last executing test programs:

596.9247ms ago: executing program 3 (id=83):
syz_init_net_socket$ax25(0x3, 0x2, 0x0)

564.3713ms ago: executing program 3 (id=86):
prlimit64(0x0, 0x0, 0x0, 0x0)

482.40706ms ago: executing program 3 (id=87):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0', 0x2, 0x0)

482.203348ms ago: executing program 3 (id=89):
umount2(&(0x7f0000000000), 0x0)

386.379928ms ago: executing program 3 (id=92):
set_tid_address(&(0x7f0000000000))

381.648952ms ago: executing program 3 (id=96):
syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$evdev(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$evdev(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$evdev(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$evdev(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$evdev(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$evdev(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$evdev(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$evdev(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$evdev(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$evdev(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$evdev(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$evdev(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$evdev(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$evdev(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$evdev(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$evdev(&(0x7f0000000500), 0x4, 0x800)

306.259135ms ago: executing program 1 (id=101):
mq_open(&(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000))

258.324595ms ago: executing program 1 (id=104):
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)

241.801044ms ago: executing program 1 (id=106):
file_setattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0)

170.569324ms ago: executing program 0 (id=108):
lsm_get_self_attr(0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0)

170.278854ms ago: executing program 1 (id=110):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyprintk', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyprintk', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyprintk', 0x800, 0x0)

170.068793ms ago: executing program 0 (id=112):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tty', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty', 0x800, 0x0)

152.449076ms ago: executing program 1 (id=113):
socket(0x1, 0x1, 0x0)

149.382856ms ago: executing program 0 (id=114):
socket$inet_mptcp(0x2, 0x1, 0x106)

106.50716ms ago: executing program 2 (id=115):
mlockall(0x0)

106.298332ms ago: executing program 2 (id=116):
setgid(0x0)

106.086619ms ago: executing program 0 (id=117):
fspick(0xffffffffffffffff, &(0x7f0000000000), 0x0)

104.291624ms ago: executing program 1 (id=118):
syz_open_dev$dvb_dvr(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$dvb_dvr(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$dvb_dvr(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$dvb_dvr(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$dvb_dvr(&(0x7f0000000140), 0xa, 0x0)
syz_open_dev$dvb_dvr(&(0x7f0000000180), 0xa, 0x1)
syz_open_dev$dvb_dvr(&(0x7f00000001c0), 0xa, 0x2)
syz_open_dev$dvb_dvr(&(0x7f0000000200), 0xa, 0x800)
syz_open_dev$dvb_dvr(&(0x7f0000000240), 0x14, 0x0)
syz_open_dev$dvb_dvr(&(0x7f0000000280), 0x14, 0x1)
syz_open_dev$dvb_dvr(&(0x7f00000002c0), 0x14, 0x2)
syz_open_dev$dvb_dvr(&(0x7f0000000300), 0x14, 0x800)
syz_open_dev$dvb_dvr(&(0x7f0000000340), 0x1e, 0x0)
syz_open_dev$dvb_dvr(&(0x7f0000000380), 0x1e, 0x1)
syz_open_dev$dvb_dvr(&(0x7f00000003c0), 0x1e, 0x2)
syz_open_dev$dvb_dvr(&(0x7f0000000400), 0x1e, 0x800)
syz_open_dev$dvb_dvr(&(0x7f0000000440), 0x28, 0x0)
syz_open_dev$dvb_dvr(&(0x7f0000000480), 0x28, 0x1)
syz_open_dev$dvb_dvr(&(0x7f00000004c0), 0x28, 0x2)
syz_open_dev$dvb_dvr(&(0x7f0000000500), 0x28, 0x800)

102.171364ms ago: executing program 2 (id=119):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ubi_ctrl', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ubi_ctrl', 0x800, 0x0)

88.199607ms ago: executing program 2 (id=120):
socket$rxrpc(0x21, 0x2, 0x0)

15.563881ms ago: executing program 0 (id=121):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/lightnvm/control', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/lightnvm/control', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/lightnvm/control', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/lightnvm/control', 0x800, 0x0)

15.326866ms ago: executing program 2 (id=122):
setresgid(0x0, 0x0, 0x0)

