last executing test programs:

250.9661ms ago: executing program 2 (id=94):
syz_open_dev$usbfs(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$usbfs(&(0x7f0000000140), 0xa, 0x0)
syz_open_dev$usbfs(&(0x7f0000000180), 0xa, 0x1)
syz_open_dev$usbfs(&(0x7f00000001c0), 0xa, 0x2)
syz_open_dev$usbfs(&(0x7f0000000200), 0xa, 0x800)
syz_open_dev$usbfs(&(0x7f0000000240), 0x14, 0x0)
syz_open_dev$usbfs(&(0x7f0000000280), 0x14, 0x1)
syz_open_dev$usbfs(&(0x7f00000002c0), 0x14, 0x2)
syz_open_dev$usbfs(&(0x7f0000000300), 0x14, 0x800)
syz_open_dev$usbfs(&(0x7f0000000340), 0x1e, 0x0)
syz_open_dev$usbfs(&(0x7f0000000380), 0x1e, 0x1)
syz_open_dev$usbfs(&(0x7f00000003c0), 0x1e, 0x2)
syz_open_dev$usbfs(&(0x7f0000000400), 0x1e, 0x800)
syz_open_dev$usbfs(&(0x7f0000000440), 0x28, 0x0)
syz_open_dev$usbfs(&(0x7f0000000480), 0x28, 0x1)
syz_open_dev$usbfs(&(0x7f00000004c0), 0x28, 0x2)
syz_open_dev$usbfs(&(0x7f0000000500), 0x28, 0x800)

250.843177ms ago: executing program 0 (id=95):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs', 0x800, 0x0)

240.387423ms ago: executing program 3 (id=96):
get_thread_area(&(0x7f0000000000))

218.095708ms ago: executing program 0 (id=97):
clock_gettime(0x0, &(0x7f0000000000))

153.256036ms ago: executing program 2 (id=98):
timer_gettime(0x0, &(0x7f0000000000))

153.078075ms ago: executing program 3 (id=99):
file_getattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x0)

152.944692ms ago: executing program 1 (id=100):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/msm', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/msm', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/msm', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/msm', 0x800, 0x0)

152.791607ms ago: executing program 0 (id=101):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/seq', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/seq', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/seq', 0x800, 0x0)

152.537587ms ago: executing program 1 (id=102):
iopl(0x0)

148.460296ms ago: executing program 2 (id=103):
rseq(&(0x7f0000000000), 0x0, 0x0, 0x0)

148.339262ms ago: executing program 3 (id=104):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/sync/info', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/sync/info', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/sync/info', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/sync/info', 0x800, 0x0)

120.172996ms ago: executing program 0 (id=105):
socket$inet6_udp(0xa, 0x2, 0x0)

69.407063ms ago: executing program 1 (id=106):
pselect6(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000))

69.070399ms ago: executing program 2 (id=107):
rt_sigprocmask(0x0, &(0x7f0000000000), 0x0, 0x0)

69.020075ms ago: executing program 3 (id=108):
syncfs(0xffffffffffffffff)

68.97956ms ago: executing program 2 (id=109):
socket$inet_icmp(0x2, 0x2, 0x1)

68.885329ms ago: executing program 1 (id=110):
sched_getparam(0x0, &(0x7f0000000000))

56.953424ms ago: executing program 3 (id=111):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

50.976166ms ago: executing program 0 (id=112):
uselib(0x0)

539.674µs ago: executing program 2 (id=113):
socket$inet_udplite(0x2, 0x2, 0x88)

277.671µs ago: executing program 1 (id=114):
fspick(0xffffffffffffffff, &(0x7f0000000000), 0x0)

190.317µs ago: executing program 0 (id=115):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse', 0x2, 0x0)

155.942µs ago: executing program 3 (id=116):
memfd_create(&(0x7f0000000000), 0x0)

