program:
unshare(0x2a060400) (async, rerun: 64)
r0 = semget$private(0x0, 0x4, 0x7f5) (rerun: 64)
semtimedop(r0, &(0x7f000009df40)=[{0x1, 0x80, 0x1800}], 0x1, 0x0) (async, rerun: 64)
unshare(0xc040400) (rerun: 64)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0xf0)
ioctl$SIOCAX25NOUID(r1, 0x89e3, &(0x7f0000000000)=0x1) (async, rerun: 64)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) (async, rerun: 64)
bind$ax25(r1, &(0x7f0000000340)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x1}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}, 0x48)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000180)={'rti802\x00', [0x4f27, 0x5, 0x10000, 0x30, 0x67, 0x4c7, 0x7, 0x8000, 0xa, 0x104, 0xffffffff, 0x1, 0xffffffff, 0x1, 0x4, 0x7, 0x5, 0x1a449, 0x3, 0x404, 0x2086, 0x24, 0x84000000, 0x20001e5c, 0x7ffe, 0x8002, 0x3c, 0x1, 0x6, 0x0, 0x1000000]}) (async, rerun: 32)
ioctl$COMEDI_RANGEINFO(r2, 0x80106408, &(0x7f0000000040)={0x1}) (async, rerun: 32)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="3000000010000108000000000300000000000000", @ANYRES32=0x0, @ANYBLOB="0000aee64f5898ee7aa804004400000008001b0000000000"], 0x30}}, 0x0) (async)
r4 = socket$inet(0x2, 0x3, 0x6)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) (async)
sendmsg$inet(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000380)="55cf312d65f34ebd081dc0a58856778e9cc0910908ea69943bc5e4b74338ca2b7cc3d12effa25e04e9e6c0c48307b6cda210f15d82c500327610c61478440b592bf3d9705a00618d6e22352c2c69ef2571c3638a90f684014a5d3e021b476ce196270a81bc1e982f863779492826f88f74971315d7206752f71256b0cca41095063187908b8b848a3f496be5ace5d18c8d67a590c8", 0x95}], 0x1, 0x0, 0x0, 0x10000000}, 0x52c8)
open(&(0x7f0000000000)='./file0\x00', 0x200c01, 0xa8)

[   75.668082][ T5338] Bluetooth: hci0: command tx timeout
[   75.783445][ T5359] ------------[ cut here ]------------
[   75.785260][ T5359] ida_free called for id=1243 which is not allocated.
[   75.788332][ T5359] WARNING: CPU: 0 PID: 5359 at lib/idr.c:592 ida_free+0x280/0x310
[   75.792314][ T5359] Modules linked in:
[   75.794423][ T5359] CPU: 0 UID: 0 PID: 5359 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.797826][ T5359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.802162][ T5359] RIP: 0010:ida_free+0x280/0x310
[   75.804629][ T5359] Code: 00 00 00 00 fc ff df 48 8b 5c 24 10 48 8b 7c 24 40 48 89 de e8 d1 8a 0c 00 90 48 c7 c7 20 1b db 8c 44 89 fe e8 11 f7 0f f6 90 <0f> 0b 90 90 eb 34 e8 a5 7c 4c f6 49 bd 00 00 00 00 00 fc ff df eb
[   75.813324][ T5359] RSP: 0018:ffffc9000d357880 EFLAGS: 00010246
[   75.815983][ T5359] RAX: e0149634e8e65200 RBX: 0000000000000a06 RCX: ffff8880335c0000
[   75.819465][ T5359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   75.822938][ T5359] RBP: ffffc9000d357968 R08: ffff88801fc24293 R09: 1ffff11003f84852
[   75.826522][ T5359] R10: dffffc0000000000 R11: ffffed1003f84853 R12: 1ffff92001a6af14
[   75.829825][ T5359] R13: dffffc0000000000 R14: ffff88804312b400 R15: 00000000000004db
[   75.833410][ T5359] FS:  0000000000000000(0000) GS:ffff88808d001000(0000) knlGS:0000000000000000
[   75.837197][ T5359] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.840045][ T5359] CR2: 0000000000000000 CR3: 0000000043240000 CR4: 0000000000352ef0
