program:
r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x1, 0x101000)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x80414, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x800000007ffffffe}, 0x0, 0x2, 0xffffffff, 0x4, 0x5, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x9)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x12}, &(0x7f00009b1ffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = gettid()
tkill(r1, 0x13)
syz_mount_image$romfs(&(0x7f0000000040), &(0x7f0000000480)='./file0\x00', 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="00f3000000be5500200800000000c19e57fc847c52a19b0b247df0690ca7d757194d0335d8e8a065e069e1294e9f28bcee7085d4988309e751e0eec20f77d6c68ae8"], 0x1, 0x140, &(0x7f0000000340)="$eJzs2r9Kw1AUBvAzCEpHR6dAJQqa/1pXHcXN3SHU3DR4Y0oiSPsC4iQoXAdfQvAJfALJ6KZLB18icturplEhk9fh+y394LTpyblwp2PlWeqxwiLaHF4fTpbzLDV6wU6feSykmX0iMmQoq+rWpm9ePutlRfYPX9Br9W322V2PxcElS3jk624JAAAAAAAAAAAAAAAAAAAAAABaMjsqdAYivWAJj7xatRiNT0LOo7wgWtLUoV6moXa4iAl+J+cTzNU35Fh2ZUrEXi7r7vzvb1RYGwj+2pyvc5YOnWI0tpI0jKM4OvX9oOduue6270yf5TSfaN6rnqisHtzaOpn9dCQ7M2v7Zs9t9s3U+S+sJOLqvPlvX+ePgICA8BFaXp//3/T+mxDRYtB9lPef3c/4sSr+xTj1vj4A/OY9AAD//3cgO3s=")
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000e80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}, {{&(0x7f0000000640)=@file={0x1, './file0/../file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4004000}}], 0x2, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000000100)={0x0, 0x0, {0x1, 0xfffffffe, 0x300f, 0x4, 0xb, 0xb}})
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000000))
syz_open_dev$video4linux(&(0x7f0000000040), 0x1, 0x101000) (async)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x80414, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x800000007ffffffe}, 0x0, 0x2, 0xffffffff, 0x4, 0x5, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x9) (async)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x12}, &(0x7f00009b1ffc)) (async)
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async)
gettid() (async)
tkill(r1, 0x13) (async)
syz_mount_image$romfs(&(0x7f0000000040), &(0x7f0000000480)='./file0\x00', 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="00f3000000be5500200800000000c19e57fc847c52a19b0b247df0690ca7d757194d0335d8e8a065e069e1294e9f28bcee7085d4988309e751e0eec20f77d6c68ae8"], 0x1, 0x140, &(0x7f0000000340)="$eJzs2r9Kw1AUBvAzCEpHR6dAJQqa/1pXHcXN3SHU3DR4Y0oiSPsC4iQoXAdfQvAJfALJ6KZLB18icturplEhk9fh+y394LTpyblwp2PlWeqxwiLaHF4fTpbzLDV6wU6feSykmX0iMmQoq+rWpm9ePutlRfYPX9Br9W322V2PxcElS3jk624JAAAAAAAAAAAAAAAAAAAAAABaMjsqdAYivWAJj7xatRiNT0LOo7wgWtLUoV6moXa4iAl+J+cTzNU35Fh2ZUrEXi7r7vzvb1RYGwj+2pyvc5YOnWI0tpI0jKM4OvX9oOduue6270yf5TSfaN6rnqisHtzaOpn9dCQ7M2v7Zs9t9s3U+S+sJOLqvPlvX+ePgICA8BFaXp//3/T+mxDRYtB9lPef3c/4sSr+xTj1vj4A/OY9AAD//3cgO3s=") (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
sendmmsg$unix(r2, &(0x7f0000000e80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}, {{&(0x7f0000000640)=@file={0x1, './file0/../file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4004000}}], 0x2, 0x0) (async)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000000100)={0x0, 0x0, {0x1, 0xfffffffe, 0x300f, 0x4, 0xb, 0xb}}) (async)
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000000)) (async)

