sys/linux: add syz_execute_func

The function executes random code. Update #310
2025-02-22 04:31:33 +00:00 · 2018-08-30 21:10:38 -07:00 · 2018-08-30 21:10:38 -07:00 · a4718693a3
commit a4718693a3
parent 4239b99abb
39 changed files with 255 additions and 108 deletions
--- a/executor/common.h
+++ b/executor/common.h
@ -364,6 +364,15 @@ static uint16 csum_inet_digest(struct csum_inet* csum)
 }
 #endif

+#if SYZ_EXECUTOR || __NR_syz_execute_func
+// syz_execute_func(text ptr[in, text[taget]])
+static long syz_execute_func(long text)
+{
+	((void (*)(void))(text))();
+	return 0;
+}
+#endif
+
 #if GOOS_akaros
 #include "common_akaros.h"
 #elif GOOS_freebsd || GOOS_netbsd || GOOS_openbsd
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@ -36,13 +36,13 @@ static void event_set(event_t* ev)
 	if (ev->state)
 		fail("event already set");
 	__atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE);
-	syscall(SYS_futex, &ev->state, FUTEX_WAKE);
+	syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG);
 }

 static void event_wait(event_t* ev)
 {
 	while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE))
-		syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, 0);
+		syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0);
 }

 static int event_isset(event_t* ev)
@ -59,7 +59,7 @@ static int event_timedwait(event_t* ev, uint64 timeout)
 		struct timespec ts;
 		ts.tv_sec = remain / 1000;
 		ts.tv_nsec = (remain % 1000) * 1000 * 1000;
-		syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, &ts);
+		syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts);
 		if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED))
 			return 1;
 		now = current_time_ms();
--- a/executor/defs.h
+++ b/executor/defs.h
@ -5,7 +5,7 @@

 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "44785e2dac3e0f922841ab905a8c4e7838585083"
+#define SYZ_REVISION "f9824f5b26bc0ee36bc1e6debd6e8a8d6eee33ab"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 0
 #define SYZ_PAGE_SIZE 4096
@ -20,7 +20,7 @@

 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "89eac40a68a14ffc0af9fc9b181147236b82d00b"
+#define SYZ_REVISION "06d50288c46275b56218cab0097fcb71a7f0f80e"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@ -35,7 +35,7 @@

 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "2a5cb64c987696cb8bdf1d6d9561c04993cf3299"
+#define SYZ_REVISION "ee62749ce0e69fd29de1864a220e909a18613438"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 0
 #define SYZ_EXECUTOR_USES_SHMEM 0
 #define SYZ_PAGE_SIZE 4096
@ -45,7 +45,7 @@

 #if GOARCH_arm64
 #define GOARCH "arm64"
-#define SYZ_REVISION "974ef513ae535d2b92308edd342169a59b596cd4"
+#define SYZ_REVISION "80d5b2ce01d8c9deca31efaa1a61da313eaa44e6"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 0
 #define SYZ_EXECUTOR_USES_SHMEM 0
 #define SYZ_PAGE_SIZE 4096
@ -60,7 +60,7 @@

 #if GOARCH_386
 #define GOARCH "386"
-#define SYZ_REVISION "73c32691841967fea34cade58340298a0a6e34a3"
+#define SYZ_REVISION "cf409e12bbb8bef7899f39295b0b6d69d318af8d"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@ -70,7 +70,7 @@

 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "26712f7e003ed8690f47cf5edb70bd3eb94766c1"
+#define SYZ_REVISION "3efd822501eed7b0536ca7f8ba2b7720b9f6bab3"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@ -80,7 +80,7 @@

 #if GOARCH_arm
 #define GOARCH "arm"
-#define SYZ_REVISION "f155a0335de7dec3226189d25e230ba9889ff0ef"
+#define SYZ_REVISION "d64ccba4ff5f75614cce9e04b971a39e735578b2"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@ -90,7 +90,7 @@

 #if GOARCH_arm64
 #define GOARCH "arm64"
-#define SYZ_REVISION "1fd22f27ba905dec42b576344dd6c58c011de140"
+#define SYZ_REVISION "33b760e03637540176d75bef5357cc5b147afabe"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@ -100,7 +100,7 @@

 #if GOARCH_ppc64le
 #define GOARCH "ppc64le"
-#define SYZ_REVISION "cfee5c1892c53b104910906c54ef416def23581b"
+#define SYZ_REVISION "17f888e873bc99a49d971c80b87ddad7d8291e82"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@ -115,7 +115,7 @@

 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "c05720ceb16e651f6ae9addd1f5be83497d861e3"
+#define SYZ_REVISION "741d8f94955b7b371dee88f03db02ab85d5a9384"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@ -130,7 +130,7 @@

 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "f1bde02bbb60bf849ed61dda9a552900891199ef"
+#define SYZ_REVISION "b7a0cb1d6df43d07bd4ab11d2c4b1a2e1c046ac1"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@ -145,7 +145,7 @@

 #if GOARCH_32_fork_shmem
 #define GOARCH "32_fork_shmem"
-#define SYZ_REVISION "d09983a8bb4f2ccd0e303191862d170b5b636bd8"
+#define SYZ_REVISION "4225c1e93671306efa6a41958a6d553aed7e8cf7"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@ -155,7 +155,7 @@

 #if GOARCH_32_shmem
 #define GOARCH "32_shmem"
-#define SYZ_REVISION "8d0f255b4d310c70d0e7d65ac8e5c6c3032a9e14"
+#define SYZ_REVISION "ae161a1d8e44b101412b6f8d8fdde3a6ce553e55"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 0
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 8192
@ -165,7 +165,7 @@

 #if GOARCH_64
 #define GOARCH "64"
-#define SYZ_REVISION "3a71e90e1d9f2ae8b0cbfa9e76a429a74ca2ce90"
+#define SYZ_REVISION "6ffded136a7c445ee912402759cc9f71c3add37a"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 0
 #define SYZ_EXECUTOR_USES_SHMEM 0
 #define SYZ_PAGE_SIZE 4096
@ -175,7 +175,7 @@

 #if GOARCH_64_fork
 #define GOARCH "64_fork"
-#define SYZ_REVISION "39c2288dd1c825ce7a587f946cfc91e0e453cf5e"
+#define SYZ_REVISION "ef850b63cd75f943301e586db069812cc63ac259"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 0
 #define SYZ_PAGE_SIZE 8192
@ -190,7 +190,7 @@

