Add mandatory OpenBSD bits (#689)

all: add openbsd support squash of the following commits: * openbsd: add mandatory bits * report: add OpenBSD support * executor: skip building kvm on OpenBSD * executor: add OpenBSD support Linking against libutil is necessary due to usage of openpty(3). * executor: fix typo in fail() message * fixup! report: add OpenBSD support * fixup! openbsd: add mandatory bits * fixup! openbsd: add mandatory bits * fixup! openbsd: add mandatory bits * fixup! report: add OpenBSD support * gometalinter: skip sys/openbsd
2024-11-23 11:29:46 +00:00 · 2018-08-28 19:07:26 +02:00 · 2018-08-28 19:07:26 +02:00 · b771b17ec9
commit b771b17ec9
parent 7ef1de9ea4
48 changed files with 3794 additions and 11 deletions
--- a/.gometalinter.json
+++ b/.gometalinter.json
@ -15,6 +15,7 @@
 		"sys/fuchsia/gen",
 		"sys/linux/gen",
 		"sys/netbsd/gen",
+		"sys/openbsd/gen",
 		"sys/windows/gen",
 		"sys/test/gen"
 	],
--- a/executor/common.h
+++ b/executor/common.h
@ -170,7 +170,7 @@ static void use_temporary_dir(void)
 #endif
 #endif

-#if GOOS_akaros || GOOS_netbsd || GOOS_freebsd || GOOS_test
+#if GOOS_akaros || GOOS_netbsd || GOOS_freebsd || GOOS_openbsd || GOOS_test
 #if SYZ_EXECUTOR || SYZ_EXECUTOR_USES_FORK_SERVER && SYZ_REPEAT && SYZ_USE_TMP_DIR
 #include <dirent.h>
 #include <stdio.h>
@ -240,7 +240,7 @@ static void thread_start(void* (*fn)(void*), void* arg)
 #endif
 #endif

-#if GOOS_freebsd || GOOS_netbsd || GOOS_akaros || GOOS_test
+#if GOOS_freebsd || GOOS_netbsd || GOOS_openbsd || GOOS_akaros || GOOS_test
 #if SYZ_EXECUTOR || SYZ_THREADED

 #include <pthread.h>
@ -366,7 +366,7 @@ static uint16 csum_inet_digest(struct csum_inet* csum)

 #if GOOS_akaros
 #include "common_akaros.h"
-#elif GOOS_freebsd || GOOS_netbsd
+#elif GOOS_freebsd || GOOS_netbsd || GOOS_openbsd
 #include "common_bsd.h"
 #elif GOOS_fuchsia
 #include "common_fuchsia.h"
--- a/executor/common_bsd.h
+++ b/executor/common_bsd.h
@ -18,3 +18,34 @@ static int do_sandbox_none(void)
 #define do_sandbox_setuid() 0
 #define do_sandbox_namespace() 0
 #endif
+
+#if GOOS_openbsd
+
+#define __syscall syscall
+
+#if SYZ_EXECUTOR || __NR_syz_open_pts
+
+#if defined(__OpenBSD__)
+#include <termios.h>
+#include <util.h>
+#else
+// Needed when compiling on Linux.
+#include <pty.h>
+#endif
+
+static uintptr_t syz_open_pts(void)
+{
+	int master, slave;
+
+	if (openpty(&master, &slave, NULL, NULL, NULL) == -1)
+		return -1;
+	// Move the master fd up in order to reduce the chances of the fuzzer
+	// generating a call to close(2) with the same fd.
+	if (dup2(master, master + 100) != -1)
+		close(master);
+	return slave;
+}
+
+#endif
+
+#endif
--- a/executor/defs.h
+++ b/executor/defs.h
@ -125,6 +125,21 @@

 #endif

+#if GOOS_openbsd
+#define GOOS "openbsd"
+
+#if GOARCH_amd64
+#define GOARCH "amd64"
+#define SYZ_REVISION "f1bde02bbb60bf849ed61dda9a552900891199ef"
+#define SYZ_EXECUTOR_USES_FORK_SERVER 1
+#define SYZ_EXECUTOR_USES_SHMEM 1
+#define SYZ_PAGE_SIZE 4096
+#define SYZ_NUM_PAGES 4096
+#define SYZ_DATA_OFFSET 536870912
+#endif
+
+#endif
+
 #if GOOS_test
 #define GOOS "test"