7.136111ms ago: executing program 0 (id=123):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse', 0x2, 0x0)

0s ago: executing program 2 (id=124):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer', 0x800, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.41' (ED25519) to the list of known hosts.
[   70.088243][ T5808] cgroup: Unknown subsys name 'net'
[   70.325781][ T5808] cgroup: Unknown subsys name 'cpuset'
[   70.382109][ T5808] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   71.513517][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[   71.520060][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[   72.036390][ T5808] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   81.859564][  T821] cfg80211: failed to load regulatory.db
[   82.229967][ T5914] mmap: syz.2.80 (5914) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   82.877270][ T5957] ------------[ cut here ]------------
[   82.877282][ T5957] fud->pq.processing
[   82.877296][ T5957] WARNING: fs/fuse/dev.c:482 at fuse_dev_install_with_pq+0x23b/0x270, CPU#1: syz.0.123/5957
[   82.877956][ T5957] Modules linked in:
[   82.877996][ T5957] CPU: 1 UID: 0 PID: 5957 Comm: syz.0.123 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[   82.878016][ T5957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[   82.878034][ T5957] RIP: 0010:fuse_dev_install_with_pq+0x23b/0x270
[   82.878060][ T5957] Code: 85 6d fe ff ff e8 55 84 84 fe 4d 85 ed 0f 94 c0 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 36 84 84 fe 90 <0f> 0b 90 41 80 3c 2e 00 0f 85 8a fe ff ff e9 8d fe ff ff 44 89 f1
[   82.878079][ T5957] RSP: 0018:ffffc900051d7660 EFLAGS: 00010293
[   82.878095][ T5957] RAX: ffffffff83406a0a RBX: ffff88803d437000 RCX: ffff888029878000
[   82.878108][ T5957] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   82.878119][ T5957] RBP: dffffc0000000000 R08: ffff88802af9020f R09: 1ffff110055f2041
[   82.878132][ T5957] R10: dffffc0000000000 R11: ffffed10055f2042 R12: ffff88803d49c000
[   82.878145][ T5957] R13: ffff88802af90298 R14: 1ffff110055f2053 R15: ffff88802af90200
[   82.878158][ T5957] FS:  000055558ff28500(0000) GS:ffff888125b67000(0000) knlGS:0000000000000000
[   82.878174][ T5957] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   82.878186][ T5957] CR2: 00007f5db31aba40 CR3: 000000003fe28000 CR4: 00000000003526f0
[   82.878206][ T5957] Call Trace:
[   82.878213][ T5957]  <TASK>
[   82.878226][ T5957]  fuse_dev_alloc_install+0x61/0x80
[   82.878251][ T5957]  cuse_channel_open+0x124/0x7b0
[   82.878275][ T5957]  ? __pfx_cuse_channel_open+0x10/0x10
[   82.878292][ T5957]  misc_open+0x2de/0x350
[   82.878318][ T5957]  chrdev_open+0x4d0/0x5f0
[   82.878339][ T5957]  ? __pfx_chrdev_open+0x10/0x10
[   82.878357][ T5957]  ? fsnotify_open_perm_and_set_mode+0x13b/0x6e0
[   82.878386][ T5957]  ? __pfx_chrdev_open+0x10/0x10
[   82.878403][ T5957]  do_dentry_open+0x83d/0x13e0
[   82.878434][ T5957]  vfs_open+0x3b/0x350
[   82.878451][ T5957]  ? path_openat+0x2e2b/0x38a0
[   82.878476][ T5957]  path_openat+0x2e43/0x38a0
[   82.878533][ T5957]  ? __pfx_path_openat+0x10/0x10
[   82.878559][ T5957]  ? kasan_save_track+0x4f/0x80
[   82.878578][ T5957]  ? kasan_save_track+0x3e/0x80
[   82.878597][ T5957]  ? __kasan_slab_alloc+0x6c/0x80
