program:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000200)={'pcl726\x00', [0x4f0, 0xfffffffd, 0x2, 0x6, 0x6, 0x8001ff, 0x0, 0x9, 0xdb, 0x7, 0x3, 0x1ff, 0xfffffffe, 0xffffffff, 0x8, 0x0, 0xf060, 0x8, 0xffff0000, 0xffffce75, 0x55, 0x100035, 0x9, 0x1000a7b4, 0x0, 0x4, 0x7, 0x5, 0x4d, 0x9, 0x416]})
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) (async)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000200)={'pcl726\x00', [0x4f0, 0xfffffffd, 0x2, 0x6, 0x6, 0x8001ff, 0x0, 0x9, 0xdb, 0x7, 0x3, 0x1ff, 0xfffffffe, 0xffffffff, 0x8, 0x0, 0xf060, 0x8, 0xffff0000, 0xffffce75, 0x55, 0x100035, 0x9, 0x1000a7b4, 0x0, 0x4, 0x7, 0x5, 0x4d, 0x9, 0x416]}) (async)
[ 84.885558][ T5318] Bluetooth: hci0: command tx timeout
[ 84.946550][ T5339] ------------[ cut here ]------------
[ 84.949041][ T5339] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/pcl726.c:331:46
[ 84.952458][ T5339] shift exponent -3 is negative
[ 84.954610][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full)
[ 84.954622][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 84.954629][ T5339] Call Trace:
[ 84.954652][ T5339]
[ 84.954669][ T5339] dump_stack_lvl+0x189/0x250
[ 84.954747][ T5339] ? __pfx_dump_stack_lvl+0x10/0x10
[ 84.954761][ T5339] ? __pfx__printk+0x10/0x10
[ 84.954786][ T5339] ubsan_epilogue+0xa/0x40
[ 84.954801][ T5339] __ubsan_handle_shift_out_of_bounds+0x386/0x410
[ 84.954847][ T5339] ? __kmalloc_noprof+0x29b/0x4f0
[ 84.954867][ T5339] pcl726_attach+0xac4/0xd50
[ 84.954917][ T5339] comedi_device_attach+0x520/0x670
[ 84.954934][ T5339] comedi_unlocked_ioctl+0x686/0xf40
[ 84.954956][ T5339] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 84.954989][ T5339] ? __lock_acquire+0xab9/0xd20
[ 84.955032][ T5339] ? __fget_files+0x2a/0x420
[ 84.955049][ T5339] ? __fget_files+0x2a/0x420
[ 84.955062][ T5339] ? __fget_files+0x3a0/0x420
[ 84.955075][ T5339] ? __fget_files+0x2a/0x420
[ 84.955091][ T5339] ? bpf_lsm_file_ioctl+0x9/0x20
[ 84.955103][ T5339] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 84.955117][ T5339] __se_sys_ioctl+0xfc/0x170
[ 84.955131][ T5339] do_syscall_64+0xfa/0x3b0
[ 84.955170][ T5339] ? lockdep_hardirqs_on+0x9c/0x150
[ 84.955187][ T5339] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.955198][ T5339] ? clear_bhb_loop+0x60/0xb0
[ 84.955212][ T5339] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 84.955223][ T5339] RIP: 0033:0x7f760c18e929
[ 84.955253][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 84.955263][ T5339] RSP: 002b:00007f760cfbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 84.955275][ T5339] RAX: ffffffffffffffda RBX: 00007f760c3b5fa0 RCX: 00007f760c18e929
[ 84.955283][ T5339] RDX: 0000200000000200 RSI: 0000000040946400 RDI: 0000000000000003
[ 84.955290][ T5339] RBP: 00007f760c210b39 R08: 0000000000000000 R09: 0000000000000000
[ 84.955297][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 84.955303][ T5339] R13: 0000000000000000 R14: 00007f760c3b5fa0 R15: 00007ffde39bc708
[ 84.955320][ T5339]
[ 85.127670][ T5339] ---[ end trace ]---
[ 85.129421][ T5339] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[ 85.132407][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full)
[ 85.137458][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 85.142018][ T5339] Call Trace:
[ 85.143407][ T5339]
[ 85.144657][ T5339] dump_stack_lvl+0x99/0x250
[ 85.146611][ T5339] ? __asan_memcpy+0x40/0x70
[ 85.148553][ T5339] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.150717][ T5339] ? __pfx__printk+0x10/0x10
[ 85.152743][ T5339] panic+0x2db/0x790
[ 85.154471][ T5339] ? __pfx_panic+0x10/0x10
[ 85.156476][ T5339] ? _printk+0xcf/0x120
[ 85.158334][ T5339] ? __pfx__printk+0x10/0x10
[ 85.160342][ T5339] check_panic_on_warn+0x89/0xb0
[ 85.162504][ T5339] __ubsan_handle_shift_out_of_bounds+0x386/0x410
[ 85.165047][ T5339] ? __kmalloc_noprof+0x29b/0x4f0
[ 85.167144][ T5339] pcl726_attach+0xac4/0xd50
[ 85.169095][ T5339] comedi_device_attach+0x520/0x670
[ 85.171375][ T5339] comedi_unlocked_ioctl+0x686/0xf40
[ 85.173523][ T5339] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 85.175899][ T5339] ? __lock_acquire+0xab9/0xd20
[ 85.178728][ T5339] ? __fget_files+0x2a/0x420
[ 85.180781][ T5339] ? __fget_files+0x2a/0x420
[ 85.182765][ T5339] ? __fget_files+0x3a0/0x420
[ 85.184688][ T5339] ? __fget_files+0x2a/0x420
[ 85.186698][ T5339] ? bpf_lsm_file_ioctl+0x9/0x20
[ 85.188782][ T5339] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 85.191296][ T5339] __se_sys_ioctl+0xfc/0x170
[ 85.193235][ T5339] do_syscall_64+0xfa/0x3b0
[ 85.195260][ T5339] ? lockdep_hardirqs_on+0x9c/0x150
[ 85.197455][ T5339] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.200108][ T5339] ? clear_bhb_loop+0x60/0xb0
[ 85.202433][ T5339] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.204975][ T5339] RIP: 0033:0x7f760c18e929
[ 85.206897][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 85.214710][ T5339] RSP: 002b:00007f760cfbf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 85.218134][ T5339] RAX: ffffffffffffffda RBX: 00007f760c3b5fa0 RCX: 00007f760c18e929
[ 85.221641][ T5339] RDX: 0000200000000200 RSI: 0000000040946400 RDI: 0000000000000003
[ 85.225079][ T5339] RBP: 00007f760c210b39 R08: 0000000000000000 R09: 0000000000000000
[ 85.228735][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 85.232290][ T5339] R13: 0000000000000000 R14: 00007f760c3b5fa0 R15: 00007ffde39bc708
[ 85.235623][ T5339]
[ 85.237289][ T5339] Kernel Offset: disabled
[ 85.239318][ T5339] Rebooting in 86400 seconds..