[   75.843553][ T5359] Call Trace:
[   75.845088][ T5359]  <TASK>
[   75.846413][ T5359]  ? __pfx_ida_free+0x10/0x10
[   75.848369][ T5359]  ? namespace_unlock+0x486/0x760
[   75.850593][ T5359]  free_mnt_ns+0x52/0xe0
[   75.852830][ T5359]  namespace_unlock+0x529/0x760
[   75.855139][ T5359]  ? __pfx_namespace_unlock+0x10/0x10
[   75.857496][ T5359]  ? free_nsproxy+0x3e/0x350
[   75.859522][ T5359]  free_nsproxy+0x3e/0x350
[   75.861422][ T5359]  do_exit+0x6b0/0x2300
[   75.863377][ T5359]  ? do_raw_spin_lock+0x121/0x290
[   75.865472][ T5359]  ? __pfx_do_exit+0x10/0x10
[   75.867429][ T5359]  do_group_exit+0x21c/0x2d0
[   75.869292][ T5359]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.871366][ T5359]  get_signal+0x1286/0x1340
[   75.873347][ T5359]  arch_do_signal_or_restart+0x9a/0x750
[   75.875404][ T5359]  ? unshare_nsproxy_namespaces+0x145/0x170
[   75.877545][ T5359]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   75.880175][ T5359]  ? ksys_unshare+0x7b7/0x8c0
[   75.882299][ T5359]  ? exit_to_user_mode_loop+0x40/0x110
[   75.884578][ T5359]  exit_to_user_mode_loop+0x75/0x110
[   75.886823][ T5359]  do_syscall_64+0x2bd/0x3b0
[   75.888800][ T5359]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.890956][ T5359]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.893642][ T5359]  ? clear_bhb_loop+0x60/0xb0
[   75.895718][ T5359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.898338][ T5359] RIP: 0033:0x7f3db118eec9
[   75.900363][ T5359] Code: Unable to access opcode bytes at 0x7f3db118ee9f.
[   75.903462][ T5359] RSP: 002b:00007f3db1f6f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[   75.907321][ T5359] RAX: fffffffffffffff4 RBX: 00007f3db13e5fa0 RCX: 00007f3db118eec9
[   75.910496][ T5359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002a060400
[   75.914261][ T5359] RBP: 00007f3db1211f91 R08: 0000000000000000 R09: 0000000000000000
[   75.917703][ T5359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.921032][ T5359] R13: 00007f3db13e6038 R14: 00007f3db13e5fa0 R15: 00007ffedbf49eb8
[   75.924573][ T5359]  </TASK>
[   75.926007][ T5359] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   75.929157][ T5359] CPU: 0 UID: 0 PID: 5359 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.933055][ T5359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.937388][ T5359] Call Trace:
[   75.938846][ T5359]  <TASK>
[   75.940048][ T5359]  dump_stack_lvl+0x99/0x250
[   75.941876][ T5359]  ? __asan_memcpy+0x40/0x70
[   75.943856][ T5359]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.945931][ T5359]  ? __pfx__printk+0x10/0x10
[   75.947994][ T5359]  vpanic+0x281/0x750
[   75.949775][ T5359]  ? __pfx__printk+0x10/0x10
[   75.951803][ T5359]  ? __pfx_vpanic+0x10/0x10
[   75.953716][ T5359]  ? is_bpf_text_address+0x26/0x2b0
[   75.955865][ T5359]  panic+0xb9/0xc0
[   75.957462][ T5359]  ? __pfx_panic+0x10/0x10
[   75.959449][ T5359]  __warn+0x31b/0x4b0
[   75.961180][ T5359]  ? ida_free+0x280/0x310
[   75.963003][ T5359]  ? ida_free+0x280/0x310
[   75.964680][ T5359]  report_bug+0x2be/0x4f0