 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "f2b48fb82a68b0cb24b2ab9638add66deb9542dd"
+#define SYZ_REVISION "7f58e6832b5d8674b8a77505e6eb0fa213781c23"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 0
 #define SYZ_EXECUTOR_USES_SHMEM 0
 #define SYZ_PAGE_SIZE 4096
--- a/executor/executor_akaros.h
+++ b/executor/executor_akaros.h
@ -13,7 +13,7 @@ static void os_init(int argc, char** argv, void* data, size_t data_size)
 {
 	program_name = argv[0];
 	if (argc == 2 && strcmp(argv[1], "child") == 0) {
-		if (mmap(data, data_size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data)
+		if (mmap(data, data_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data)
 			fail("mmap of data segment failed");
 		child();
 	}
--- a/executor/executor_bsd.h
+++ b/executor/executor_bsd.h
@ -17,7 +17,7 @@

 static void os_init(int argc, char** argv, void* data, size_t data_size)
 {
-	if (mmap(data, data_size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data)
+	if (mmap(data, data_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data)
 		fail("mmap of data segment failed");

 	// Some minimal sandboxing.
--- a/executor/executor_linux.h
+++ b/executor/executor_linux.h
@ -25,7 +25,7 @@ static void os_init(int argc, char** argv, void* data, size_t data_size)
 {
 	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
 	is_kernel_64_bit = detect_kernel_bitness();
-	if (mmap(data, data_size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data)
+	if (mmap(data, data_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data)
 		fail("mmap of data segment failed");
 }

--- a/executor/syscalls.h
+++ b/executor/syscalls.h
@ -201,6 +201,7 @@ const call_t syscalls[] = {
    {"send_event", 39},
    {"stat", 105},
    {"symlink", 114},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"tap_fds", 126},
    {"tcgetattr", 141},
    {"umask", 109},
@ -471,6 +472,7 @@ const call_t syscalls[] = {
    {"symlink", 57},
    {"symlinkat", 502},
    {"sync", 36},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"truncate", 479},
    {"unlink", 10},
    {"unlinkat", 503},
@ -542,6 +544,7 @@ const call_t syscalls[] = {
    {"symlink", 0, (syscall_t)symlink},
    {"symlinkat", 0, (syscall_t)symlinkat},
    {"sync", 0, (syscall_t)sync},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"syz_future_time", 0, (syscall_t)syz_future_time},
    {"syz_job_default", 0, (syscall_t)syz_job_default},
    {"syz_mmap", 0, (syscall_t)syz_mmap},
@ -789,6 +792,7 @@ const call_t syscalls[] = {
    {"symlink", 0, (syscall_t)symlink},
    {"symlinkat", 0, (syscall_t)symlinkat},
    {"sync", 0, (syscall_t)sync},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"syz_future_time", 0, (syscall_t)syz_future_time},
    {"syz_job_default", 0, (syscall_t)syz_job_default},
    {"syz_mmap", 0, (syscall_t)syz_mmap},
@ -2932,6 +2936,7 @@ const call_t syscalls[] = {
    {"sysinfo", 116},
    {"syslog", 103},
    {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res},
    {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res},
    {"syz_genetlink_get_family_id$fou", 0, (syscall_t)syz_genetlink_get_family_id},
@ -5152,6 +5157,7 @@ const call_t syscalls[] = {
    {"sysinfo", 99},
    {"syslog", 103},
    {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res},
    {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res},
    {"syz_genetlink_get_family_id$fou", 0, (syscall_t)syz_genetlink_get_family_id},
@ -7330,6 +7336,7 @@ const call_t syscalls[] = {
    {"sysinfo", 116},
    {"syslog", 103},
    {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res},
    {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res},
    {"syz_genetlink_get_family_id$fou", 0, (syscall_t)syz_genetlink_get_family_id},
@ -9483,6 +9490,7 @@ const call_t syscalls[] = {
    {"sysinfo", 179},
    {"syslog", 116},
    {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res},
    {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res},
    {"syz_genetlink_get_family_id$fou", 0, (syscall_t)syz_genetlink_get_family_id},
@ -11513,6 +11521,7 @@ const call_t syscalls[] = {
    {"sysinfo", 116},
    {"syslog", 103},
    {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res},
    {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res},
    {"syz_genetlink_get_family_id$fou", 0, (syscall_t)syz_genetlink_get_family_id},
@ -11920,6 +11929,7 @@ const call_t syscalls[] = {
    {"symlink", 57},
    {"symlinkat", 470},
    {"sync", 36},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"truncate", 200},
    {"unlink", 10},
    {"unlinkat", 471},
@ -12152,6 +12162,7 @@ const call_t syscalls[] = {
    {"symlink", 57},
    {"symlinkat", 324},
    {"sync", 36},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"syz_open_pts", 0, (syscall_t)syz_open_pts},
    {"truncate", 200},
    {"unlink", 10},
@ -12174,6 +12185,7 @@ const call_t syscalls[] = {
 const call_t syscalls[] = {
    {"syz_compare", 0, (syscall_t)syz_compare},
    {"syz_errno", 0, (syscall_t)syz_errno},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"syz_mmap", 0, (syscall_t)syz_mmap},

 };
@ -12183,6 +12195,7 @@ const call_t syscalls[] = {
 const call_t syscalls[] = {
    {"syz_compare", 0, (syscall_t)syz_compare},
    {"syz_errno", 0, (syscall_t)syz_errno},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"syz_mmap", 0, (syscall_t)syz_mmap},

 };
@ -12214,6 +12227,7 @@ const call_t syscalls[] = {
    {"serialize1", 0},
    {"syz_compare", 0, (syscall_t)syz_compare},
    {"syz_errno", 0, (syscall_t)syz_errno},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"syz_mmap", 0, (syscall_t)syz_mmap},
    {"test", 0},
    {"test$align0", 0},
@ -12310,6 +12324,7 @@ const call_t syscalls[] = {
 const call_t syscalls[] = {
    {"syz_compare", 0, (syscall_t)syz_compare},
    {"syz_errno", 0, (syscall_t)syz_errno},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"syz_mmap", 0, (syscall_t)syz_mmap},

