# https://syzkaller.appspot.com/bug?id=43786eae3d13dae6ce7bea31d71f795e4d0c7622
# See https://goo.gl/kgGztJ for information about syzkaller reproducers.
#{"threaded":true,"collide":true,"repeat":true,"procs":6,"sandbox":"none","fault_call":-1,"tmpdir":true,"segv":true}
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = getpgid(0xffffffffffffffff)
fcntl$setown(r1, 0x6, r2)
r3 = dup2(r1, r0)
r4 = dup2(r1, r0)
lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080))
chroot(&(0x7f0000000100)='./file0\x00')
write(r0, &(0x7f0000000140)="14385eb46ea28ca5489d65a8b1543a0ba7cfda9ce9582651c93e643169cd75737e7902c8ebd97b08394c3d58d67f994f80e5120d541c19ee6b64109d54222ecec15a8bb48279995a621a1876fe3860b16ce6194a3c4328", 0x57)
shmget$private(0x0, 0x3000, 0x2a9, &(0x7f0000ffc000/0x3000)=nil)
recvfrom(r1, &(0x7f00000001c0)=""/201, 0xc9, 0x40, 0x0, 0x0)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x5, 0x10, r4, 0x0, 0x0)
shmget$private(0x0, 0x2000, 0x4, &(0x7f0000ffe000/0x2000)=nil)
r5 = getuid()
fcntl$setstatus(r3, 0x4, 0x8)
truncate(&(0x7f00000002c0)='./file0/file0\x00', 0x3)
preadv(r4, &(0x7f0000000380)=[{&(0x7f0000000300)=""/82, 0x52}], 0x1, 0x0)
open(&(0x7f00000003c0)='./file0\x00', 0x1040008, 0xd9)
sendmsg(r3, &(0x7f0000000880)={&(0x7f0000000400)=@in={0x2, 0x0}, 0xc, &(0x7f0000000680)=[{&(0x7f0000000440)="51cf4db49be406905a9e3c411ac0884a337c2945168d8a339c7804ec016b39b8300a7a3a073fd61ac7aeced31ddac95fb2be2ae6bc925baa326dee1ccf65ad171e8a4f85f658f418b8013e", 0x4b}, {0x0}, {&(0x7f0000000540)="fe424123755733", 0x7}, {0x0}, {&(0x7f00000005c0)="10ba565aa6a8a5d20f51f0b6e2ebfa5a55703152a372104de679e730e0ea55900c8dea29f3040828931546ad3543d6c1f070fb20ff35dd4e26746535e91e19cdb7ccc152fab5316a1557ba9f945ec093f3589f5e3b65d18ec9993dba2080803b9623cb5eb7232aabe1c5df73bc217e4e11ccb2ecdae47cf29f5788a82bfdbd668e00b62b946b6b1d57e79c9eab5e75bddd1c09167348710874", 0x99}], 0x5, 0x0}, 0x4)
shutdown(r0, 0x1)
utimensat(r4, 0x0, &(0x7f0000000900)={{0x6, 0x200}, {0x8000, 0x7}}, 0x0)
seteuid(r5)
link(&(0x7f0000000940)='./file0\x00', &(0x7f0000000980)='./file0/file0\x00')
r6 = msgget$private(0x0, 0x0)
getgroups(0x5, &(0x7f00000009c0)=[<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff, <r9=>0x0, <r10=>0xffffffffffffffff, 0xffffffffffffffff])
getgroups(0x2, &(0x7f0000000a00)=[<r11=>0xffffffffffffffff, 0x0])
msgctl$IPC_SET(r6, 0x1, &(0x7f0000000a40)={{0x8, r5, r10, r5, r11, 0x4, 0x7}, 0x7f, 0xfff, r2, r2, 0x800, 0xe21, 0x2, 0x100000001})
fchroot(r3)
getgroups(0x7, &(0x7f0000000ac0)=[r8, r7, r9, r11, r7, r9, r8])
fcntl$setflags(r1, 0x2, 0x1)
getpeername(r4, &(0x7f0000000b00)=@in, &(0x7f0000000b40)=0xc)