--- a/executor/executor.cc
+++ b/executor/executor.cc
@ -298,7 +298,7 @@ static void setup_control_pipes();
 #include "executor_fuchsia.h"
 #elif GOOS_akaros
 #include "executor_akaros.h"
-#elif GOOS_freebsd || GOOS_netbsd
+#elif GOOS_freebsd || GOOS_netbsd || GOOS_openbsd
 #include "executor_bsd.h"
 #elif GOOS_windows
 #include "executor_windows.h"
--- a/executor/executor_bsd.h
+++ b/executor/executor_bsd.h
@ -10,7 +10,7 @@
 #include <sys/types.h>
 #include <unistd.h>

-#if !defined(__FreeBSD__) && !defined(__NetBSD__)
+#if !defined(__FreeBSD__) && !defined(__NetBSD__) && !defined(__OpenBSD__)
 // This is just so that "make executor TARGETOS=freebsd/netbsd" works on linux.
 #define __syscall syscall
 #endif
@ -48,6 +48,7 @@ static long execute_syscall(const call_t* c, long a[kMaxArgs])
 }

 #if GOOS_freebsd
+
 #define KIOENABLE _IOW('c', 2, int) // Enable coverage recording
 #define KIODISABLE _IO('c', 3) // Disable coverage recording
 #define KIOSETBUFSIZE _IOW('c', 4, unsigned int) // Set the buffer size
@ -56,16 +57,34 @@ static long execute_syscall(const call_t* c, long a[kMaxArgs])
 #define KCOV_MODE_TRACE_PC 0
 #define KCOV_MODE_TRACE_CMP 1

+#elif GOOS_openbsd
+
+#define KIOSETBUFSIZE _IOW('K', 1, unsigned long)
+#define KIOENABLE _IO('K', 2)
+#define KIODISABLE _IO('K', 3)
+
+#endif
+
+#if GOOS_freebsd || GOOS_openbsd
+
 static void cover_open(cover_t* cov)
 {
 	int fd = open("/dev/kcov", O_RDWR);
 	if (fd == -1)
 		fail("open of /dev/kcov failed");
 	if (dup2(fd, cov->fd) < 0)
-		fail("filed to dup2(%d, %d) cover fd", fd, cov->fd);
+		fail("failed to dup2(%d, %d) cover fd", fd, cov->fd);
 	close(fd);
+
+#if GOOS_freebsd
 	if (ioctl(cov->fd, KIOSETBUFSIZE, &kCoverSize))
 		fail("ioctl init trace write failed");
+#elif GOOS_openbsd
+	unsigned long cover_size = kCoverSize;
+	if (ioctl(cov->fd, KIOSETBUFSIZE, &cover_size))
+		fail("ioctl init trace write failed");
+#endif
+
 	size_t mmap_alloc_size = kCoverSize * (is_kernel_64_bit ? 8 : 4);
 	char* mmap_ptr = (char*)mmap(NULL, mmap_alloc_size,
 				     PROT_READ | PROT_WRITE,
@ -78,9 +97,14 @@ static void cover_open(cover_t* cov)

 static void cover_enable(cover_t* cov, bool collect_comps)
 {
+#if GOOS_freebsd
 	int kcov_mode = flag_collect_comps ? KCOV_MODE_TRACE_CMP : KCOV_MODE_TRACE_PC;
 	if (ioctl(cov->fd, KIOENABLE, &kcov_mode))
 		exitf("cover enable write trace failed, mode=%d", kcov_mode);
+#elif GOOS_openbsd
+	if (ioctl(cov->fd, KIOENABLE))
+		exitf("cover enable write trace failed");
+#endif
 }

 static void cover_reset(cover_t* cov)
--- a/executor/gen.go
+++ b/executor/gen.go
@ -1,6 +1,8 @@
 // Copyright 2017 syzkaller project authors. All rights reserved.
 // Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.

