ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_mount_image$gfs2(&(0x7f0000000140)='gfs2\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0)
panic: broken type ref

goroutine 36 [running]:
github.com/google/syzkaller/prog.ArgCommon.Type(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:39
github.com/google/syzkaller/prog.foreachArgImpl(0xb7c020, 0xc02dd530a0, 0xc013b528c0, 0xa9a7f8)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:135 +0x878
github.com/google/syzkaller/prog.foreachArgImpl(0xb7c020, 0xc02dd53080, 0xc013b528c0, 0xa9a7f8)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:141 +0x2a9
github.com/google/syzkaller/prog.foreachArgImpl(0xb7c020, 0xc02dd53060, 0xc013b528c0, 0xa9a7f8)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:141 +0x2a9
github.com/google/syzkaller/prog.foreachArgImpl(0xb7c060, 0xc02dd60930, 0xc013b528c0, 0xa9a7f8)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:156 +0x656
github.com/google/syzkaller/prog.ForeachSubArg(...)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:111
github.com/google/syzkaller/prog.removeArg(0xb7c060, 0xc02dd60930)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:369 +0x5b
github.com/google/syzkaller/prog.(*Prog).removeCall(0xc02a30bd40, 0x8)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/prog.go:392 +0x86
github.com/google/syzkaller/prog.(*mutator).insertCall(0xc02b249e18, 0x14)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:144 +0x13d
github.com/google/syzkaller/prog.(*Prog).Mutate(0xc02a30bd40, 0xb76020, 0xc01a06e120, 0x14, 0xc01a07c000, 0xc0155c6000, 0x99ba, 0xc000)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/mutation.go:45 +0x2ea
main.(*Proc).smashInput(0xc01a538800, 0xc0179ed630)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:213 +0x131
main.(*Proc).loop(0xc01a538800)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0x1d7
created by main.main
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:275 +0x1246