0s ago: executing program 1 (id=117):
syz_open_dev$mouse(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$mouse(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$mouse(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$mouse(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$mouse(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$mouse(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$mouse(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$mouse(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$mouse(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$mouse(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$mouse(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$mouse(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$mouse(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$mouse(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$mouse(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$mouse(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$mouse(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$mouse(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$mouse(&(0x7f0000000500), 0x4, 0x800)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.55' (ED25519) to the list of known hosts.
[   77.325372][ T5813] cgroup: Unknown subsys name 'net'
[   77.565464][ T5813] cgroup: Unknown subsys name 'cpuset'
[   77.620364][ T5813] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   79.302737][ T5813] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   86.869520][    T9] cfg80211: failed to load regulatory.db
[   89.079947][ T5955] ------------[ cut here ]------------
[   89.079960][ T5955] fud->pq.processing
[   89.079972][ T5955] WARNING: fs/fuse/dev.c:482 at fuse_dev_install_with_pq+0x23b/0x270, CPU#0: syz.0.115/5955
[   89.080012][ T5955] Modules linked in:
[   89.080046][ T5955] CPU: 0 UID: 0 PID: 5955 Comm: syz.0.115 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[   89.080087][ T5955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[   89.080098][ T5955] RIP: 0010:fuse_dev_install_with_pq+0x23b/0x270
[   89.080123][ T5955] Code: 85 6d fe ff ff e8 55 84 84 fe 4d 85 ed 0f 94 c0 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 36 84 84 fe 90 <0f> 0b 90 41 80 3c 2e 00 0f 85 8a fe ff ff e9 8d fe ff ff 44 89 f1
[   89.080140][ T5955] RSP: 0018:ffffc90004d27660 EFLAGS: 00010293
[   89.080155][ T5955] RAX: ffffffff83406a0a RBX: ffff88803d3ad000 RCX: ffff888022ad3d80
[   89.080168][ T5955] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   89.080179][ T5955] RBP: dffffc0000000000 R08: ffff8880324be40f R09: 1ffff11006497c81
[   89.080192][ T5955] R10: dffffc0000000000 R11: ffffed1006497c82 R12: ffff88803d17a000
[   89.080205][ T5955] R13: ffff8880324be498 R14: 1ffff11006497c93 R15: ffff8880324be400
[   89.080219][ T5955] FS:  000055555afd3500(0000) GS:ffff888125a67000(0000) knlGS:0000000000000000
[   89.080234][ T5955] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   89.080246][ T5955] CR2: 00007fd1c4e1ba40 CR3: 000000003fc58000 CR4: 00000000003526f0
[   89.080265][ T5955] Call Trace:
[   89.080272][ T5955]  <TASK>
[   89.080289][ T5955]  fuse_dev_alloc_install+0x61/0x80
[   89.080313][ T5955]  cuse_channel_open+0x124/0x7b0
[   89.080337][ T5955]  ? __pfx_cuse_channel_open+0x10/0x10
[   89.080355][ T5955]  misc_open+0x2de/0x350
[   89.080380][ T5955]  chrdev_open+0x4d0/0x5f0
[   89.080405][ T5955]  ? __pfx_chrdev_open+0x10/0x10
[   89.080423][ T5955]  ? fsnotify_open_perm_and_set_mode+0x13b/0x6e0