+// +build !openbsd
+
 //go:generate bash -c "gcc kvm_gen.cc kvm.S -o kvm_gen && ./kvm_gen > kvm.S.h && rm ./kvm_gen"

 package executor
--- a/executor/syscalls.h
+++ b/executor/syscalls.h
@ -11744,6 +11744,240 @@ const call_t syscalls[] = {

 #endif

+#if GOOS_openbsd
+
+#if GOARCH_amd64
+const call_t syscalls[] = {
+    {"accept", 30},
+    {"accept$inet", 30},
+    {"accept$inet6", 30},
+    {"accept$unix", 30},
+    {"bind", 104},
+    {"bind$inet", 104},
+    {"bind$inet6", 104},
+    {"bind$unix", 104},
+    {"chdir", 12},
+    {"chmod", 15},
+    {"chown", 16},
+    {"chroot", 61},
+    {"clock_getres", 89},
+    {"clock_gettime", 87},
+    {"clock_settime", 88},
+    {"close", 6},
+    {"connect", 98},
+    {"connect$inet", 98},
+    {"connect$inet6", 98},
+    {"connect$unix", 98},
+    {"dup", 41},
+    {"dup2", 90},
+    {"execve", 59},
+    {"faccessat", 313},
+    {"fchdir", 13},
+    {"fchmod", 124},
+    {"fchmodat", 314},
+    {"fchown", 123},
+    {"fchownat", 315},
+    {"fcntl$dupfd", 92},
+    {"fcntl$getflags", 92},
+    {"fcntl$getown", 92},
+    {"fcntl$lock", 92},
+    {"fcntl$setflags", 92},
+    {"fcntl$setown", 92},
+    {"fcntl$setstatus", 92},
+    {"flock", 131},
+    {"fsync", 95},
+    {"ftruncate", 201},
+    {"getdents", 99},
+    {"getegid", 43},
+    {"geteuid", 25},
+    {"getgid", 47},
+    {"getgroups", 79},
+    {"getitimer", 70},
+    {"getpeername", 31},
+    {"getpeername$inet", 31},
+    {"getpeername$inet6", 31},
+    {"getpeername$unix", 31},
+    {"getpgid", 207},
+    {"getpgrp", 81},
+    {"getpid", 20},
+    {"getppid", 39},
+    {"getrlimit", 194},
+    {"getrusage", 19},
+    {"getsockname", 32},
+    {"getsockname$inet", 32},
+    {"getsockname$inet6", 32},
+    {"getsockname$unix", 32},
+    {"getsockopt", 118},
+    {"getsockopt$SO_PEERCRED", 118},
+    {"getsockopt$inet_opts", 118},
+    {"getsockopt$sock_cred", 118},
+    {"getsockopt$sock_int", 118},
+    {"getsockopt$sock_linger", 118},
+    {"getsockopt$sock_timeval", 118},
+    {"getuid", 24},
+    {"ioctl$TIOCCBRK", 54},
+    {"ioctl$TIOCCDTR", 54},
+    {"ioctl$TIOCCHKVERAUTH", 54},
+    {"ioctl$TIOCCLRVERAUTH", 54},
+    {"ioctl$TIOCCONS", 54},
+    {"ioctl$TIOCDRAIN", 54},
+    {"ioctl$TIOCEXCL", 54},
+    {"ioctl$TIOCFLUSH", 54},
+    {"ioctl$TIOCGETA", 54},
+    {"ioctl$TIOCGETD", 54},
+    {"ioctl$TIOCGFLAGS", 54},
+    {"ioctl$TIOCGTSTAMP", 54},
+    {"ioctl$TIOCGWINSZ", 54},
+    {"ioctl$TIOCMBIC", 54},
+    {"ioctl$TIOCMBIS", 54},
+    {"ioctl$TIOCMGET", 54},
+    {"ioctl$TIOCMSET", 54},
+    {"ioctl$TIOCNOTTY", 54},
+    {"ioctl$TIOCNXCL", 54},
+    {"ioctl$TIOCOUTQ", 54},
+    {"ioctl$TIOCSBRK", 54},
+    {"ioctl$TIOCSCTTY", 54},
+    {"ioctl$TIOCSDTR", 54},
+    {"ioctl$TIOCSETA", 54},
+    {"ioctl$TIOCSETAF", 54},
+    {"ioctl$TIOCSETAW", 54},
+    {"ioctl$TIOCSETD", 54},
+    {"ioctl$TIOCSETVERAUTH", 54},
+    {"ioctl$TIOCSFLAGS", 54},
+    {"ioctl$TIOCSPGRP", 54},
+    {"ioctl$TIOCSTART", 54},
+    {"ioctl$TIOCSTAT", 54},
+    {"ioctl$TIOCSTOP", 54},
+    {"ioctl$TIOCSTSTAMP", 54},
+    {"ioctl$TIOCSWINSZ", 54},
+    {"kevent", 72},
+    {"kqueue", 269},