 };
@ -15215,6 +15230,7 @@ const call_t syscalls[] = {
    {"setsockopt", 0, (syscall_t)setsockopt},
    {"sndPlaySoundA", 0, (syscall_t)sndPlaySoundA},
    {"socket", 0, (syscall_t)socket},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
    {"timeBeginPeriod", 0, (syscall_t)timeBeginPeriod},
    {"timeEndPeriod", 0, (syscall_t)timeEndPeriod},
    {"timeGetDevCaps", 0, (syscall_t)timeGetDevCaps},
--- a/pkg/compiler/types.go
+++ b/pkg/compiler/types.go
@ -407,11 +407,13 @@ var typeText = &typeDesc{

 var typeArgTextType = &typeArg{
 	Kind:  kindIdent,
-	Names: []string{"x86_real", "x86_16", "x86_32", "x86_64", "arm64"},
+	Names: []string{"target", "x86_real", "x86_16", "x86_32", "x86_64", "arm64"},
 }

 func genTextType(t *ast.Type) prog.TextKind {
 	switch t.Ident {
+	case "target":
+		return prog.TextTarget
 	case "x86_real":
 		return prog.TextX86Real
 	case "x86_16":
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@ -349,6 +349,14 @@ static uint16 csum_inet_digest(struct csum_inet* csum)
 }
 #endif

+#if SYZ_EXECUTOR || __NR_syz_execute_func
+static long syz_execute_func(long text)
+{
+	((void (*)(void))(text))();
+	return 0;
+}
+#endif
+
 #if GOOS_akaros

 #include <ros/syscall.h>
@ -712,13 +720,13 @@ static void event_set(event_t* ev)
 	if (ev->state)
 		fail("event already set");
 	__atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE);
-	syscall(SYS_futex, &ev->state, FUTEX_WAKE);
+	syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG);
 }

 static void event_wait(event_t* ev)
 {
 	while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE))
-		syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, 0);
+		syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0);
 }

 static int event_isset(event_t* ev)
@ -735,7 +743,7 @@ static int event_timedwait(event_t* ev, uint64 timeout)
 		struct timespec ts;
 		ts.tv_sec = remain / 1000;
 		ts.tv_nsec = (remain % 1000) * 1000 * 1000;
-		syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, &ts);
+		syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts);
 		if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED))
 			return 1;
 		now = current_time_ms();
--- a/pkg/host/host.go
+++ b/pkg/host/host.go
@ -21,7 +21,13 @@ func DetectSupportedSyscalls(target *prog.Target, sandbox string) (
 		return supported, unsupported, nil
 	}
 	for _, c := range target.Syscalls {
-		ok, reason := isSupported(c, sandbox)
+		ok, reason := false, ""
+		switch c.CallName {
+		case "syz_execute_func":
+			ok = true
+		default:
+			ok, reason = isSupported(c, sandbox)
+		}
 		if ok {
 			supported[c] = true
 		} else {
--- a/pkg/host/host_linux.go
+++ b/pkg/host/host_linux.go
@ -205,6 +205,8 @@ func isSupportedSyzkall(sandbox string, c *prog.Syscall) (bool, string) {
 		return isSupportedFilesystem(fstype)
 	case "syz_read_part_table":
 		return onlySandboxNone(sandbox)
+	case "syz_execute_func":
+		return true, ""
 	}
 	panic("unknown syzkall: " + c.Name)
 }
--- a/prog/rand.go
+++ b/prog/rand.go
@ -326,6 +326,12 @@ func (r *randGen) createResource(s *state, res *ResourceType) (arg Arg, calls []

 func (r *randGen) generateText(kind TextKind) []byte {
 	switch kind {
+	case TextTarget:
+		if r.target.Arch == "amd64" || r.target.Arch == "386" {
+			cfg := createTargetIfuzzConfig(r.target)
+			return ifuzz.Generate(cfg, r.Rand)
+		}
+		fallthrough
 	case TextArm64:
 		// Just a stub, need something better.
 		text := make([]byte, 50)
@ -341,6 +347,12 @@ func (r *randGen) generateText(kind TextKind) []byte {

 func (r *randGen) mutateText(kind TextKind, text []byte) []byte {
 	switch kind {
+	case TextTarget:
+		if r.target.Arch == "amd64" || r.target.Arch == "386" {
+			cfg := createTargetIfuzzConfig(r.target)
+			return ifuzz.Mutate(cfg, r.Rand, text)
+		}
+		fallthrough
 	case TextArm64:
 		return mutateData(r, text, 40, 60)
 	default:
@ -349,6 +361,32 @@ func (r *randGen) mutateText(kind TextKind, text []byte) []byte {
 	}
 }

+func createTargetIfuzzConfig(target *Target) *ifuzz.Config {
+	cfg := &ifuzz.Config{
+		Len:  10,
+		Priv: false,
+		Exec: true,
+		MemRegions: []ifuzz.MemRegion{
+			{Start: target.DataOffset, Size: target.NumPages * target.PageSize},
+		},
+	}
+	for _, p := range target.SpecialPointers {
+		cfg.MemRegions = append(cfg.MemRegions, ifuzz.MemRegion{
+			Start: p & ^target.PageSize, Size: p & ^target.PageSize + target.PageSize,
+		})
+	}
+	switch target.Arch {
+	case "amd64":
+		cfg.Mode = ifuzz.ModeLong64
+	case "386":
+		cfg.Mode = ifuzz.ModeProt32
+	default:
+		panic("unknown text kind")
+	}
+	return cfg
+
+}
+
 func createIfuzzConfig(kind TextKind) *ifuzz.Config {
 	cfg := &ifuzz.Config{
 		Len:  10,
@ -377,6 +415,8 @@ func createIfuzzConfig(kind TextKind) *ifuzz.Config {
 		cfg.Mode = ifuzz.ModeProt32
 	case TextX86bit64:
 		cfg.Mode = ifuzz.ModeLong64
+	default:
+		panic("unknown text kind")
 	}
 	return cfg
 }
--- a/prog/types.go
+++ b/prog/types.go
@ -342,7 +342,8 @@ const (
 type TextKind int

 const (
-	TextX86Real TextKind = iota
+	TextTarget TextKind = iota
+	TextX86Real
 	TextX86bit16
 	TextX86bit32
 	TextX86bit64
--- a/sys/akaros/gen/amd64.go
+++ b/sys/akaros/gen/amd64.go
@ -1305,6 +1305,9 @@ var syscalls_amd64 = []*Syscall{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "new_l", TypeSize: 8}}, Buf: "new"},
 	}},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{NR: 126, Name: "tap_fds", CallName: "tap_fds", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "tap_reqs", TypeSize: 8}, Type: &ArrayType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}, Type: &StructType{Key: StructKey{Name: "fd_tap_req"}}}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "nr_reqs", TypeSize: 8}}, Buf: "tap_reqs"},
@ -1526,4 +1529,4 @@ var consts_amd64 = []ConstValue{
 	{Name: "WUNTRACED", Value: 2},
 }