[   82.878617][ T5957]  ? kmem_cache_alloc_noprof+0x33b/0x680
[   82.878646][ T5957]  ? do_raw_spin_lock+0x12b/0x2f0
[   82.878672][ T5957]  do_file_open+0x23e/0x4a0
[   82.878693][ T5957]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   82.878722][ T5957]  ? __pfx_do_file_open+0x10/0x10
[   82.878742][ T5957]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[   82.878785][ T5957]  ? alloc_fd+0x64e/0x6c0
[   82.878818][ T5957]  do_sys_openat2+0x113/0x200
[   82.878841][ T5957]  ? __pfx_do_sys_openat2+0x10/0x10
[   82.878862][ T5957]  ? exc_page_fault+0x6a/0xc0
[   82.878891][ T5957]  ? do_user_addr_fault+0xc6f/0x1340
[   82.878913][ T5957]  __x64_sys_openat+0x138/0x170
[   82.878937][ T5957]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.878956][ T5957]  do_syscall_64+0x15f/0xf80
[   82.878979][ T5957]  ? trace_irq_disable+0x3b/0x140
[   82.879000][ T5957]  ? clear_bhb_loop+0x40/0x90
[   82.879029][ T5957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.879046][ T5957] RIP: 0033:0x7f5db321c819
[   82.879068][ T5957] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   82.879081][ T5957] RSP: 002b:00007ffdf0b37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   82.879099][ T5957] RAX: ffffffffffffffda RBX: 00007f5db3495fa0 RCX: 00007f5db321c819
[   82.879112][ T5957] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c
[   82.879123][ T5957] RBP: 00007f5db32b2c91 R08: 0000000000000000 R09: 0000000000000000
[   82.879133][ T5957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   82.879143][ T5957] R13: 00007f5db3495fac R14: 00007f5db3495fa0 R15: 00007f5db3495fa0
[   82.879172][ T5957]  </TASK>
[   82.879182][ T5957] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   82.879196][ T5957] CPU: 1 UID: 0 PID: 5957 Comm: syz.0.123 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[   82.879215][ T5957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[   82.879225][ T5957] Call Trace:
[   82.879232][ T5957]  <TASK>
[   82.879239][ T5957]  vpanic+0x56c/0xa60
[   82.879262][ T5957]  ? __pfx__printk+0x10/0x10
[   82.879286][ T5957]  ? __pfx_vpanic+0x10/0x10
[   82.879304][ T5957]  ? is_bpf_text_address+0x292/0x2b0
[   82.879325][ T5957]  ? is_bpf_text_address+0x26/0x2b0
[   82.879354][ T5957]  panic+0xc5/0xd0
[   82.879375][ T5957]  ? __pfx_panic+0x10/0x10
[   82.879410][ T5957]  __warn+0x315/0x4c0
[   82.879430][ T5957]  ? fuse_dev_install_with_pq+0x23b/0x270
[   82.879452][ T5957]  ? fuse_dev_install_with_pq+0x23b/0x270
[   82.879476][ T5957]  __report_bug+0x29a/0x540
[   82.879503][ T5957]  ? fuse_dev_install_with_pq+0x23b/0x270
[   82.879527][ T5957]  ? __pfx___report_bug+0x10/0x10
[   82.879552][ T5957]  ? __pfx_rtlock_slowlock_locked+0x10/0x10
[   82.879577][ T5957]  ? rt_spin_lock+0x1e0/0x400
[   82.879596][ T5957]  ? rt_spin_lock+0x1e0/0x400
[   82.879618][ T5957]  ? fuse_dev_install_with_pq+0x23b/0x270
[   82.879642][ T5957]  report_bug+0x16a/0x220
[   82.879664][ T5957]  ? fuse_dev_install_with_pq+0x23b/0x270
[   82.879686][ T5957]  ? fuse_dev_install_with_pq+0x23d/0x270
[   82.879708][ T5957]  handle_bug+0x9c/0x200
[   82.879727][ T5957]  exc_invalid_op+0x1a/0x50
[   82.879746][ T5957]  asm_exc_invalid_op+0x1a/0x20
[   82.879761][ T5957] RIP: 0010:fuse_dev_install_with_pq+0x23b/0x270