+    {"lchown", 254},
+    {"link", 9},
+    {"linkat", 317},
+    {"listen", 106},
+    {"lseek", 199},
+    {"lstat", 40},
+    {"madvise", 75},
+    {"mincore", 78},
+    {"mkdir", 136},
+    {"mkdirat", 318},
+    {"mknod", 14},
+    {"mknod$loop", 14},
+    {"mknodat", 320},
+    {"mlock", 203},
+    {"mlockall", 271},
+    {"mmap", 197},
+    {"mprotect", 74},
+    {"msgctl$IPC_RMID", 297},
+    {"msgctl$IPC_SET", 297},
+    {"msgctl$IPC_STAT", 297},
+    {"msgget", 225},
+    {"msgget$private", 225},
+    {"msgrcv", 227},
+    {"msgsnd", 226},
+    {"munlock", 204},
+    {"munlockall", 272},
+    {"munmap", 73},
+    {"nanosleep", 91},
+    {"open", 5},
+    {"open$dir", 5},
+    {"openat", 321},
+    {"pipe", 263},
+    {"pipe2", 101},
+    {"pledge", 108},
+    {"poll", 252},
+    {"preadv", 267},
+    {"pwritev", 268},
+    {"read", 3},
+    {"readlink", 58},
+    {"readlinkat", 322},
+    {"readv", 120},
+    {"recvfrom", 29},
+    {"recvfrom$inet", 29},
+    {"recvfrom$inet6", 29},
+    {"recvfrom$unix", 29},
+    {"recvmsg", 27},
+    {"rename", 128},
+    {"renameat", 323},
+    {"rmdir", 137},
+    {"select", 71},
+    {"semctl$GETALL", 442},
+    {"semctl$GETNCNT", 442},
+    {"semctl$GETPID", 442},
+    {"semctl$GETVAL", 442},
+    {"semctl$GETZCNT", 442},
+    {"semctl$IPC_RMID", 442},
+    {"semctl$IPC_SET", 442},
+    {"semctl$IPC_STAT", 442},
+    {"semctl$SETALL", 442},
+    {"semctl$SETVAL", 442},
+    {"semget", 221},
+    {"semget$private", 221},
+    {"semop", 290},
+    {"sendmsg", 28},
+    {"sendmsg$unix", 28},
+    {"sendto", 133},
+    {"sendto$inet", 133},
+    {"sendto$inet6", 133},
+    {"sendto$unix", 133},
+    {"setegid", 182},
+    {"seteuid", 183},
+    {"setgid", 181},
+    {"setgroups", 80},
+    {"setitimer", 69},
+    {"setpgid", 82},
+    {"setregid", 127},
+    {"setreuid", 126},
+    {"setrlimit", 195},
+    {"setsockopt", 105},
+    {"setsockopt$inet6_MRT6_ADD_MFC", 105},
+    {"setsockopt$inet6_MRT6_ADD_MIF", 105},
+    {"setsockopt$inet6_MRT6_DEL_MFC", 105},
+    {"setsockopt$inet_opts", 105},
+    {"setsockopt$sock_cred", 105},
+    {"setsockopt$sock_int", 105},
+    {"setsockopt$sock_linger", 105},
+    {"setsockopt$sock_timeval", 105},
+    {"setuid", 23},
+    {"shmat", 228},
+    {"shmctl$IPC_RMID", 296},
+    {"shmctl$IPC_SET", 296},
+    {"shmctl$IPC_STAT", 296},
+    {"shmctl$SHM_LOCK", 296},
+    {"shmctl$SHM_UNLOCK", 296},
+    {"shmdt", 230},
+    {"shmget", 289},
+    {"shmget$private", 289},
+    {"shutdown", 134},
+    {"socket", 97},
+    {"socket$inet", 97},
+    {"socket$inet6", 97},
+    {"socket$unix", 97},
+    {"socketpair", 135},
+    {"socketpair$inet", 135},
+    {"socketpair$inet6", 135},
+    {"socketpair$unix", 135},
+    {"stat", 38},
+    {"symlink", 57},
+    {"symlinkat", 324},
+    {"sync", 36},
+    {"syz_open_pts", 0, (syscall_t)syz_open_pts},
+    {"truncate", 200},
+    {"unlink", 10},
+    {"unlinkat", 325},
+    {"unveil", 114},
+    {"utimensat", 84},
+    {"utimes", 76},
+    {"wait4", 11},
+    {"write", 4},
+    {"writev", 121},
+
+};
+#endif
+
+#endif
+
 #if GOOS_test