-const revision_amd64 = "44785e2dac3e0f922841ab905a8c4e7838585083"
+const revision_amd64 = "f9824f5b26bc0ee36bc1e6debd6e8a8d6eee33ab"
--- a/sys/akaros/sys.txt
+++ b/sys/akaros/sys.txt
@ -16,6 +16,8 @@ include <termios.h>
 resource fd[int32]: 0xffffffffffffffff, AT_FDCWD
 resource pid[int32]: 0, 0xffffffffffffffff

+syz_execute_func(text ptr[in, text[target]])
+
 openat(fromfd fd[opt], path ptr[in, filename], path_l len[path], oflag flags[open_flags], mode flags[open_mode]) fd
 read(fd fd, buf buffer[out], count len[buf])
 write(fd fd, buf buffer[in], count len[buf])
--- a/sys/freebsd/gen/amd64.go
+++ b/sys/freebsd/gen/amd64.go
@ -1876,6 +1876,9 @@ var syscalls_amd64 = []*Syscall{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}},
 	}},
 	{NR: 36, Name: "sync", CallName: "sync"},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{NR: 479, Name: "truncate", CallName: "truncate", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "file", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}},
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "len", TypeSize: 8}}},
@ -2443,4 +2446,4 @@ var consts_amd64 = []ConstValue{
 	{Name: "WUNTRACED", Value: 2},
 }

-const revision_amd64 = "89eac40a68a14ffc0af9fc9b181147236b82d00b"
+const revision_amd64 = "06d50288c46275b56218cab0097fcb71a7f0f80e"
--- a/sys/freebsd/sys.txt
+++ b/sys/freebsd/sys.txt
@ -19,6 +19,8 @@ include <sys/wait.h>
 include <linux/linux.h>
 include <compat/linux/linux_event.h>

+syz_execute_func(text ptr[in, text[target]])
+
 pipe(pipefd ptr[out, pipefd])

 sendfile(fdout fd, fdin fd, off ptr[inout, fileoff[int64], opt], count int64)
--- a/sys/fuchsia/gen/amd64.go
+++ b/sys/fuchsia/gen/amd64.go
@ -1647,6 +1647,9 @@ var syscalls_amd64 = []*Syscall{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}},
 	}},
 	{Name: "sync", CallName: "sync"},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{Name: "syz_future_time", CallName: "syz_future_time", Args: []Type{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "when", TypeSize: 8}}, Kind: 2, RangeEnd: 1},
 	}, Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_time", FldName: "ret", TypeSize: 8, ArgDir: 1}}},
@ -2571,8 +2574,8 @@ var syscalls_amd64 = []*Syscall{
 	{Name: "zx_process_start", CallName: "zx_process_start", Args: []Type{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "zx_process", FldName: "process", TypeSize: 4}},
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "thread", TypeSize: 4}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}},
 	}},
@ -2643,8 +2646,8 @@ var syscalls_amd64 = []*Syscall{
 	}},
 	{Name: "zx_thread_start", CallName: "zx_thread_start", Args: []Type{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "handle", TypeSize: 4}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}},
 	}},
@ -2985,4 +2988,4 @@ var consts_amd64 = []ConstValue{
 	{Name: "fuchsia_io_SeekOrigin_Start"},
 }

-const revision_amd64 = "2a5cb64c987696cb8bdf1d6d9561c04993cf3299"
+const revision_amd64 = "ee62749ce0e69fd29de1864a220e909a18613438"
--- a/sys/fuchsia/gen/arm64.go
+++ b/sys/fuchsia/gen/arm64.go
@ -1647,6 +1647,9 @@ var syscalls_arm64 = []*Syscall{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}},
 	}},
 	{Name: "sync", CallName: "sync"},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{Name: "syz_future_time", CallName: "syz_future_time", Args: []Type{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "when", TypeSize: 8}}, Kind: 2, RangeEnd: 1},
 	}, Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "zx_time", FldName: "ret", TypeSize: 8, ArgDir: 1}}},
@ -2571,8 +2574,8 @@ var syscalls_arm64 = []*Syscall{
 	{Name: "zx_process_start", CallName: "zx_process_start", Args: []Type{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "zx_process", FldName: "process", TypeSize: 4}},
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "thread", TypeSize: 4}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}},
 	}},
@ -2643,8 +2646,8 @@ var syscalls_arm64 = []*Syscall{
 	}},
 	{Name: "zx_thread_start", CallName: "zx_thread_start", Args: []Type{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "zx_thread", FldName: "handle", TypeSize: 4}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "entry", TypeSize: 8}}},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "stack", TypeSize: 8}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "entry", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "stack", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg1", TypeSize: 8}}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "arg2", TypeSize: 8}}},
 	}},
@ -2985,4 +2988,4 @@ var consts_arm64 = []ConstValue{
 	{Name: "fuchsia_io_SeekOrigin_Start"},
 }