[   75.966413][ T5359]  ? ida_free+0x280/0x310
[   75.968274][ T5359]  ? ida_free+0x280/0x310
[   75.970111][ T5359]  ? ida_free+0x282/0x310
[   75.971869][ T5359]  handle_bug+0x84/0x160
[   75.973575][ T5359]  exc_invalid_op+0x1a/0x50
[   75.975269][ T5359]  asm_exc_invalid_op+0x1a/0x20
[   75.977349][ T5359] RIP: 0010:ida_free+0x280/0x310
[   75.979442][ T5359] Code: 00 00 00 00 fc ff df 48 8b 5c 24 10 48 8b 7c 24 40 48 89 de e8 d1 8a 0c 00 90 48 c7 c7 20 1b db 8c 44 89 fe e8 11 f7 0f f6 90 <0f> 0b 90 90 eb 34 e8 a5 7c 4c f6 49 bd 00 00 00 00 00 fc ff df eb
[   75.987212][ T5359] RSP: 0018:ffffc9000d357880 EFLAGS: 00010246
[   75.989817][ T5359] RAX: e0149634e8e65200 RBX: 0000000000000a06 RCX: ffff8880335c0000
[   75.993154][ T5359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   75.996468][ T5359] RBP: ffffc9000d357968 R08: ffff88801fc24293 R09: 1ffff11003f84852
[   75.999943][ T5359] R10: dffffc0000000000 R11: ffffed1003f84853 R12: 1ffff92001a6af14
[   76.003286][ T5359] R13: dffffc0000000000 R14: ffff88804312b400 R15: 00000000000004db
[   76.006591][ T5359]  ? __pfx_ida_free+0x10/0x10
[   76.008617][ T5359]  ? namespace_unlock+0x486/0x760
[   76.010815][ T5359]  free_mnt_ns+0x52/0xe0
[   76.012619][ T5359]  namespace_unlock+0x529/0x760
[   76.014711][ T5359]  ? __pfx_namespace_unlock+0x10/0x10
[   76.016885][ T5359]  ? free_nsproxy+0x3e/0x350
[   76.018950][ T5359]  free_nsproxy+0x3e/0x350
[   76.021223][ T5359]  do_exit+0x6b0/0x2300
[   76.023426][ T5359]  ? do_raw_spin_lock+0x121/0x290
[   76.026118][ T5359]  ? __pfx_do_exit+0x10/0x10
[   76.028539][ T5359]  do_group_exit+0x21c/0x2d0
[   76.031048][ T5359]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.033766][ T5359]  get_signal+0x1286/0x1340
[   76.036217][ T5359]  arch_do_signal_or_restart+0x9a/0x750
[   76.039255][ T5359]  ? unshare_nsproxy_namespaces+0x145/0x170
[   76.042368][ T5359]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   76.045547][ T5359]  ? ksys_unshare+0x7b7/0x8c0
[   76.048058][ T5359]  ? exit_to_user_mode_loop+0x40/0x110
[   76.050801][ T5359]  exit_to_user_mode_loop+0x75/0x110
[   76.052948][ T5359]  do_syscall_64+0x2bd/0x3b0
[   76.055010][ T5359]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.057262][ T5359]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.059942][ T5359]  ? clear_bhb_loop+0x60/0xb0
[   76.061983][ T5359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.064386][ T5359] RIP: 0033:0x7f3db118eec9
[   76.066248][ T5359] Code: Unable to access opcode bytes at 0x7f3db118ee9f.
[   76.069165][ T5359] RSP: 002b:00007f3db1f6f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[   76.072513][ T5359] RAX: fffffffffffffff4 RBX: 00007f3db13e5fa0 RCX: 00007f3db118eec9
[   76.075895][ T5359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002a060400
[   76.079280][ T5359] RBP: 00007f3db1211f91 R08: 0000000000000000 R09: 0000000000000000
[   76.082650][ T5359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.085735][ T5359] R13: 00007f3db13e6038 R14: 00007f3db13e5fa0 R15: 00007ffedbf49eb8
[   76.088780][ T5359]  </TASK>
[   76.090323][ T5359] Kernel Offset: disabled
[   76.092160][ T5359] Rebooting in 86400 seconds..