[   89.080453][ T5955]  ? __pfx_chrdev_open+0x10/0x10
[   89.080469][ T5955]  do_dentry_open+0x83d/0x13e0
[   89.080506][ T5955]  vfs_open+0x3b/0x350
[   89.080523][ T5955]  ? path_openat+0x2e2b/0x38a0
[   89.080550][ T5955]  path_openat+0x2e43/0x38a0
[   89.080610][ T5955]  ? __pfx_path_openat+0x10/0x10
[   89.080638][ T5955]  ? kasan_save_track+0x4f/0x80
[   89.081098][ T5955]  ? kasan_save_track+0x3e/0x80
[   89.081124][ T5955]  ? __kasan_slab_alloc+0x6c/0x80
[   89.081144][ T5955]  ? kmem_cache_alloc_noprof+0x33b/0x680
[   89.081175][ T5955]  ? do_raw_spin_lock+0x12b/0x2f0
[   89.081204][ T5955]  do_file_open+0x23e/0x4a0
[   89.081228][ T5955]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   89.081263][ T5955]  ? __pfx_do_file_open+0x10/0x10
[   89.081284][ T5955]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[   89.081327][ T5955]  ? alloc_fd+0x64e/0x6c0
[   89.081358][ T5955]  do_sys_openat2+0x113/0x200
[   89.081382][ T5955]  ? __pfx_do_sys_openat2+0x10/0x10
[   89.081403][ T5955]  ? exc_page_fault+0x6a/0xc0
[   89.081430][ T5955]  ? do_user_addr_fault+0xc6f/0x1340
[   89.081453][ T5955]  __x64_sys_openat+0x138/0x170
[   89.081476][ T5955]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.081495][ T5955]  do_syscall_64+0x15f/0xf80
[   89.081519][ T5955]  ? trace_irq_disable+0x3b/0x140
[   89.081540][ T5955]  ? clear_bhb_loop+0x40/0x90
[   89.081563][ T5955]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.081580][ T5955] RIP: 0033:0x7fd1c4e8c819
[   89.081605][ T5955] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   89.081618][ T5955] RSP: 002b:00007ffe4415cbd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   89.081637][ T5955] RAX: ffffffffffffffda RBX: 00007fd1c5105fa0 RCX: 00007fd1c4e8c819
[   89.081650][ T5955] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c
[   89.081662][ T5955] RBP: 00007fd1c4f22c91 R08: 0000000000000000 R09: 0000000000000000
[   89.081674][ T5955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   89.081684][ T5955] R13: 00007fd1c5105fac R14: 00007fd1c5105fa0 R15: 00007fd1c5105fa0
[   89.081715][ T5955]  </TASK>
[   89.081725][ T5955] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   89.081738][ T5955] CPU: 0 UID: 0 PID: 5955 Comm: syz.0.115 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[   89.081759][ T5955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[   89.081769][ T5955] Call Trace:
[   89.081776][ T5955]  <TASK>
[   89.081784][ T5955]  vpanic+0x56c/0xa60
[   89.081821][ T5955]  ? __pfx__printk+0x10/0x10
[   89.081846][ T5955]  ? __pfx_vpanic+0x10/0x10
[   89.081865][ T5955]  ? is_bpf_text_address+0x292/0x2b0
[   89.081888][ T5955]  ? is_bpf_text_address+0x26/0x2b0
[   89.081918][ T5955]  panic+0xc5/0xd0
[   89.081938][ T5955]  ? __pfx_panic+0x10/0x10
[   89.081976][ T5955]  __warn+0x315/0x4c0
[   89.081996][ T5955]  ? fuse_dev_install_with_pq+0x23b/0x270
[   89.082021][ T5955]  ? fuse_dev_install_with_pq+0x23b/0x270
[   89.082045][ T5955]  __report_bug+0x29a/0x540
[   89.082082][ T5955]  ? fuse_dev_install_with_pq+0x23b/0x270
[   89.082105][ T5955]  ? __pfx___report_bug+0x10/0x10
[   89.082130][ T5955]  ? __pfx_rtlock_slowlock_locked+0x10/0x10
[   89.082155][ T5955]  ? rt_spin_lock+0x1e0/0x400
[   89.082176][ T5955]  ? rt_spin_lock+0x1e0/0x400
[   89.082199][ T5955]  ? fuse_dev_install_with_pq+0x23b/0x270
[   89.082222][ T5955]  report_bug+0x16a/0x220
[   89.082246][ T5955]  ? fuse_dev_install_with_pq+0x23b/0x270
[   89.082268][ T5955]  ? fuse_dev_install_with_pq+0x23d/0x270