-const revision_arm64 = "974ef513ae535d2b92308edd342169a59b596cd4"
+const revision_arm64 = "80d5b2ce01d8c9deca31efaa1a61da313eaa44e6"
--- a/sys/fuchsia/processes.txt
+++ b/sys/fuchsia/processes.txt
@ -6,7 +6,7 @@ include <zircon/syscalls.h>
 resource zx_process[zx_task]

 zx_process_create(job zx_job, name ptr[in, string], name_len len[name], options const[0], proc_handle ptr[out, zx_process], vmar_handle ptr[out, zx_vmar])
-zx_process_start(process zx_process, thread zx_thread, entry intptr, stack intptr, arg1 const[0], arg2 const[0])
+zx_process_start(process zx_process, thread zx_thread, entry ptr[in, text[target]], stack ptr[out, array[int8]], arg1 const[0], arg2 const[0])
 zx_process_read_memory(process zx_process, vaddr ptr[out, int8], buffer ptr[out, array[int8]], len len[buffer], actual ptr[out, intptr])
 # TODO: temporary disabled as it crashes kernel left and right.
 # zx_process_write_memory(process zx_process, vaddr ptr[out, int8], buffer ptr[in, array[int8]], len len[buffer], actual ptr[out, intptr])
--- a/sys/fuchsia/sys.txt
+++ b/sys/fuchsia/sys.txt
@ -6,6 +6,8 @@
 include <zircon/syscalls.h>
 include <ddk/driver.h>

+syz_execute_func(text ptr[in, text[target]])
+
 # Provided by sysroot (include/ddk/driver.h)
 resource zx_root_resource[zx_handle]
 get_root_resource() zx_root_resource
--- a/sys/fuchsia/threads.txt
+++ b/sys/fuchsia/threads.txt
@ -7,7 +7,7 @@ include <zircon/syscalls/debug.h>
 resource zx_thread[zx_task]

 zx_thread_create(process zx_process, name ptr[in, string], name_len len[name], options const[0], out ptr[out, zx_thread])
-zx_thread_start(handle zx_thread, entry intptr, stack intptr, arg1 const[0], arg2 const[0])
+zx_thread_start(handle zx_thread, entry ptr[in, text[target]], stack ptr[out, array[int8]], arg1 const[0], arg2 const[0])
 zx_thread_exit()
 # Note: kind corresponds to ZX_THREAD_STATE_REGSET0..9 constants.
 zx_thread_read_state(handle zx_thread, kind int32[0:9], buffer ptr[out, array[int64]], len bytesize[buffer], actual ptr[out, int32])
--- a/sys/linux/gen/386.go
+++ b/sys/linux/gen/386.go
@ -8026,7 +8026,7 @@ var structDescs_386 = []*KeyedStruct{
 	}}},
 	{Key: StructKey{Name: "kvm_text_arm64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_arm64", TypeSize: 12}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 5}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86", TypeSize: 12}, Fields: []Type{
@ -8037,22 +8037,22 @@ var structDescs_386 = []*KeyedStruct{
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_16"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_16", TypeSize: 12}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 16},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_32"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_32", TypeSize: 12}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 32},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_64", TypeSize: 12}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 64},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_real"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_real", TypeSize: 12}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 8},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_tpr_access_ctl"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_tpr_access_ctl", TypeSize: 40}, Fields: []Type{
@ -16399,18 +16399,18 @@ var structDescs_386 = []*KeyedStruct{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "dxferp", TypeSize: 4}, Type: &ArrayType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}, Type: &StructType{Key: StructKey{Name: "iovec[out, array[int8]]"}}}},
 	}}},
 	{Key: StructKey{Name: "sigaction"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 24}, Fields: []Type{
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 4}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "pad", TypeSize: 4}}, IsPad: true},
 		&StructType{Key: StructKey{Name: "sigset"}, FldName: "mask"},
 		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 4}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 4}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 	}}},
 	{Key: StructKey{Name: "sigaction", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 24, ArgDir: 1}, Fields: []Type{
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 4, ArgDir: 1}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "pad", TypeSize: 4}}, IsPad: true},
 		&StructType{Key: StructKey{Name: "sigset", Dir: 1}, FldName: "mask"},
 		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 4, ArgDir: 1}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 4, ArgDir: 1}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 	}}},
 	{Key: StructKey{Name: "sigevent"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigevent", TypeSize: 64}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "val", TypeSize: 4}}},
@ -32865,6 +32865,9 @@ var syscalls_386 = []*Syscall{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "packet", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "eth_packet"}}},
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "frags", TypeSize: 4, IsOptional: true}, Type: &StructType{Key: StructKey{Name: "vnet_fragmentation"}}},
 	}},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{Name: "syz_extract_tcp_res", CallName: "syz_extract_tcp_res", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}},
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "seq_inc", TypeSize: 4}}},
@ -40480,4 +40483,4 @@ var consts_386 = []ConstValue{
 	{Name: "bpf_insn_load_imm_dw", Value: 24},
 }

-const revision_386 = "73c32691841967fea34cade58340298a0a6e34a3"
+const revision_386 = "cf409e12bbb8bef7899f39295b0b6d69d318af8d"
--- a/sys/linux/gen/amd64.go
+++ b/sys/linux/gen/amd64.go
@ -8141,7 +8141,7 @@ var structDescs_amd64 = []*KeyedStruct{
 	}}},
 	{Key: StructKey{Name: "kvm_text_arm64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_arm64", TypeSize: 24}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 5}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86", TypeSize: 24}, Fields: []Type{
@ -8152,22 +8152,22 @@ var structDescs_amd64 = []*KeyedStruct{
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_16"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_16", TypeSize: 24}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 16},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_32"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_32", TypeSize: 24}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 32},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_64", TypeSize: 24}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 64},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_real"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_real", TypeSize: 24}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 8},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_tpr_access_ctl"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_tpr_access_ctl", TypeSize: 40}, Fields: []Type{
@ -16663,16 +16663,16 @@ var structDescs_amd64 = []*KeyedStruct{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "unused2", TypeSize: 8}}},
 	}}},
 	{Key: StructKey{Name: "sigaction"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 32}, Fields: []Type{
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 8}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 		&StructType{Key: StructKey{Name: "sigset"}, FldName: "mask"},
 		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 8}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 8}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 	}}},
 	{Key: StructKey{Name: "sigaction", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 32, ArgDir: 1}, Fields: []Type{
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 8, ArgDir: 1}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 		&StructType{Key: StructKey{Name: "sigset", Dir: 1}, FldName: "mask"},
 		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 8, ArgDir: 1}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 8, ArgDir: 1}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 	}}},
 	{Key: StructKey{Name: "sigevent"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigevent", TypeSize: 64}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "val", TypeSize: 8}}},
@ -33534,6 +33534,9 @@ var syscalls_amd64 = []*Syscall{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "packet", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "eth_packet"}}},
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "frags", TypeSize: 8, IsOptional: true}, Type: &StructType{Key: StructKey{Name: "vnet_fragmentation"}}},
 	}},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{Name: "syz_extract_tcp_res", CallName: "syz_extract_tcp_res", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}},
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "seq_inc", TypeSize: 4}}},
@ -41174,4 +41177,4 @@ var consts_amd64 = []ConstValue{
 	{Name: "bpf_insn_load_imm_dw", Value: 24},
 }

