# https://syzkaller.appspot.com/bug?id=aa7d8a28473418b50cdd32f3fac22cfd62186e2f
# See https://goo.gl/kgGztJ for information about syzkaller reproducers.
#{"threaded":true,"collide":true,"repeat":true,"procs":6,"sandbox":"none","fault_call":-1,"tun":true,"netdev":true,"resetnet":true,"cgroups":true,"binfmt_misc":true,"close_fds":true,"devlinkpci":true,"tmpdir":true,"segv":true}
pipe(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
rename(0x0, &(0x7f00000000c0)='./file1\x00')
chdir(&(0x7f0000000140)='./bus\x00')
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0)
r3 = add_key(0x0, 0x0, &(0x7f0000000340)="21bea161044c932df6dd49ad241108ded5a7717abbcfb86bd98ac970bf7c12454e6a4441fa6a98fa268cd7e64c939ed98a12570eba14c651796c9a2b86e8dbe9d3fc7ce50b7e7eb5c5cbf178f46314adc8df55bd58f14c6efb57195cf09c9c69b99cbde97ac80fe797ab7c926feccfb91eddd01bc8d454e322d5b2cd64a11f8ff459cd5bdbcd5e50dcf8d56d94678c5ee5", 0x91, 0x0)
stat(&(0x7f0000000480)='./file0\x00', 0x0)
fstat(0xffffffffffffffff, &(0x7f0000001b80)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
getuid()
r5 = mq_open(0x0, 0x6e93ebbbcc0884f2, 0x0, 0x0)
mq_timedreceive(r5, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r5, &(0x7f0000000040)=""/50, 0x32, 0x0, &(0x7f00000000c0)={0x77359400})
mq_timedsend(r5, &(0x7f0000000100), 0x0, 0x0, 0x0)
r6 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0)
mq_timedreceive(r6, &(0x7f0000000040)=""/50, 0x32, 0x0, &(0x7f00000000c0)={0x77359400})
mq_timedsend(r6, 0x0, 0x0, 0x0, &(0x7f0000000180))
mq_timedsend(r6, &(0x7f0000000100), 0x0, 0x0, 0x0)
mq_timedreceive(0xffffffffffffffff, &(0x7f0000000000)=""/24, 0x18, 0x0, 0x0)
mq_timedreceive(0xffffffffffffffff, &(0x7f0000000040)=""/50, 0x32, 0x0, &(0x7f00000000c0)={0x77359400})
mq_timedsend(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000000180))
r7 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000664fc0)={0x0, 0x1})
mq_timedreceive(r7, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r7, &(0x7f0000000040)=""/50, 0x32, 0x0, 0x0)
mq_timedsend(r7, &(0x7f0000000100), 0x0, 0x0, 0x0)
mq_timedsend(r7, 0x0, 0x0, 0x0, 0x0)
r8 = mq_open(0x0, 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000664fc0)={0x0, 0x1})
mq_timedreceive(r8, &(0x7f0000000040)=""/50, 0x32, 0x0, 0x0)
mq_timedsend(r8, 0x0, 0x0, 0x0, &(0x7f0000000180))
mq_timedsend(r8, &(0x7f0000000100), 0x0, 0x0, 0x0)
mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r9 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0)
mq_timedreceive(r9, &(0x7f0000000040)=""/50, 0x32, 0x0, 0x0)
mq_timedsend(r9, &(0x7f0000000100), 0x0, 0x0, 0x0)
mq_timedsend(r9, &(0x7f0000000100), 0x0, 0x0, 0x0)
r10 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x40, 0x92, &(0x7f0000000440)={0x9, 0x10001, 0x10005, 0xfffffffffffffffe})
mq_timedreceive(r10, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x77359400})
mq_timedsend(r10, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000000180))
mq_timedsend(r10, &(0x7f0000000100), 0x0, 0x0, 0x0)
