program:
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'das16m1\x00', [0x2f00, 0x85, 0xd09a, 0x2, 0x0, 0xfffffffe, 0x1, 0x6, 0xffe, 0x1, 0xc, 0x1, 0x4, 0x4, 0xffff, 0x6, 0xffffffa7, 0x40000009, 0x832, 0x30000, 0x3fe, 0x9, 0x800, 0xe2df, 0x2, 0x1, 0x9, 0x3, 0x4, 0x5, 0x70f]})
r1 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000200)="66b9950b00000f32640f01920600baa000ec440f20c066350d000000440f22c0f4f30f5318440f20c066350e000000440f22c0f30fc7b536f2f20f5c060a003e660f38821d", 0x45}], 0x1, 0x20, &(0x7f0000000280)=[@cr4={0x1, 0x10400}], 0x1)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000140)={'comedi_test\x00', [0x9e1, 0x2166, 0x0, 0x100000, 0x88d6, 0x8f, 0xfffffffd, 0x10, 0x2, 0xffffffff, 0x200, 0x8, 0x344, 0x1, 0x7, 0x1, 0x9, 0x3, 0x9, 0xe, 0x100, 0x3, 0x80, 0x7ff, 0x1, 0x1, 0xb0c4, 0x7df, 0x8, 0x7, 0x1]})
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r3, 0x400448ca, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0300000007"], 0x50)
write$sysctl(0xffffffffffffffff, &(0x7f0000000000)='4\x00', 0x2)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r4, &(0x7f0000000000), 0xd)
r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r5, 0x40186f40, &(0x7f0000000440)=0x1f)
openat$cgroup_ro(r5, &(0x7f00000002c0)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0)

[   86.179266][ T5321] Bluetooth: hci0: command tx timeout
[   86.305409][ T5343] ------------[ cut here ]------------
[   86.307865][ T5343] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/das16m1.c:525:9
[   86.348208][ T5343] shift exponent 133 is too large for 32-bit type 'int'
[   86.368412][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) 
[   86.368434][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.368442][ T5343] Call Trace:
[   86.368449][ T5343]  <TASK>
[   86.368455][ T5343]  dump_stack_lvl+0x189/0x250
[   86.368544][ T5343]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.368560][ T5343]  ? __pfx__printk+0x10/0x10
[   86.368589][ T5343]  ubsan_epilogue+0xa/0x40
[   86.368606][ T5343]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   86.368659][ T5343]  ? __comedi_request_region+0x74/0x140
[   86.368700][ T5343]  das16m1_attach+0x8ee/0xb20
[   86.368723][ T5343]  comedi_device_attach+0x520/0x670
[   86.368742][ T5343]  comedi_unlocked_ioctl+0x686/0xf40
[   86.368768][ T5343]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   86.368807][ T5343]  ? __lock_acquire+0xab9/0xd20
[   86.368836][ T5343]  ? __fget_files+0x2a/0x420
[   86.368857][ T5343]  ? __fget_files+0x2a/0x420
[   86.368872][ T5343]  ? __fget_files+0x3a0/0x420
[   86.368887][ T5343]  ? __fget_files+0x2a/0x420
[   86.368906][ T5343]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.368919][ T5343]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   86.368936][ T5343]  __se_sys_ioctl+0xfc/0x170
[   86.368952][ T5343]  do_syscall_64+0xfa/0x3b0
[   86.368991][ T5343]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.369010][ T5343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.369023][ T5343]  ? clear_bhb_loop+0x60/0xb0
[   86.369040][ T5343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.369052][ T5343] RIP: 0033:0x7fbdacf8e929
[   86.369064][ T5343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.369075][ T5343] RSP: 002b:00007fbda93f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.369091][ T5343] RAX: ffffffffffffffda RBX: 00007fbdad1b5fa0 RCX: 00007fbdacf8e929
[   86.369100][ T5343] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
[   86.369109][ T5343] RBP: 00007fbdad010b39 R08: 0000000000000000 R09: 0000000000000000
[   86.369117][ T5343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.369124][ T5343] R13: 0000000000000000 R14: 00007fbdad1b5fa0 R15: 00007ffcb5d8a518
[   86.369145][ T5343]  </TASK>
[   86.369150][ T5343] ---[ end trace ]---
[   86.517419][ T5343] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[   86.520153][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted 6.16.0-rc5-syzkaller-00266-g3f31a806a62e #0 PREEMPT(full) 
[   86.525256][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.530612][ T5343] Call Trace:
[   86.532291][ T5343]  <TASK>
[   86.533564][ T5343]  dump_stack_lvl+0x99/0x250
[   86.535522][ T5343]  ? __asan_memcpy+0x40/0x70
[   86.537541][ T5343]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.540023][ T5343]  ? __pfx__printk+0x10/0x10
[   86.542098][ T5343]  panic+0x2db/0x790
[   86.543801][ T5343]  ? __pfx_panic+0x10/0x10
[   86.546213][ T5343]  ? _printk+0xcf/0x120
[   86.549368][ T5343]  ? __pfx__printk+0x10/0x10
[   86.552159][ T5343]  check_panic_on_warn+0x89/0xb0
[   86.554793][ T5343]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[   86.557466][ T5343]  ? __comedi_request_region+0x74/0x140
[   86.559864][ T5343]  das16m1_attach+0x8ee/0xb20
[   86.561939][ T5343]  comedi_device_attach+0x520/0x670
[   86.564223][ T5343]  comedi_unlocked_ioctl+0x686/0xf40
[   86.566539][ T5343]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   86.569140][ T5343]  ? __lock_acquire+0xab9/0xd20
[   86.571348][ T5343]  ? __fget_files+0x2a/0x420
[   86.573423][ T5343]  ? __fget_files+0x2a/0x420
[   86.575558][ T5343]  ? __fget_files+0x3a0/0x420
[   86.577798][ T5343]  ? __fget_files+0x2a/0x420
[   86.580160][ T5343]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.582456][ T5343]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   86.585050][ T5343]  __se_sys_ioctl+0xfc/0x170
[   86.587129][ T5343]  do_syscall_64+0xfa/0x3b0
[   86.589199][ T5343]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.591516][ T5343]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.594270][ T5343]  ? clear_bhb_loop+0x60/0xb0
[   86.596558][ T5343]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.599526][ T5343] RIP: 0033:0x7fbdacf8e929
[   86.601697][ T5343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.611365][ T5343] RSP: 002b:00007fbda93f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.615493][ T5343] RAX: ffffffffffffffda RBX: 00007fbdad1b5fa0 RCX: 00007fbdacf8e929
[   86.618963][ T5343] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003
[   86.622024][ T5343] RBP: 00007fbdad010b39 R08: 0000000000000000 R09: 0000000000000000
[   86.625148][ T5343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.628635][ T5343] R13: 0000000000000000 R14: 00007fbdad1b5fa0 R15: 00007ffcb5d8a518
[   86.632805][ T5343]  </TASK>
[   86.635071][ T5343] Kernel Offset: disabled
[   86.637500][ T5343] Rebooting in 86400 seconds..