb0
[ 84.920935][ T5340] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.920947][ T5340] RIP: 0033:0x7f66ca78e929
[ 84.920959][ T5340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 84.920968][ T5340] RSP: 002b:00007f66cb6ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 84.920982][ T5340] RAX: ffffffffffffffda RBX: 00007f66ca9b5fa0 RCX: 00007f66ca78e929
[ 84.920990][ T5340] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000006
[ 84.920998][ T5340] RBP: 00007f66ca810b39 R08: 0000000000000000 R09: 0000000000000000
[ 84.921006][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 84.921013][ T5340] R13: 0000000000000000 R14: 00007f66ca9b5fa0 R15: 00007fff5403a518
[ 84.921032][ T5340]
[ 84.921036][ T5340] ---[ end trace ]---
[ 85.044709][ T5346] �: renamed from macvtap0 (while UP)
[ 85.059332][ T5340] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[ 85.062640][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full)
[ 85.067710][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.071778][ T5340] Call Trace:
[ 85.073119][ T5340]
[ 85.074365][ T5340] dump_stack_lvl+0x99/0x250
[ 85.076207][ T5340] ? __asan_memcpy+0x40/0x70
[ 85.077904][ T5340] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.080235][ T5340] ? __pfx__printk+0x10/0x10
[ 85.082265][ T5340] panic+0x2db/0x790
[ 85.083838][ T5340] ? __pfx_panic+0x10/0x10
[ 85.085529][ T5340] ? _printk+0xcf/0x120
[ 85.087107][ T5340] ? __pfx__printk+0x10/0x10
[ 85.089041][ T5340] check_panic_on_warn+0x89/0xb0
[ 85.091365][ T5340] __ubsan_handle_shift_out_of_bounds+0x386/0x410
[ 85.094240][ T5340] ? __request_region+0xc2/0xe0
[ 85.096612][ T5340] ? comedi_request_region+0x7b/0x180
[ 85.099171][ T5340] aio_iiro_16_attach+0x5e8/0x790
[ 85.101505][ T5340] comedi_device_attach+0x520/0x670
[ 85.103705][ T5340] comedi_unlocked_ioctl+0x686/0xf40
[ 85.106094][ T5340] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 85.108721][ T5340] ? __lock_acquire+0xab9/0xd20
[ 85.110863][ T5340] ? __fget_files+0x2a/0x420
[ 85.113000][ T5340] ? __fget_files+0x2a/0x420
[ 85.115043][ T5340] ? __fget_files+0x3a0/0x420
[ 85.117164][ T5340] ? __fget_files+0x2a/0x420
[ 85.119184][ T5340] ? bpf_lsm_file_ioctl+0x9/0x20
[ 85.121465][ T5340] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 85.124030][ T5340] __se_sys_ioctl+0xfc/0x170
[ 85.126086][ T5340] do_syscall_64+0xfa/0x3b0
[ 85.128216][ T5340] ? lockdep_hardirqs_on+0x9c/0x150
[ 85.130593][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.133113][ T5340] ? clear_bhb_loop+0x60/0xb0
[ 85.135267][ T5340] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.137629][ T5340] RIP: 0033:0x7f66ca78e929
[ 85.139582][ T5340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 85.147531][ T5340] RSP: 002b:00007f66cb6ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 85.150928][ T5340] RAX: ffffffffffffffda RBX: 00007f66ca9b5fa0 RCX: 00007f66ca78e929
[ 85.154340][ T5340] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000006
[ 85.157636][ T5340] RBP: 00007f66ca810b39 R08: 0000000000000000 R09: 0000000000000000
[ 85.160974][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 85.164490][ T5340] R13: 0000000000000000 R14: 00007f66ca9b5fa0 R15: 00007fff5403a518
[ 85.167924][ T5340]
[ 85.169687][ T5340] Kernel Offset: disabled
[ 85.171446][ T5340] Rebooting in 86400 seconds..