 #if GOARCH_32_fork_shmem
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@ -155,7 +155,7 @@ static void use_temporary_dir(void)
 #endif
 #endif

-#if GOOS_akaros || GOOS_netbsd || GOOS_freebsd || GOOS_test
+#if GOOS_akaros || GOOS_netbsd || GOOS_freebsd || GOOS_openbsd || GOOS_test
 #if SYZ_EXECUTOR || SYZ_EXECUTOR_USES_FORK_SERVER && SYZ_REPEAT && SYZ_USE_TMP_DIR
 #include <dirent.h>
 #include <stdio.h>
@ -225,7 +225,7 @@ static void thread_start(void* (*fn)(void*), void* arg)
 #endif
 #endif

-#if GOOS_freebsd || GOOS_netbsd || GOOS_akaros || GOOS_test
+#if GOOS_freebsd || GOOS_netbsd || GOOS_openbsd || GOOS_akaros || GOOS_test
 #if SYZ_EXECUTOR || SYZ_THREADED

 #include <pthread.h>
@ -387,7 +387,7 @@ void child()
 #define do_sandbox_namespace() 0
 #endif

-#elif GOOS_freebsd || GOOS_netbsd
+#elif GOOS_freebsd || GOOS_netbsd || GOOS_openbsd

 #include <unistd.h>

@ -405,6 +405,34 @@ static int do_sandbox_none(void)
 #define do_sandbox_namespace() 0
 #endif

+#if GOOS_openbsd
+
+#define __syscall syscall
+
+#if SYZ_EXECUTOR || __NR_syz_open_pts
+
+#if defined(__OpenBSD__)
+#include <termios.h>
+#include <util.h>
+#else
+#include <pty.h>
+#endif
+
+static uintptr_t syz_open_pts(void)
+{
+	int master, slave;
+
+	if (openpty(&master, &slave, NULL, NULL, NULL) == -1)
+		return -1;
+	if (dup2(master, master + 100) != -1)
+		close(master);
+	return slave;
+}
+
+#endif
+
+#endif
+
 #elif GOOS_fuchsia

 #include <fcntl.h>
--- a/pkg/host/host_openbsd.go
+++ b/pkg/host/host_openbsd.go
@ -0,0 +1,16 @@
+// Copyright 2017 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package host
+
+import (
+	"github.com/google/syzkaller/prog"
+)
+
+func isSupported(c *prog.Syscall, sandbox string) (bool, string) {
+	return true, ""
+}
+
+func init() {
+	checkFeature[FeatureCoverage] = unconditionallyEnabled
+}
--- a/pkg/osutil/osutil_bsd.go
+++ b/pkg/osutil/osutil_bsd.go
@ -1,7 +1,7 @@
 // Copyright 2017 syzkaller project authors. All rights reserved.
 // Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.