[   82.879790][ T5957] Code: 85 6d fe ff ff e8 55 84 84 fe 4d 85 ed 0f 94 c0 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 36 84 84 fe 90 <0f> 0b 90 41 80 3c 2e 00 0f 85 8a fe ff ff e9 8d fe ff ff 44 89 f1
[   82.879803][ T5957] RSP: 0018:ffffc900051d7660 EFLAGS: 00010293
[   82.879817][ T5957] RAX: ffffffff83406a0a RBX: ffff88803d437000 RCX: ffff888029878000
[   82.879830][ T5957] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   82.879841][ T5957] RBP: dffffc0000000000 R08: ffff88802af9020f R09: 1ffff110055f2041
[   82.879853][ T5957] R10: dffffc0000000000 R11: ffffed10055f2042 R12: ffff88803d49c000
[   82.879866][ T5957] R13: ffff88802af90298 R14: 1ffff110055f2053 R15: ffff88802af90200
[   82.879886][ T5957]  ? fuse_dev_install_with_pq+0x23a/0x270
[   82.879920][ T5957]  fuse_dev_alloc_install+0x61/0x80
[   82.879943][ T5957]  cuse_channel_open+0x124/0x7b0
[   82.879965][ T5957]  ? __pfx_cuse_channel_open+0x10/0x10
[   82.879982][ T5957]  misc_open+0x2de/0x350
[   82.880006][ T5957]  chrdev_open+0x4d0/0x5f0
[   82.880032][ T5957]  ? __pfx_chrdev_open+0x10/0x10
[   82.880049][ T5957]  ? fsnotify_open_perm_and_set_mode+0x13b/0x6e0
[   82.880077][ T5957]  ? __pfx_chrdev_open+0x10/0x10
[   82.880094][ T5957]  do_dentry_open+0x83d/0x13e0
[   82.880123][ T5957]  vfs_open+0x3b/0x350
[   82.880139][ T5957]  ? path_openat+0x2e2b/0x38a0
[   82.880162][ T5957]  path_openat+0x2e43/0x38a0
[   82.880218][ T5957]  ? __pfx_path_openat+0x10/0x10
[   82.880245][ T5957]  ? kasan_save_track+0x4f/0x80
[   82.880264][ T5957]  ? kasan_save_track+0x3e/0x80
[   82.880283][ T5957]  ? __kasan_slab_alloc+0x6c/0x80
[   82.880304][ T5957]  ? kmem_cache_alloc_noprof+0x33b/0x680
[   82.880335][ T5957]  ? do_raw_spin_lock+0x12b/0x2f0
[   82.880364][ T5957]  do_file_open+0x23e/0x4a0
[   82.880387][ T5957]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   82.880415][ T5957]  ? __pfx_do_file_open+0x10/0x10
[   82.880436][ T5957]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[   82.880479][ T5957]  ? alloc_fd+0x64e/0x6c0
[   82.880510][ T5957]  do_sys_openat2+0x113/0x200
[   82.880533][ T5957]  ? __pfx_do_sys_openat2+0x10/0x10
[   82.880554][ T5957]  ? exc_page_fault+0x6a/0xc0
[   82.880580][ T5957]  ? do_user_addr_fault+0xc6f/0x1340
[   82.880602][ T5957]  __x64_sys_openat+0x138/0x170
[   82.880625][ T5957]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.880645][ T5957]  do_syscall_64+0x15f/0xf80
[   82.880666][ T5957]  ? trace_irq_disable+0x3b/0x140
[   82.880685][ T5957]  ? clear_bhb_loop+0x40/0x90
[   82.880707][ T5957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.880725][ T5957] RIP: 0033:0x7f5db321c819
[   82.880742][ T5957] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   82.880756][ T5957] RSP: 002b:00007ffdf0b37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   82.880774][ T5957] RAX: ffffffffffffffda RBX: 00007f5db3495fa0 RCX: 00007f5db321c819
[   82.880788][ T5957] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c
[   82.880800][ T5957] RBP: 00007f5db32b2c91 R08: 0000000000000000 R09: 0000000000000000
[   82.880812][ T5957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   82.880823][ T5957] R13: 00007f5db3495fac R14: 00007f5db3495fa0 R15: 00007f5db3495fa0
[   82.880853][ T5957]  </TASK>
[   82.881250][ T5957] Kernel Offset: disabled