r11 = mq_open(&(0x7f0000000380)='!selinexselinux\x00t\x00\xc0`K\xe0\xa5b\xe4}\xb6\xc2\x9b\'\x19\x05/\xe0s2Y9\xc8L\nb\x00\x80\x05\xd8\xaeF0U\xc0y\xbf\xb5_\xaf\xed\xcb\xbfm\x1a\xe2(\xa7Z\xa5E\xb6\x15\xe4\x92\xd26\xfa\xe1)a\xbb!\xf6_q\xa9<o\xc8\xeeu\xde}\xb2\xf9\xe0sh\x90L\x1fab\x04\xec\'\xda\x9c\x82{\f\xe7\x881g\xc2\x91?S\x91\xddz%\x9c\xfa\xbb\xa8\x9d\xa6\xd6\xf6\xed\x82\xac\xab\xe8\xb7*\xddX\x19m\x88\x00V\x19\xb7\xce\v\xb5\xa6\x97\x11\x8dON\xdb$\xd3+Ok$\xff*\xefm{\x02\xb9', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000664fc0)={0x0, 0x1, 0x9})
mq_timedreceive(r11, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r11, &(0x7f0000000040)=""/50, 0x32, 0x0, &(0x7f00000000c0)={0x77359400})
mq_timedsend(r11, 0x0, 0x0, 0x0, &(0x7f0000000180))
mq_timedsend(r11, 0x0, 0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
fstat(0xffffffffffffffff, &(0x7f0000001b80)={0x0, 0x0, 0x0, 0x0, 0x0, <r12=>0x0})
r13 = getpgid(0x0)
shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000840)={{0x2, 0x0, r12, 0x0, r12}, 0xb8fb, 0xffc, 0x0, 0x8000, 0x0, r13, 0x81})
getuid()
r14 = mq_open(0x0, 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000664fc0)={0x0, 0x0, 0x5})
mq_timedreceive(r14, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(r14, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x77359400})
mq_timedsend(r14, &(0x7f0000000100), 0x0, 0x0, 0x0)
r15 = mq_open(0x0, 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000664fc0)={0x0, 0x1, 0x5})
mq_timedsend(r15, 0x0, 0x0, 0x0, 0x0)
r16 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0)
mq_timedreceive(r16, &(0x7f0000000040)=""/50, 0x32, 0x0, &(0x7f00000000c0)={0x77359400})
mq_timedsend(r16, 0x0, 0x0, 0x0, &(0x7f0000000180))
mq_timedsend(r16, &(0x7f0000000100), 0x0, 0x0, 0x0)
r17 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0)
mq_timedreceive(r17, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x77359400})
mq_timedsend(r17, 0x0, 0x0, 0x0, &(0x7f0000000180))
mq_timedsend(r17, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r18 = mq_open(0x0, 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000664fc0)={0x0, 0x1, 0x5})
mq_timedreceive(r18, &(0x7f0000000000)=""/24, 0x18, 0x0, 0x0)
mq_timedreceive(r18, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r18, 0x0, 0x0, 0x0, &(0x7f0000000180))
r19 = mq_open(0x0, 0x6e93ebbbcc0884f2, 0x0, 0x0)
mq_timedsend(r19, 0x0, 0x0, 0x0, &(0x7f0000000180))
mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
mq_timedreceive(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0, 0x0)
r20 = mq_open(&(0x7f0000000380)='!selinexselinux\x00t\x00\xc0`K\xe0\xa5b\xe4}\xb6\xc2\x9b\'\x19\x05/\xe0s2Y9\xc8L\nb\x00\x80\x05\xd8\xaeF0U\xc0y\xbf\xb5_\xaf\xed\xcb\xbfm\x1a\xe2(\xa7Z\xa5E\xb6\x15\xe4\x92\xd26\xfa\xe1)a\xbb!\xf6_q\xa9<o\xc8\xeeu\xde}\xb2\xf9\xe0sh\x90L\x1fab\x04\xec\'\xda\x9c\x82{\f\xe7\x881g\xc2\x91?S\x91\xddz%\x9c\xfa\xbb\xa8\x9d\xa6\xd6\xf6\xed\x82\xac\xab\xe8\xb7*\xddX\x19m\x88\x00V\x19\xb7\xce\v\xb5\xa6\x97\x11\x8dON\xdb$\xd3+Ok$\xff*\xefm{\x02\xb9', 0x6e93ebbbcc0884f2, 0x0, 0x0)
mq_timedreceive(r20, &(0x7f0000000000)=""/24, 0x18, 0x0, 0x0)
mq_timedreceive(r20, &(0x7f0000000040)=""/50, 0x32, 0x0, &(0x7f00000000c0)={0x77359400})
mq_timedsend(r20, &(0x7f0000000100), 0x0, 0x0, 0x0)
mq_timedsend(r20, &(0x7f0000000100), 0x0, 0x0, 0x0)
mount$fuseblk(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="eb5b265d66646b", @ANYRESHEX, @ANYRESHEX, @ANYRESDEC, @ANYBLOB="2c49f9a067726f5bacac643d", @ANYRESDEC=r12, @ANYPTR64])
keyctl$chown(0x4, r3, r4, 0x0)