-// +build freebsd,!appengine netbsd,!appengine
+// +build freebsd,!appengine netbsd,!appengine openbsd,!appengine

 package osutil

--- a/pkg/osutil/osutil_unix.go
+++ b/pkg/osutil/osutil_unix.go
@ -1,7 +1,7 @@
 // Copyright 2017 syzkaller project authors. All rights reserved.
 // Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.

-// +build freebsd,!appengine netbsd,!appengine linux,!appengine darwin,!appengine
+// +build freebsd,!appengine netbsd,!appengine openbsd,!appengine linux,!appengine darwin,!appengine

 package osutil

--- a/pkg/report/openbsd.go
+++ b/pkg/report/openbsd.go
@ -0,0 +1,79 @@
+// Copyright 2018 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package report
+
+import (
+	"regexp"
+)
+
+type openbsd struct {
+	kernelSrc string
+	kernelObj string
+	ignores   []*regexp.Regexp
+}
+
+func ctorOpenbsd(kernelSrc, kernelObj string, ignores []*regexp.Regexp) (Reporter, []string, error) {
+	ctx := &openbsd{
+		kernelSrc: kernelSrc,
+		kernelObj: kernelObj,
+		ignores:   ignores,
+	}
+	return ctx, nil, nil
+}
+
+func (ctx *openbsd) ContainsCrash(output []byte) bool {
+	return containsCrash(output, openbsdOopses, ctx.ignores)
+}
+
+func (ctx *openbsd) Parse(output []byte) *Report {
+	return simpleLineParser(output, openbsdOopses, nil, ctx.ignores)
+}
+
+func (ctx *openbsd) Symbolize(rep *Report) error {
+	return nil
+}
+
+var openbsdOopses = []*oops{
+	{
+		[]byte("cleaned vnode"),
+		[]oopsFormat{
+			{
+				title: compile("cleaned vnode: "),
+				fmt:   "panic: cleaned vnode isn't",
+			},
+		},
+		[]*regexp.Regexp{},
+	},
+	{
+		[]byte("uvm_fault"),
+		[]oopsFormat{
+			{
+				title: compile("uvm_fault\\((?:.*\\n)+?.*Stopped at[ ]+([^\\+]+)"),
+				fmt:   "uvm_fault: %[1]v",
+			},
+		},
+		[]*regexp.Regexp{},
+	},
+	{
+		[]byte("panic"),
+		[]oopsFormat{
+			{
+				title: compile("panic: pool_do_put: ([^:]+): double pool_put"),
+				fmt:   "pool: double put: %[1]v",
+			},
+			{
+				title: compile("panic: pool_do_get: ([^:]+) free list modified"),
+				fmt:   "pool: free list modified: %[1]v",
+			},
+		},
+		[]*regexp.Regexp{},
+	},
+	{
+		[]byte("kernel:"),
+		[]oopsFormat{},
+		[]*regexp.Regexp{
+			compile("kernel relinking failed"),
+		},
+	},
+}
--- a/pkg/report/report.go
+++ b/pkg/report/report.go
@ -78,6 +78,7 @@ var ctors = map[string]fn{
 	"gvisor":  ctorGvisor,
 	"freebsd": ctorFreebsd,
 	"netbsd":  ctorNetbsd,
+	"openbsd": ctorOpenbsd,
 	"fuchsia": ctorFuchsia,
 	"windows": ctorStub,
 }
--- a/pkg/report/testdata/openbsd/report/0
+++ b/pkg/report/testdata/openbsd/report/0
@ -0,0 +1,5 @@
+TITLE: uvm_fault: vn_writechk
+
+login: uvm_fault(0xffffff0018def850, 0x50, 0, 1) -> e
+
kernel: page fault trap, code=0
+
Stopped at      vn_writechk+0x13:       testb   $0x1,0x50(%rax)
--- a/pkg/report/testdata/openbsd/report/1
+++ b/pkg/report/testdata/openbsd/report/1
@ -0,0 +1,26 @@
+TITLE: panic: cleaned vnode isn't
+
+login: cleaned vnode: 0xffffff001742a5c0, type VBAD, use 0, write 0, hold 0,
+
	tag VT_UFS, ino 26028, on dev 4, 0 flags 0x100, effnlink 1, nlink 1
+