[   67.649538][ T5301] Bluetooth: hci0: command tx timeout
[   67.692838][ T5314] loop0: detected capacity change from 0 to 24
[   67.700193][ T5314] MTD: Attempt to mount non-MTD device "/dev/loop0"
[   67.711788][ T5314] romfs: Mounting image 'rom 637cf1fa' through the block layer
[   67.715770][ T5314] VFS: Lookup of 'file0' in romfs loop0 would have caused loop
[   67.721061][ T5315] VFS: Lookup of 'file0' in romfs loop0 would have caused loop
[   67.730203][    C0] ------------[ cut here ]------------
[   67.732107][    C0] WARNING: CPU: 0 PID: 0 at kernel/signal.c:2050 posixtimer_send_sigqueue+0xa08/0xce0
[   67.735739][    C0] Modules linked in:
[   67.737185][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc2-syzkaller-00292-ga446e965a188 #0
[   67.740786][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   67.744911][    C0] RIP: 0010:posixtimer_send_sigqueue+0xa08/0xce0
[   67.747195][    C0] Code: 00 0f 85 f4 02 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 73 1a 3b 00 4c 8b 64 24 08 e9 28 ff ff ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 80 3c 03 00 74 08 4c 89 f7
[   67.753709][    C0] RSP: 0018:ffffc90000007c00 EFLAGS: 00010086
[   67.755837][    C0] RAX: dffffc0000000000 RBX: 1ffff11008826e03 RCX: ffffffff8e6965c0
[   67.758544][    C0] RDX: 0000000000010000 RSI: 0000000000020000 RDI: 0000000000000000
[   67.761875][    C0] RBP: ffffc90000007cf8 R08: ffffffff816450d0 R09: 1ffff110039d2a50
[   67.764717][    C0] R10: dffffc0000000000 R11: ffffed10039d2a51 R12: ffff888044137000
[   67.767525][    C0] R13: 1ffff11008826e10 R14: ffff888044137018 R15: ffff8880441370c0
[   67.770400][    C0] FS:  0000000000000000(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   67.773544][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   67.775877][    C0] CR2: 00007f5010e11fe0 CR3: 000000001cf22000 CR4: 0000000000352ef0
[   67.778808][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   67.781684][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   67.784512][    C0] Call Trace:
[   67.785766][    C0]  <IRQ>
[   67.786857][    C0]  ? __warn+0x165/0x4d0
[   67.788384][    C0]  ? posixtimer_send_sigqueue+0xa08/0xce0
[   67.790362][    C0]  ? report_bug+0x2b3/0x500
[   67.792013][    C0]  ? posixtimer_send_sigqueue+0xa08/0xce0
[   67.794089][    C0]  ? handle_bug+0x60/0x90
[   67.795752][    C0]  ? exc_invalid_op+0x1a/0x50
[   67.797504][    C0]  ? asm_exc_invalid_op+0x1a/0x20
[   67.799289][    C0]  ? prepare_signal+0x6c0/0xc90
[   67.801183][    C0]  ? posixtimer_send_sigqueue+0xa08/0xce0
[   67.803631][    C0]  ? posixtimer_send_sigqueue+0xd3/0xce0
[   67.805903][    C0]  ? __pfx_posixtimer_send_sigqueue+0x10/0x10
[   67.807983][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   67.810222][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   67.812538][    C0]  posix_timer_fn+0xe2/0x160
[   67.814266][    C0]  ? __pfx_posix_timer_fn+0x10/0x10
[   67.816180][    C0]  __hrtimer_run_queues+0x59b/0xd30
[   67.818039][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   67.820076][    C0]  ? kvm_clock_get_cycles+0x52/0x70
[   67.821975][    C0]  ? ktime_get_update_offsets_now+0x393/0x3b0
[   67.824163][    C0]  hrtimer_interrupt+0x403/0xa40
[   67.826084][    C0]  __sysvec_apic_timer_interrupt+0x110/0x420