-const revision_amd64 = "26712f7e003ed8690f47cf5edb70bd3eb94766c1"
+const revision_amd64 = "3efd822501eed7b0536ca7f8ba2b7720b9f6bab3"
--- a/sys/linux/gen/arm.go
+++ b/sys/linux/gen/arm.go
@ -7901,7 +7901,7 @@ var structDescs_arm = []*KeyedStruct{
 	}}},
 	{Key: StructKey{Name: "kvm_text_arm64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_arm64", TypeSize: 12}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 5}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86", TypeSize: 12}, Fields: []Type{
@ -7912,22 +7912,22 @@ var structDescs_arm = []*KeyedStruct{
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_16"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_16", TypeSize: 12}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 16},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_32"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_32", TypeSize: 12}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 32},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_64", TypeSize: 12}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 64},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_real"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_real", TypeSize: 12}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 4}}, Val: 8},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_tpr_access_ctl"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_tpr_access_ctl", TypeSize: 40}, Fields: []Type{
@ -16280,18 +16280,18 @@ var structDescs_arm = []*KeyedStruct{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "unused2", TypeSize: 4}}},
 	}}},
 	{Key: StructKey{Name: "sigaction"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 24}, Fields: []Type{
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 4}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "pad", TypeSize: 4}}, IsPad: true},
 		&StructType{Key: StructKey{Name: "sigset"}, FldName: "mask"},
 		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 4}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 4}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 	}}},
 	{Key: StructKey{Name: "sigaction", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 24, ArgDir: 1}, Fields: []Type{
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 4, ArgDir: 1}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "pad", TypeSize: 4}}, IsPad: true},
 		&StructType{Key: StructKey{Name: "sigset", Dir: 1}, FldName: "mask"},
 		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 4, ArgDir: 1}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 4, ArgDir: 1}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 	}}},
 	{Key: StructKey{Name: "sigevent"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigevent", TypeSize: 64}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "val", TypeSize: 4}}},
@ -32792,6 +32792,9 @@ var syscalls_arm = []*Syscall{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "packet", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "eth_packet"}}},
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "frags", TypeSize: 4, IsOptional: true}, Type: &StructType{Key: StructKey{Name: "vnet_fragmentation"}}},
 	}},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{Name: "syz_extract_tcp_res", CallName: "syz_extract_tcp_res", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}},
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "seq_inc", TypeSize: 4}}},
@ -40346,4 +40349,4 @@ var consts_arm = []ConstValue{
 	{Name: "bpf_insn_load_imm_dw", Value: 24},
 }

-const revision_arm = "f155a0335de7dec3226189d25e230ba9889ff0ef"
+const revision_arm = "d64ccba4ff5f75614cce9e04b971a39e735578b2"
--- a/sys/linux/gen/arm64.go
+++ b/sys/linux/gen/arm64.go
@ -7999,7 +7999,7 @@ var structDescs_arm64 = []*KeyedStruct{
 	}}},
 	{Key: StructKey{Name: "kvm_text_arm64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_arm64", TypeSize: 24}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 5}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86", TypeSize: 24}, Fields: []Type{
@ -8010,22 +8010,22 @@ var structDescs_arm64 = []*KeyedStruct{
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_16"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_16", TypeSize: 24}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 16},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_32"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_32", TypeSize: 24}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 32},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_64", TypeSize: 24}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 64},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_real"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_real", TypeSize: 24}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 8},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_tpr_access_ctl"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_tpr_access_ctl", TypeSize: 40}, Fields: []Type{
@ -16480,16 +16480,16 @@ var structDescs_arm64 = []*KeyedStruct{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "unused2", TypeSize: 8}}},
 	}}},
 	{Key: StructKey{Name: "sigaction"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 32}, Fields: []Type{
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 8}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 		&StructType{Key: StructKey{Name: "sigset"}, FldName: "mask"},
 		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 8}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 8}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 	}}},
 	{Key: StructKey{Name: "sigaction", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 32, ArgDir: 1}, Fields: []Type{
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 8, ArgDir: 1}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 		&StructType{Key: StructKey{Name: "sigset", Dir: 1}, FldName: "mask"},
 		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 8, ArgDir: 1}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 8, ArgDir: 1}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 	}}},
 	{Key: StructKey{Name: "sigevent"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigevent", TypeSize: 64}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "val", TypeSize: 8}}},
@ -33037,6 +33037,9 @@ var syscalls_arm64 = []*Syscall{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "packet", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "eth_packet"}}},
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "frags", TypeSize: 8, IsOptional: true}, Type: &StructType{Key: StructKey{Name: "vnet_fragmentation"}}},
 	}},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{Name: "syz_extract_tcp_res", CallName: "syz_extract_tcp_res", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}},
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "seq_inc", TypeSize: 4}}},
@ -40568,4 +40571,4 @@ var consts_arm64 = []ConstValue{
 	{Name: "bpf_insn_load_imm_dw", Value: 24},
 }

