program:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)
r1 = getpid()
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x4d, 0x0, 0x0, 0x0, 0x0, 0x210e, 0xf4480, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b78, 0x2, @perf_bp={0x0, 0x2}, 0x110104, 0x7, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'das16m1\x00', [0x2f00, 0xfba, 0x2000d09a, 0x2, 0x0, 0xfffffffe, 0x1, 0x6, 0xffe, 0x1, 0xc, 0x1, 0x4, 0x4, 0xffff, 0x6, 0xffffffa7, 0x40000009, 0x832, 0x30000, 0x3ff, 0x9, 0x800, 0xe2df, 0x2, 0x1, 0x5, 0x3, 0x4, 0x5, 0x70f]})

[   74.301644][ T5316] Bluetooth: hci0: command tx timeout
[   74.412022][ T5337] ------------[ cut here ]------------
[   74.414747][ T5337] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/das16m1.c:525:9
[   74.418340][ T5337] shift exponent 4026 is too large for 32-bit type 'int'
[   74.428829][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[   74.428847][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.428856][ T5337] Call Trace:
[   74.428861][ T5337]  <TASK>
[   74.428867][ T5337]  dump_stack_lvl+0x189/0x250
[   74.428971][ T5337]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.428987][ T5337]  ? __pfx__printk+0x10/0x10
[   74.429013][ T5337]  ubsan_epilogue+0xa/0x40
[   74.429028][ T5337]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   74.429080][ T5337]  ? __comedi_request_region+0x74/0x140
[   74.429130][ T5337]  das16m1_attach+0x8ee/0xb20
[   74.429152][ T5337]  comedi_device_attach+0x51d/0x670
[   74.429170][ T5337]  comedi_unlocked_ioctl+0x686/0xf40
[   74.429191][ T5337]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   74.429225][ T5337]  ? __lock_acquire+0xab9/0xd20
[   74.429249][ T5337]  ? __fget_files+0x2a/0x420
[   74.429265][ T5337]  ? __fget_files+0x2a/0x420
[   74.429277][ T5337]  ? __fget_files+0x3a0/0x420
[   74.429291][ T5337]  ? __fget_files+0x2a/0x420
[   74.429306][ T5337]  ? bpf_lsm_file_ioctl+0x9/0x20
[   74.429318][ T5337]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   74.429333][ T5337]  __se_sys_ioctl+0xfc/0x170
[   74.429347][ T5337]  do_syscall_64+0xfa/0x3b0
[   74.429390][ T5337]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.429409][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.429421][ T5337]  ? clear_bhb_loop+0x60/0xb0
[   74.429436][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.429447][ T5337] RIP: 0033:0x7fd1cd98e929
[   74.429458][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.429467][ T5337] RSP: 002b:00007fd1ce7df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   74.429482][ T5337] RAX: ffffffffffffffda RBX: 00007fd1cdbb5fa0 RCX: 00007fd1cd98e929
[   74.429490][ T5337] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
[   74.429499][ T5337] RBP: 00007fd1cda10b39 R08: 0000000000000000 R09: 0000000000000000
[   74.429507][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.429514][ T5337] R13: 0000000000000000 R14: 00007fd1cdbb5fa0 R15: 00007ffde0ac34a8
[   74.429531][ T5337]  </TASK>
[   74.429535][ T5337] ---[ end trace ]---
[   74.541777][ T5337] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[   74.545058][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[   74.550151][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.554898][ T5337] Call Trace:
[   74.556436][ T5337]  <TASK>
[   74.557778][ T5337]  dump_stack_lvl+0x99/0x250
[   74.559943][ T5337]  ? __asan_memcpy+0x40/0x70
[   74.562074][ T5337]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.564529][ T5337]  ? __pfx__printk+0x10/0x10
[   74.566668][ T5337]  panic+0x2db/0x790
[   74.568426][ T5337]  ? __pfx_panic+0x10/0x10
[   74.570484][ T5337]  ? _printk+0xcf/0x120
[   74.572411][ T5337]  ? __pfx__printk+0x10/0x10
[   74.574645][ T5337]  check_panic_on_warn+0x89/0xb0
[   74.577063][ T5337]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   74.580148][ T5337]  ? __comedi_request_region+0x74/0x140
[   74.582545][ T5337]  das16m1_attach+0x8ee/0xb20
[   74.584631][ T5337]  comedi_device_attach+0x51d/0x670
[   74.586980][ T5337]  comedi_unlocked_ioctl+0x686/0xf40
[   74.589314][ T5337]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   74.591952][ T5337]  ? __lock_acquire+0xab9/0xd20
[   74.594142][ T5337]  ? __fget_files+0x2a/0x420
[   74.596328][ T5337]  ? __fget_files+0x2a/0x420
[   74.598638][ T5337]  ? __fget_files+0x3a0/0x420
[   74.600983][ T5337]  ? __fget_files+0x2a/0x420
[   74.603210][ T5337]  ? bpf_lsm_file_ioctl+0x9/0x20
[   74.605351][ T5337]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   74.607854][ T5337]  __se_sys_ioctl+0xfc/0x170
[   74.609857][ T5337]  do_syscall_64+0xfa/0x3b0
[   74.611943][ T5337]  ? lockdep_hardirqs_on+0x9c/0x150
[   74.614228][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.617066][ T5337]  ? clear_bhb_loop+0x60/0xb0
[   74.619271][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.622048][ T5337] RIP: 0033:0x7fd1cd98e929
[   74.624172][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.632515][ T5337] RSP: 002b:00007fd1ce7df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   74.636218][ T5337] RAX: ffffffffffffffda RBX: 00007fd1cdbb5fa0 RCX: 00007fd1cd98e929
[   74.639867][ T5337] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
[   74.643289][ T5337] RBP: 00007fd1cda10b39 R08: 0000000000000000 R09: 0000000000000000
[   74.646814][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.650666][ T5337] R13: 0000000000000000 R14: 00007fd1cdbb5fa0 R15: 00007ffde0ac34a8
[   74.654661][ T5337]  </TASK>
[   74.656482][ T5337] Kernel Offset: disabled
[   74.658395][ T5337] Rebooting in 86400 seconds..