program:
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'aio_iiro_16\x00', [0x4f27, 0x20, 0x4, 0x4, 0x5, 0x6, 0x6, 0x7, 0xa, 0x100, 0x2, 0x80000, 0x1, 0x8, 0x1e, 0x1, 0x0, 0x1a449, 0x3, 0x6, 0x81, 0xcaa7, 0x4, 0x1e58, 0xb, 0x3, 0x3c, 0x8, 0x80000000, 0x0, 0x5]})
[ 68.414895][ T5319] Bluetooth: hci0: command tx timeout
[ 68.455717][ T5338] ------------[ cut here ]------------
[ 68.458532][ T5338] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/aio_iiro_16.c:180:9
[ 68.496022][ T5338] shift exponent 32 is too large for 32-bit type 'int'
[ 68.499473][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full)
[ 68.499493][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 68.499501][ T5338] Call Trace:
[ 68.499510][ T5338]
[ 68.499517][ T5338] dump_stack_lvl+0x189/0x250
[ 68.499626][ T5338] ? __pfx_dump_stack_lvl+0x10/0x10
[ 68.499644][ T5338] ? __pfx__printk+0x10/0x10
[ 68.499663][ T5338] ? __pfx___request_region_locked+0x10/0x10
[ 68.499682][ T5338] ubsan_epilogue+0xa/0x40
[ 68.499697][ T5338] __ubsan_handle_shift_out_of_bounds+0x386/0x410
[ 68.499751][ T5338] ? __request_region+0xc2/0xe0
[ 68.499771][ T5338] ? comedi_request_region+0x7b/0x180
[ 68.499817][ T5338] aio_iiro_16_attach+0x5e8/0x790
[ 68.499839][ T5338] comedi_device_attach+0x520/0x670
[ 68.499856][ T5338] comedi_unlocked_ioctl+0x686/0xf40
[ 68.499880][ T5338] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 68.499940][ T5338] ? __lock_acquire+0xab9/0xd20
[ 68.499970][ T5338] ? __fget_files+0x2a/0x420
[ 68.499988][ T5338] ? __fget_files+0x2a/0x420
[ 68.500000][ T5338] ? __fget_files+0x3a0/0x420
[ 68.500008][ T5338] ? __fget_files+0x2a/0x420
[ 68.500017][ T5338] ? bpf_lsm_file_ioctl+0x9/0x20
[ 68.500025][ T5338] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 68.500036][ T5338] __se_sys_ioctl+0xfc/0x170
[ 68.500048][ T5338] do_syscall_64+0xfa/0x3b0
[ 68.500092][ T5338] ? lockdep_hardirqs_on+0x9c/0x150
[ 68.500102][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.500117][ T5338] ? clear_bhb_loop+0x60/0xb0
[ 68.500132][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.500143][ T5338] RIP: 0033:0x7f0a1f58e929
[ 68.500158][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 68.500167][ T5338] RSP: 002b:00007f0a20336038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 68.500179][ T5338] RAX: ffffffffffffffda RBX: 00007f0a1f7b5fa0 RCX: 00007f0a1f58e929
[ 68.500188][ T5338] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000003
[ 68.500195][ T5338] RBP: 00007f0a1f610b39 R08: 0000000000000000 R09: 0000000000000000
[ 68.500202][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 68.500209][ T5338] R13: 0000000000000000 R14: 00007f0a1f7b5fa0 R15: 00007ffdab716358
[ 68.500227][ T5338]
[ 68.500231][ T5338] ---[ end trace ]---
[ 68.627864][ T5338] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[ 68.631130][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full)
[ 68.635895][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 68.640390][ T5338] Call Trace:
[ 68.641901][ T5338]
[ 68.643163][ T5338] dump_stack_lvl+0x99/0x250
[ 68.645123][ T5338] ? __asan_memcpy+0x40/0x70
[ 68.647070][ T5338] ? __pfx_dump_stack_lvl+0x10/0x10
[ 68.649258][ T5338] ? __pfx__printk+0x10/0x10
[ 68.651291][ T5338] panic+0x2db/0x790
[ 68.652976][ T5338] ? __pfx_panic+0x10/0x10
[ 68.654932][ T5338] ? _printk+0xcf/0x120
[ 68.656808][ T5338] ? __pfx__printk+0x10/0x10
[ 68.658732][ T5338] check_panic_on_warn+0x89/0xb0
[ 68.660844][ T5338] __ubsan_handle_shift_out_of_bounds+0x386/0x410
[ 68.663667][ T5338] ? __request_region+0xc2/0xe0
[ 68.665935][ T5338] ? comedi_request_region+0x7b/0x180
[ 68.668353][ T5338] aio_iiro_16_attach+0x5e8/0x790
[ 68.670561][ T5338] comedi_device_attach+0x520/0x670
[ 68.672815][ T5338] comedi_unlocked_ioctl+0x686/0xf40
[ 68.675164][ T5338] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 68.677700][ T5338] ? __lock_acquire+0xab9/0xd20
[ 68.679835][ T5338] ? __fget_files+0x2a/0x420
[ 68.681985][ T5338] ? __fget_files+0x2a/0x420
[ 68.684398][ T5338] ? __fget_files+0x3a0/0x420
[ 68.687076][ T5338] ? __fget_files+0x2a/0x420
[ 68.689362][ T5338] ? bpf_lsm_file_ioctl+0x9/0x20
[ 68.691682][ T5338] ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 68.694182][ T5338] __se_sys_ioctl+0xfc/0x170
[ 68.696018][ T5338] do_syscall_64+0xfa/0x3b0
[ 68.697784][ T5338] ? lockdep_hardirqs_on+0x9c/0x150
[ 68.699988][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.702786][ T5338] ? clear_bhb_loop+0x60/0xb0
[ 68.705238][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 68.708195][ T5338] RIP: 0033:0x7f0a1f58e929
[ 68.710488][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 68.719048][ T5338] RSP: 002b:00007f0a20336038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 68.723018][ T5338] RAX: ffffffffffffffda RBX: 00007f0a1f7b5fa0 RCX: 00007f0a1f58e929
[ 68.726745][ T5338] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000003
[ 68.730159][ T5338] RBP: 00007f0a1f610b39 R08: 0000000000000000 R09: 0000000000000000
[ 68.733622][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 68.737201][ T5338] R13: 0000000000000000 R14: 00007f0a1f7b5fa0 R15: 00007ffdab716358
[ 68.740665][ T5338]
[ 68.742547][ T5338] Kernel Offset: disabled
[ 68.744569][ T5338] Rebooting in 86400 seconds..