-const revision_arm64 = "1fd22f27ba905dec42b576344dd6c58c011de140"
+const revision_arm64 = "33b760e03637540176d75bef5357cc5b147afabe"
--- a/sys/linux/gen/ppc64le.go
+++ b/sys/linux/gen/ppc64le.go
@ -7977,7 +7977,7 @@ var structDescs_ppc64le = []*KeyedStruct{
 	}}},
 	{Key: StructKey{Name: "kvm_text_arm64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_arm64", TypeSize: 24}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 5}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86", TypeSize: 24}, Fields: []Type{
@ -7988,22 +7988,22 @@ var structDescs_ppc64le = []*KeyedStruct{
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_16"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_16", TypeSize: 24}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 16},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_32"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_32", TypeSize: 24}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 32},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_64"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_64", TypeSize: 24}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 64},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_text_x86_real"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_text_x86_real", TypeSize: 24}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "typ", TypeSize: 8}}, Val: 8},
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 8}}, Buf: "text"},
 	}}},
 	{Key: StructKey{Name: "kvm_tpr_access_ctl"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "kvm_tpr_access_ctl", TypeSize: 40}, Fields: []Type{
@ -16362,16 +16362,16 @@ var structDescs_ppc64le = []*KeyedStruct{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "dxferp", TypeSize: 8}, Type: &ArrayType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}, Type: &StructType{Key: StructKey{Name: "iovec[out, array[int8]]"}}}},
 	}}},
 	{Key: StructKey{Name: "sigaction"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 32}, Fields: []Type{
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 8}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 		&StructType{Key: StructKey{Name: "sigset"}, FldName: "mask"},
 		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 8}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 8}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 	}}},
 	{Key: StructKey{Name: "sigaction", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigaction", TypeSize: 32, ArgDir: 1}, Fields: []Type{
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "handler", TypeSize: 8, ArgDir: 1}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "handler", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 		&StructType{Key: StructKey{Name: "sigset", Dir: 1}, FldName: "mask"},
 		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "sigaction_flags", FldName: "flags", TypeSize: 8, ArgDir: 1}}, Vals: []uint64{1, 2, 1073741824, 134217728, 2147483648, 268435456, 4}, BitMask: true},
-		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "restor", TypeSize: 8, ArgDir: 1}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "restor", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
 	}}},
 	{Key: StructKey{Name: "sigevent"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "sigevent", TypeSize: 64}, Fields: []Type{
 		&ConstType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "const", FldName: "val", TypeSize: 8}}},
@ -31411,6 +31411,9 @@ var syscalls_ppc64le = []*Syscall{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "packet", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "eth_packet"}}},
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "frags", TypeSize: 8, IsOptional: true}, Type: &StructType{Key: StructKey{Name: "vnet_fragmentation"}}},
 	}},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{Name: "syz_extract_tcp_res", CallName: "syz_extract_tcp_res", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "res", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "tcp_resources", Dir: 1}}},
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "seq_inc", TypeSize: 4}}},
@ -37924,4 +37927,4 @@ var consts_ppc64le = []ConstValue{
 	{Name: "bpf_insn_load_imm_dw", Value: 24},
 }

-const revision_ppc64le = "cfee5c1892c53b104910906c54ef416def23581b"
+const revision_ppc64le = "17f888e873bc99a49d971c80b87ddad7d8291e82"
--- a/sys/linux/sys.txt
+++ b/sys/linux/sys.txt
@ -60,6 +60,8 @@ resource fd_dir[fd]

 type signalno int32[0:65]

+syz_execute_func(text ptr[in, text[target]])
+
 open(file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd
 # Just so that we have something that creates fd_dir resources.
 open$dir(file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd_dir
@ -734,11 +736,10 @@ rlimit {
 }

 sigaction {
-# TODO: function pointers need special support
-	handler	intptr
+	handler	ptr[in, text[target]]
 	mask	sigset
 	flags	flags[sigaction_flags, intptr]
-	restor	intptr
+	restor	ptr[in, text[target]]
 }

 tms {
--- a/sys/netbsd/gen/amd64.go
+++ b/sys/netbsd/gen/amd64.go
@ -1251,6 +1251,9 @@ var syscalls_amd64 = []*Syscall{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}},
 	}},
 	{NR: 36, Name: "sync", CallName: "sync"},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{NR: 200, Name: "truncate", CallName: "truncate", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "file", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}},
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "len", TypeSize: 8}}},
@ -1677,4 +1680,4 @@ var consts_amd64 = []ConstValue{
 	{Name: "WUNTRACED", Value: 2},
 }

-const revision_amd64 = "c05720ceb16e651f6ae9addd1f5be83497d861e3"
+const revision_amd64 = "741d8f94955b7b371dee88f03db02ab85d5a9384"
--- a/sys/netbsd/sys.txt
+++ b/sys/netbsd/sys.txt
@ -16,6 +16,8 @@ include <time.h>
 include <signal.h>
 include <sys/wait.h>

+syz_execute_func(text ptr[in, text[target]])
+
 pipe(pipefd ptr[out, pipefd])

 stat(file ptr[in, filename], statbuf ptr[out, stat])
--- a/sys/openbsd/gen/amd64.go
+++ b/sys/openbsd/gen/amd64.go
@ -1456,6 +1456,9 @@ var syscalls_amd64 = []*Syscall{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "new", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}},
 	}},
 	{NR: 36, Name: "sync", CallName: "sync"},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{Name: "syz_open_pts", CallName: "syz_open_pts", Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "fd_tty", FldName: "ret", TypeSize: 4, ArgDir: 1}}},
 	{NR: 200, Name: "truncate", CallName: "truncate", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "file", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "filename", IsVarlen: true}, Kind: 3}},
@ -1877,4 +1880,4 @@ var consts_amd64 = []ConstValue{
 	{Name: "WUNTRACED", Value: 2},
 }

-const revision_amd64 = "f1bde02bbb60bf849ed61dda9a552900891199ef"
+const revision_amd64 = "b7a0cb1d6df43d07bd4ab11d2c4b1a2e1c046ac1"
--- a/sys/openbsd/sys.txt
+++ b/sys/openbsd/sys.txt
@ -16,6 +16,8 @@ include <time.h>
 include <signal.h>
 include <sys/wait.h>

+syz_execute_func(text ptr[in, text[target]])
+
 pipe(pipefd ptr[out, pipefd])

 stat(file ptr[in, filename], statbuf ptr[out, stat])
--- a/sys/test/gen/32_fork_shmem.go
+++ b/sys/test/gen/32_fork_shmem.go
@ -38,6 +38,9 @@ var syscalls_32_fork_shmem = []*Syscall{
 	{Name: "syz_errno", CallName: "syz_errno", Args: []Type{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "v", TypeSize: 4}}},
 	}},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{Name: "syz_mmap", CallName: "syz_mmap", Args: []Type{
 		&VmaType{TypeCommon: TypeCommon{TypeName: "vma", FldName: "addr", TypeSize: 4}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "len", TypeSize: 4}}, Buf: "addr"},
@ -51,4 +54,4 @@ var consts_32_fork_shmem = []ConstValue{
 	{Name: "ONLY_32BITS_CONST", Value: 1},
 }

