program:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000002, 0xa2071, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
connect$inet6(r1, &(0x7f0000000000)={0x2, 0x0, 0x0, @loopback}, 0x1c)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'das16m1\x00', [0x2f00, 0x1008004, 0xd09a, 0x0, 0x0, 0xfffffffe, 0x1, 0x6, 0xffe, 0x1, 0xc, 0x5, 0xa, 0x4, 0xffff, 0x4, 0xffffffa7, 0x175, 0x832, 0x30000, 0x3ff, 0x7, 0x800, 0xe2df, 0x8, 0x1, 0x9, 0x8, 0x6, 0x4, 0x70d]})
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10)
perf_event_open(&(0x7f00000000c0)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x800000000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000200)={0x2, @raw_data="0286887f299f398f34323250ee5155e1ae7bcc3fbdb064e2b5a54287fecaedfe068fc6d447603a5ea4406685adc9194f0c84cb29ff5413db17f7c7573b717360d80ebda85493109e2c14a3cef705a942c3c1112f2cb290d7936da4c3fae61aaf1bfb5881642a0617da780e10466f5c265049c4e4beeac3eb401e7fdf81d9adba4841418843c31c09b0ca28e0567c2e613357e6ba03216c6a429aa7250ba48db5decc98f004aaaca161dcd524f13b4c8ee6818ede5423dabaf409fb2b8269b349f66e49da47a8aac3"})
getsockopt$inet_mptcp_buf(r2, 0x11c, 0x4, &(0x7f0000000100)=""/211, &(0x7f00000000c0)=0xd3)
ioctl$COMEDI_SETRSUBD(r0, 0x6410)

[   85.022596][ T4689] Bluetooth: hci0: command tx timeout
[   85.092449][ T5344] ------------[ cut here ]------------
[   85.094960][ T5344] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/das16m1.c:525:9
[   85.098697][ T5344] shift exponent 16809988 is too large for 32-bit type 'int'
[   85.178357][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[   85.178378][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.178387][ T5344] Call Trace:
[   85.178392][ T5344]  <TASK>
[   85.178398][ T5344]  dump_stack_lvl+0x189/0x250
[   85.178510][ T5344]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.178529][ T5344]  ? __pfx__printk+0x10/0x10
[   85.178554][ T5344]  ubsan_epilogue+0xa/0x40
[   85.178569][ T5344]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   85.178621][ T5344]  ? __comedi_request_region+0x74/0x140
[   85.178661][ T5344]  das16m1_attach+0x8ee/0xb20
[   85.178684][ T5344]  comedi_device_attach+0x520/0x670
[   85.178701][ T5344]  comedi_unlocked_ioctl+0x686/0xf40
[   85.178721][ T5344]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   85.178755][ T5344]  ? __lock_acquire+0xab9/0xd20
[   85.178793][ T5344]  ? __fget_files+0x2a/0x420
[   85.178812][ T5344]  ? __fget_files+0x2a/0x420
[   85.178827][ T5344]  ? __fget_files+0x3a0/0x420
[   85.178840][ T5344]  ? __fget_files+0x2a/0x420
[   85.178855][ T5344]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.178867][ T5344]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   85.178882][ T5344]  __se_sys_ioctl+0xfc/0x170
[   85.178898][ T5344]  do_syscall_64+0xfa/0x3b0
[   85.178954][ T5344]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.178972][ T5344]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.178984][ T5344]  ? clear_bhb_loop+0x60/0xb0
[   85.178998][ T5344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.179008][ T5344] RIP: 0033:0x7f74b3b8e929
[   85.179020][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.179030][ T5344] RSP: 002b:00007f74b4a76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.179044][ T5344] RAX: ffffffffffffffda RBX: 00007f74b3db5fa0 RCX: 00007f74b3b8e929
[   85.179052][ T5344] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
[   85.179058][ T5344] RBP: 00007f74b3c10b39 R08: 0000000000000000 R09: 0000000000000000
[   85.179065][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.179072][ T5344] R13: 0000000000000000 R14: 00007f74b3db5fa0 R15: 00007ffcaa78f278
[   85.179113][ T5344]  </TASK>
[   85.295234][ T5344] ---[ end trace ]---
[   85.297155][ T5344] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[   85.300350][ T5344] CPU: 0 UID: 0 PID: 5344 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[   85.305283][ T5344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.309887][ T5344] Call Trace:
[   85.311410][ T5344]  <TASK>
[   85.312728][ T5344]  dump_stack_lvl+0x99/0x250
[   85.314873][ T5344]  ? __asan_memcpy+0x40/0x70
[   85.316808][ T5344]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.319084][ T5344]  ? __pfx__printk+0x10/0x10
[   85.321561][ T5344]  panic+0x2db/0x790
[   85.323628][ T5344]  ? __pfx_panic+0x10/0x10
[   85.325569][ T5344]  ? _printk+0xcf/0x120
[   85.327448][ T5344]  ? __pfx__printk+0x10/0x10
[   85.329418][ T5344]  check_panic_on_warn+0x89/0xb0
[   85.331497][ T5344]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   85.334271][ T5344]  ? __comedi_request_region+0x74/0x140
[   85.336592][ T5344]  das16m1_attach+0x8ee/0xb20
[   85.338540][ T5344]  comedi_device_attach+0x520/0x670
[   85.340727][ T5344]  comedi_unlocked_ioctl+0x686/0xf40
[   85.343020][ T5344]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   85.349389][ T5344]  ? __lock_acquire+0xab9/0xd20
[   85.351567][ T5344]  ? __fget_files+0x2a/0x420
[   85.353647][ T5344]  ? __fget_files+0x2a/0x420
[   85.355811][ T5344]  ? __fget_files+0x3a0/0x420
[   85.357788][ T5344]  ? __fget_files+0x2a/0x420
[   85.359793][ T5344]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.361944][ T5344]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   85.364434][ T5344]  __se_sys_ioctl+0xfc/0x170
[   85.366600][ T5344]  do_syscall_64+0xfa/0x3b0
[   85.368673][ T5344]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.371034][ T5344]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.373553][ T5344]  ? clear_bhb_loop+0x60/0xb0
[   85.375591][ T5344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.378020][ T5344] RIP: 0033:0x7f74b3b8e929
[   85.379922][ T5344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.388061][ T5344] RSP: 002b:00007f74b4a76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.391614][ T5344] RAX: ffffffffffffffda RBX: 00007f74b3db5fa0 RCX: 00007f74b3b8e929
[   85.394880][ T5344] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
[   85.398294][ T5344] RBP: 00007f74b3c10b39 R08: 0000000000000000 R09: 0000000000000000
[   85.402434][ T5344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.406336][ T5344] R13: 0000000000000000 R14: 00007f74b3db5fa0 R15: 00007ffcaa78f278
[   85.409808][ T5344]  </TASK>
[   85.411487][ T5344] Kernel Offset: disabled
[   85.413347][ T5344] Rebooting in 86400 seconds..