semtimedop(0x0, 0x0, 0x0, 0x0) (async)
semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) (async)
r0 = semget$private(0x0, 0x4, 0x100)
semctl$GETVAL(r0, 0x0, 0xc, 0x0)
panic: bad group arg size 48, should be <= 0 for &prog.GroupArg{ArgCommon:prog.ArgCommon{ref:0x2dc, dir:0x0}, Inner:[]prog.Arg{}} type "array"

goroutine 15 [running]:
github.com/google/syzkaller/prog.foreachArgImpl({0x4c7838, 0x40178a7ee0}, 0x401cc45840, 0x4000669d80)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:157 +0x5cc
github.com/google/syzkaller/prog.foreachArgImpl({0x4c7878, 0x400f113da0}, 0x401cc45840, 0x4000669d80)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:164 +0x304
github.com/google/syzkaller/prog.ForeachArg(0x4016323b80, 0x4000669d80)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:123 +0x130
github.com/google/syzkaller/prog.(*Prog).MutateWithHints(0x401cf0d200, 0x0, 0x400ed3fbf0, 0x4000669df8)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:78 +0x9c
main.(*Proc).executeHintSeed(0x401d614100, 0x401cf0d200, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:248 +0xf8
main.(*Proc).smashInput(0x401d614100, 0x400e8556f0)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:214 +0x8c
main.(*Proc).loop(0x401d614100)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0x168
created by main.main
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:307 +0x170c