-const revision_32_fork_shmem = "d09983a8bb4f2ccd0e303191862d170b5b636bd8"
+const revision_32_fork_shmem = "4225c1e93671306efa6a41958a6d553aed7e8cf7"
--- a/sys/test/gen/32_shmem.go
+++ b/sys/test/gen/32_shmem.go
@ -38,6 +38,9 @@ var syscalls_32_shmem = []*Syscall{
 	{Name: "syz_errno", CallName: "syz_errno", Args: []Type{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "v", TypeSize: 4}}},
 	}},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{Name: "syz_mmap", CallName: "syz_mmap", Args: []Type{
 		&VmaType{TypeCommon: TypeCommon{TypeName: "vma", FldName: "addr", TypeSize: 4}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "len", TypeSize: 4}}, Buf: "addr"},
@ -51,4 +54,4 @@ var consts_32_shmem = []ConstValue{
 	{Name: "ONLY_32BITS_CONST", Value: 1},
 }

-const revision_32_shmem = "8d0f255b4d310c70d0e7d65ac8e5c6c3032a9e14"
+const revision_32_shmem = "ae161a1d8e44b101412b6f8d8fdde3a6ce553e55"
--- a/sys/test/gen/64.go
+++ b/sys/test/gen/64.go
@ -601,6 +601,9 @@ var syscalls_64 = []*Syscall{
 	{Name: "syz_errno", CallName: "syz_errno", Args: []Type{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "v", TypeSize: 4}}},
 	}},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{Name: "syz_mmap", CallName: "syz_mmap", Args: []Type{
 		&VmaType{TypeCommon: TypeCommon{TypeName: "vma", FldName: "addr", TypeSize: 8}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "len", TypeSize: 8}}, Buf: "addr"},
@ -843,19 +846,19 @@ var syscalls_64 = []*Syscall{
 		&UnionType{Key: StructKey{Name: "union_arg"}, FldName: "a0"},
 	}},
 	{Name: "test$text_x86_16", CallName: "test", Args: []Type{
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}},
-		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "a1", TypeSize: 8}}, Buf: "a0"},
-	}},
-	{Name: "test$text_x86_32", CallName: "test", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 2}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "a1", TypeSize: 8}}, Buf: "a0"},
 	}},
-	{Name: "test$text_x86_64", CallName: "test", Args: []Type{
+	{Name: "test$text_x86_32", CallName: "test", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 3}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "a1", TypeSize: 8}}, Buf: "a0"},
 	}},
+	{Name: "test$text_x86_64", CallName: "test", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 4}},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "a1", TypeSize: 8}}, Buf: "a0"},
+	}},
 	{Name: "test$text_x86_real", CallName: "test", Args: []Type{
-		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4, Text: 1}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "a1", TypeSize: 8}}, Buf: "a0"},
 	}},
 	{Name: "test$type_confusion1", CallName: "test", Args: []Type{
@ -908,4 +911,4 @@ var consts_64 = []ConstValue{
 	{Name: "SYS_unsupported"},
 }

-const revision_64 = "3a71e90e1d9f2ae8b0cbfa9e76a429a74ca2ce90"
+const revision_64 = "6ffded136a7c445ee912402759cc9f71c3add37a"
--- a/sys/test/gen/64_fork.go
+++ b/sys/test/gen/64_fork.go
@ -38,6 +38,9 @@ var syscalls_64_fork = []*Syscall{
 	{Name: "syz_errno", CallName: "syz_errno", Args: []Type{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "v", TypeSize: 4}}},
 	}},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{Name: "syz_mmap", CallName: "syz_mmap", Args: []Type{
 		&VmaType{TypeCommon: TypeCommon{TypeName: "vma", FldName: "addr", TypeSize: 8}},
 		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "len", TypeSize: 8}}, Buf: "addr"},
@ -50,4 +53,4 @@ var consts_64_fork = []ConstValue{
 	{Name: "IPPROTO_UDP", Value: 17},
 }

-const revision_64_fork = "39c2288dd1c825ce7a587f946cfc91e0e453cf5e"
+const revision_64_fork = "ef850b63cd75f943301e586db069812cc63ac259"
--- a/sys/test/test.txt
+++ b/sys/test/test.txt
@ -3,6 +3,8 @@

 # Syscalls used in syzkaller tests.

+syz_execute_func(text ptr[in, text[target]])
+
 test()

 # Integer types.
--- a/sys/windows/gen/amd64.go
+++ b/sys/windows/gen/amd64.go
@ -14272,6 +14272,9 @@ var syscalls_amd64 = []*Syscall{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "type", TypeSize: 4}}},
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "protocol", TypeSize: 4}}},
 	}},
+	{Name: "syz_execute_func", CallName: "syz_execute_func", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "text", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "text", IsVarlen: true}, Kind: 4}},
+	}},
 	{Name: "timeBeginPeriod", CallName: "timeBeginPeriod", Args: []Type{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "uPeriod", TypeSize: 4}}},
 	}},
@ -14615,4 +14618,4 @@ var consts_amd64 = []ConstValue{
 	{Name: "WRITE_OWNER", Value: 524288},
 }

-const revision_amd64 = "f2b48fb82a68b0cb24b2ab9638add66deb9542dd"
+const revision_amd64 = "7f58e6832b5d8674b8a77505e6eb0fa213781c23"
--- a/sys/windows/sys.txt
+++ b/sys/windows/sys.txt
@ -6,6 +6,8 @@ include <windows.h>
 resource HANDLE[intptr]: INVALID_HANDLE_VALUE
 resource hFile[HANDLE]

+syz_execute_func(text ptr[in, text[target]])
+
 CloseHandle(hObject HANDLE)
 CreateFileA(lpFileName ptr[in, filename], dwDesiredAccess flags[file_access_rights], dwShareMode flags[file_share_mode], lpSecurityAttributes ptr[in, SECURITY_ATTRIBUTES, opt], dwCreationDisposition flags[file_create_disposition], dwFlagsAndAttributes flags[file_attributes], hTemplateFile HANDLE[opt]) hFile
 VirtualAlloc(lpAddress vma, dwSize len[lpAddress], flAllocationType flags[allocation_type], flProtect flags[protect_flags])