[   89.082291][ T5955]  handle_bug+0x9c/0x200
[   89.082310][ T5955]  exc_invalid_op+0x1a/0x50
[   89.082328][ T5955]  asm_exc_invalid_op+0x1a/0x20
[   89.082345][ T5955] RIP: 0010:fuse_dev_install_with_pq+0x23b/0x270
[   89.082368][ T5955] Code: 85 6d fe ff ff e8 55 84 84 fe 4d 85 ed 0f 94 c0 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 36 84 84 fe 90 <0f> 0b 90 41 80 3c 2e 00 0f 85 8a fe ff ff e9 8d fe ff ff 44 89 f1
[   89.082382][ T5955] RSP: 0018:ffffc90004d27660 EFLAGS: 00010293
[   89.082397][ T5955] RAX: ffffffff83406a0a RBX: ffff88803d3ad000 RCX: ffff888022ad3d80
[   89.082411][ T5955] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   89.082421][ T5955] RBP: dffffc0000000000 R08: ffff8880324be40f R09: 1ffff11006497c81
[   89.082434][ T5955] R10: dffffc0000000000 R11: ffffed1006497c82 R12: ffff88803d17a000
[   89.082447][ T5955] R13: ffff8880324be498 R14: 1ffff11006497c93 R15: ffff8880324be400
[   89.082468][ T5955]  ? fuse_dev_install_with_pq+0x23a/0x270
[   89.082504][ T5955]  fuse_dev_alloc_install+0x61/0x80
[   89.082527][ T5955]  cuse_channel_open+0x124/0x7b0
[   89.082552][ T5955]  ? __pfx_cuse_channel_open+0x10/0x10
[   89.082569][ T5955]  misc_open+0x2de/0x350
[   89.082593][ T5955]  chrdev_open+0x4d0/0x5f0
[   89.082611][ T5955]  ? __pfx_chrdev_open+0x10/0x10
[   89.082627][ T5955]  ? fsnotify_open_perm_and_set_mode+0x13b/0x6e0
[   89.082655][ T5955]  ? __pfx_chrdev_open+0x10/0x10
[   89.082670][ T5955]  do_dentry_open+0x83d/0x13e0
[   89.082695][ T5955]  vfs_open+0x3b/0x350
[   89.082710][ T5955]  ? path_openat+0x2e2b/0x38a0
[   89.082733][ T5955]  path_openat+0x2e43/0x38a0
[   89.082783][ T5955]  ? __pfx_path_openat+0x10/0x10
[   89.082808][ T5955]  ? kasan_save_track+0x4f/0x80
[   89.082825][ T5955]  ? kasan_save_track+0x3e/0x80
[   89.082843][ T5955]  ? __kasan_slab_alloc+0x6c/0x80
[   89.082862][ T5955]  ? kmem_cache_alloc_noprof+0x33b/0x680
[   89.082892][ T5955]  ? do_raw_spin_lock+0x12b/0x2f0
[   89.082921][ T5955]  do_file_open+0x23e/0x4a0
[   89.082944][ T5955]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   89.082972][ T5955]  ? __pfx_do_file_open+0x10/0x10
[   89.082993][ T5955]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[   89.083037][ T5955]  ? alloc_fd+0x64e/0x6c0
[   89.083074][ T5955]  do_sys_openat2+0x113/0x200
[   89.083097][ T5955]  ? __pfx_do_sys_openat2+0x10/0x10
[   89.083119][ T5955]  ? exc_page_fault+0x6a/0xc0
[   89.083146][ T5955]  ? do_user_addr_fault+0xc6f/0x1340
[   89.083168][ T5955]  __x64_sys_openat+0x138/0x170
[   89.083192][ T5955]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.083211][ T5955]  do_syscall_64+0x15f/0xf80
[   89.083234][ T5955]  ? trace_irq_disable+0x3b/0x140
[   89.083254][ T5955]  ? clear_bhb_loop+0x40/0x90
[   89.083277][ T5955]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.083294][ T5955] RIP: 0033:0x7fd1c4e8c819
[   89.083308][ T5955] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   89.083322][ T5955] RSP: 002b:00007ffe4415cbd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   89.083339][ T5955] RAX: ffffffffffffffda RBX: 00007fd1c5105fa0 RCX: 00007fd1c4e8c819
[   89.083352][ T5955] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c
[   89.083365][ T5955] RBP: 00007fd1c4f22c91 R08: 0000000000000000 R09: 0000000000000000
[   89.083376][ T5955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   89.083387][ T5955] R13: 00007fd1c5105fac R14: 00007fd1c5105fa0 R15: 00007fd1c5105fa0
[   89.083417][ T5955]  </TASK>
[   89.084001][ T5955] Kernel Offset: disabled