r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000d40)={0x0, 0x3f00, &(0x7f0000000d00)={&(0x7f0000000b00)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@loopback, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}}}, 0xb8}}, 0x0)
panic: bad group arg size 96, should be <= 0 for &prog.GroupArg{ArgCommon:prog.ArgCommon{ref:0x2de, dir:0x0}, Inner:[]prog.Arg{}} type "array"

goroutine 30 [running]:
github.com/google/syzkaller/prog.foreachArgImpl({0x8b44d8, 0xc02667ab40}, 0xc027ff78c0, 0xc029a95d00)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:157 +0x5d9
github.com/google/syzkaller/prog.foreachArgImpl({0x8b4518, 0xc02038cb10}, 0xc027ff78c0, 0xc02491fd00)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:164 +0x337
github.com/google/syzkaller/prog.ForeachArg(0xc01d3e6a00, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/analysis.go:123 +0x105
github.com/google/syzkaller/prog.(*Prog).MutateWithHints(0xc01dafa1c0, 0x0, 0xc01fbec4b0, 0xc02491fd80)
	/syzkaller/gopath/src/github.com/google/syzkaller/prog/hints.go:78 +0xaa
main.(*Proc).executeHintSeed(0xc01dafa1c0, 0x3, 0x0)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:248 +0xd2
main.(*Proc).smashInput(0xc01dafa1c0, 0xc00d4460d0)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:214 +0x88
main.(*Proc).loop(0xc01dafa1c0)
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/proc.go:78 +0x125
created by main.main
	/syzkaller/gopath/src/github.com/google/syzkaller/syz-fuzzer/fuzzer.go:310 +0x15e5