[   67.828245][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[   67.830305][    C0]  </IRQ>
[   67.831386][    C0]  <TASK>
[   67.832490][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   67.834642][    C0] RIP: 0010:default_idle+0x13/0x20
[   67.836495][    C0] Code: 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 fb 3c 00 f3 0f 1e fa fb f4 <fa> c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90
[   67.843118][    C0] RSP: 0018:ffffffff8e607d68 EFLAGS: 000002c2
[   67.845265][    C0] RAX: 89a653403c21a900 RBX: ffffffff817431ec RCX: 000000000000c9d9
[   67.848083][    C0] RDX: 0000000000000001 RSI: ffffffff8c5f9780 RDI: ffffffff817431ec
[   67.850848][    C0] RBP: ffffffff8e607eb8 R08: ffff88801fc37cdb R09: 1ffff11003f86f9b
[   67.853587][    C0] R10: dffffc0000000000 R11: ffffed1003f86f9c R12: 1ffffffff1cc0fc6
[   67.856288][    C0] R13: 1ffffffff1cd2cb8 R14: 0000000000000000 R15: dffffc0000000000
[   67.859178][    C0]  ? do_idle+0x22c/0x5c0
[   67.860575][    C0]  ? do_idle+0x22c/0x5c0
[   67.862179][    C0]  default_idle_call+0x74/0xb0
[   67.863863][    C0]  do_idle+0x22c/0x5c0
[   67.865330][    C0]  ? __pfx___schedule+0x10/0x10
[   67.867010][    C0]  ? __pfx_do_idle+0x10/0x10
[   67.868556][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   67.870601][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   67.872767][    C0]  ? rest_init+0x31/0x300
[   67.874274][    C0]  ? rest_init+0x31/0x300
[   67.875753][    C0]  cpu_startup_entry+0x42/0x60
[   67.877650][    C0]  rest_init+0x2dc/0x300
[   67.879233][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[   67.881244][    C0]  start_kernel+0x47f/0x500
[   67.882912][    C0]  x86_64_start_reservations+0x2a/0x30
[   67.884850][    C0]  x86_64_start_kernel+0x9f/0xa0
[   67.886589][    C0]  common_startup_64+0x13e/0x147
[   67.888415][    C0]  </TASK>
[   67.889558][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   67.892067][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-rc2-syzkaller-00292-ga446e965a188 #0
[   67.895585][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   67.899365][    C0] Call Trace:
[   67.900539][    C0]  <IRQ>
[   67.901606][    C0]  dump_stack_lvl+0x241/0x360
[   67.903292][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   67.905174][    C0]  ? __pfx__printk+0x10/0x10
[   67.906874][    C0]  ? _printk+0xd5/0x120
[   67.908356][    C0]  ? __init_begin+0x41000/0x41000
[   67.910232][    C0]  ? vscnprintf+0x5d/0x90
[   67.911740][    C0]  panic+0x349/0x880
[   67.913160][    C0]  ? __warn+0x174/0x4d0
[   67.914664][    C0]  ? __pfx_panic+0x10/0x10
[   67.916307][    C0]  ? common_startup_64+0x13e/0x147
[   67.918117][    C0]  __warn+0x344/0x4d0
[   67.919630][    C0]  ? posixtimer_send_sigqueue+0xa08/0xce0
[   67.921664][    C0]  report_bug+0x2b3/0x500
[   67.923269][    C0]  ? posixtimer_send_sigqueue+0xa08/0xce0
[   67.925344][    C0]  handle_bug+0x60/0x90
[   67.926858][    C0]  exc_invalid_op+0x1a/0x50
[   67.928475][    C0]  asm_exc_invalid_op+0x1a/0x20
[   67.930256][    C0] RIP: 0010:posixtimer_send_sigqueue+0xa08/0xce0
[   67.932526][    C0] Code: 00 0f 85 f4 02 00 00 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 73 1a 3b 00 4c 8b 64 24 08 e9 28 ff ff ff 90 <0f> 0b 90 48 b8 00 00 00 00 00 fc ff df 80 3c 03 00 74 08 4c 89 f7
[   67.939119][    C0] RSP: 0018:ffffc90000007c00 EFLAGS: 00010086
[   67.941339][    C0] RAX: dffffc0000000000 RBX: 1ffff11008826e03 RCX: ffffffff8e6965c0
[   67.944184][    C0] RDX: 0000000000010000 RSI: 0000000000020000 RDI: 0000000000000000
[   67.946999][    C0] RBP: ffffc90000007cf8 R08: ffffffff816450d0 R09: 1ffff110039d2a50
[   67.949984][    C0] R10: dffffc0000000000 R11: ffffed10039d2a51 R12: ffff888044137000
[   67.952795][    C0] R13: 1ffff11008826e10 R14: ffff888044137018 R15: ffff8880441370c0
[   67.955540][    C0]  ? prepare_signal+0x6c0/0xc90
[   67.957306][    C0]  ? posixtimer_send_sigqueue+0xd3/0xce0
[   67.959201][    C0]  ? __pfx_posixtimer_send_sigqueue+0x10/0x10
[   67.961478][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   67.963694][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   67.966514][    C0]  posix_timer_fn+0xe2/0x160
[   67.968400][    C0]  ? __pfx_posix_timer_fn+0x10/0x10
[   67.970320][    C0]  __hrtimer_run_queues+0x59b/0xd30
[   67.972167][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   67.974161][    C0]  ? kvm_clock_get_cycles+0x52/0x70
[   67.975972][    C0]  ? ktime_get_update_offsets_now+0x393/0x3b0
[   67.978109][    C0]  hrtimer_interrupt+0x403/0xa40
[   67.979918][    C0]  __sysvec_apic_timer_interrupt+0x110/0x420
[   67.981871][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[   67.983853][    C0]  </IRQ>
[   67.984931][    C0]  <TASK>
[   67.985954][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   67.988090][    C0] RIP: 0010:default_idle+0x13/0x20
[   67.989977][    C0] Code: 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 fb 3c 00 f3 0f 1e fa fb f4 <fa> c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90
[   67.996402][    C0] RSP: 0018:ffffffff8e607d68 EFLAGS: 000002c2
[   67.998535][    C0] RAX: 89a653403c21a900 RBX: ffffffff817431ec RCX: 000000000000c9d9
[   68.001394][    C0] RDX: 0000000000000001 RSI: ffffffff8c5f9780 RDI: ffffffff817431ec
[   68.004115][    C0] RBP: ffffffff8e607eb8 R08: ffff88801fc37cdb R09: 1ffff11003f86f9b
[   68.006978][    C0] R10: dffffc0000000000 R11: ffffed1003f86f9c R12: 1ffffffff1cc0fc6
[   68.009916][    C0] R13: 1ffffffff1cd2cb8 R14: 0000000000000000 R15: dffffc0000000000
[   68.012624][    C0]  ? do_idle+0x22c/0x5c0
[   68.014054][    C0]  ? do_idle+0x22c/0x5c0
[   68.015671][    C0]  default_idle_call+0x74/0xb0
[   68.017201][    C0]  do_idle+0x22c/0x5c0
[   68.018652][    C0]  ? __pfx___schedule+0x10/0x10
[   68.020561][    C0]  ? __pfx_do_idle+0x10/0x10
[   68.022950][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   68.025046][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.027165][    C0]  ? rest_init+0x31/0x300
[   68.028761][    C0]  ? rest_init+0x31/0x300
[   68.030325][    C0]  cpu_startup_entry+0x42/0x60
[   68.032025][    C0]  rest_init+0x2dc/0x300
[   68.033551][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[   68.035481][    C0]  start_kernel+0x47f/0x500
[   68.036968][    C0]  x86_64_start_reservations+0x2a/0x30
[   68.038980][    C0]  x86_64_start_kernel+0x9f/0xa0
[   68.040736][    C0]  common_startup_64+0x13e/0x147
[   68.042501][    C0]  </TASK>
[   68.043836][    C0] Kernel Offset: disabled
[   68.045271][    C0] Rebooting in 86400 seconds..