	mode 0177755, owner 0, group 0, size 0
+
panic: cleaned vnode isn't
+
Stopped at      db_enter+0xa:   popq    %rbp
+
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
+
*329861   4439      0         0x2          0    0K syz-executor1
+
db_enter() at db_enter+0xa
+
panic() at panic+0x147
+
getnewvnode() at getnewvnode+0x3bc
+
ffs_vget(ffff80000e400558,ffff80000e400580,ffffff000e5a7e20) at ffs_vget+0xc1
+
ufs_lookup() at ufs_lookup+0xee3
+
VOP_LOOKUP(ffffff001bf4d758,ffff80000e400530,ffffff001bf4d758) at VOP_LOOKUP+0x
+
56
+
vfs_lookup(ffff80000e400568) at vfs_lookup+0x3c1
+
namei(ffff80000e400530) at namei+0x2f4
+
dofstatat(280,ffff80000e3b12a0,0,ffff80000e400750,7f7ffffe3bd8) at dofstatat+0x
+
93
+
syscall(0) at syscall+0x489
+
Xsyscall_untramp(6,0,0,0,0,28) at Xsyscall_untramp+0xe4
+
end of kernel
+
end trace frame: 0x7f7ffffe40b0, count: 4
+
https://www.openbsd.org/ddb.html describes the minimum info required in bug
+
reports.  Insufficient info makes it difficult to find and fix bugs.
--- a/pkg/report/testdata/openbsd/report/2
+++ b/pkg/report/testdata/openbsd/report/2
@ -0,0 +1,24 @@
+TITLE: pool: double put: mbufpl
+
+panic: pool_do_put: mbufpl: double pool_put: 0xffffff001d506200
+Stopped at      db_enter+0xa:   popq    %rbp
+    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
+*350399  57238      0           0  0x4000000    0  syz-executor1
+db_enter() at db_enter+0xa
+panic() at panic+0x147
+pool_do_put(ffffff001d506200,ffffffff81eacbe8) at pool_do_put+0x2e2
+pool_put(fecbcf835145a619,ffffff001d506200) at pool_put+0x37
+m_free(ffffff001d506200) at m_free+0x11e
+m_freem(2d) at m_freem+0x2d
+soreceive(38a,ffffff001a63c930,0,0,ffff80000e423648,ffffff001071db90) at sorece
+ive+0x1fc
+recvit(ffff80000e2b7050,ffff80000e4236e0,0,ffff80000e4236f8,12eb78e821c8) at re
+cvit+0x253
+sys_recvfrom(ffff80000e423780,ffff80000e2b7050,ffff80000e315170) at sys_recvfro
+m+0xbc
+syscall(0) at syscall+0x3e4
+Xsyscall_untramp(6,0,0,0,0,0) at Xsyscall_untramp+0xe4
+end of kernel
+end trace frame: 0x12eb78e82220, count: 4
+https://www.openbsd.org/ddb.html describes the minimum info required in bug
+reports.  Insufficient info makes it difficult to find and fix bugs.
--- a/pkg/report/testdata/openbsd/report/3
+++ b/pkg/report/testdata/openbsd/report/3
@ -0,0 +1,5 @@
+TITLE: kernel: page fault trap, code=0
+
+login:
+
kernel: page fault trap, code=0
+
Stopped at      vn_writechk+0x13:       testb   $0x1,0x50(%rax)
--- a/pkg/report/testdata/openbsd/report/4
+++ b/pkg/report/testdata/openbsd/report/4
@ -0,0 +1,19 @@
+TITLE: pool: free list modified: knotepl
+
+panic: pool_do_get: knotepl free list modified: page 0xffffff0016069000; item addr 0xffffff00160699b8; offset 0x10=0x15c9ef10
+Stopped at      db_enter+0xa:   popq    %rbp
+    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
+*261118  11352      0           0  0x4000000    0  syz-executor1
+db_enter() at db_enter+0xa
+panic() at panic+0x147
+pool_do_get(1,ffffffff81e8e708,0) at pool_do_get+0x3e9
+pool_get(ffff80000e31f730,d) at pool_get+0x77
+kqueue_register(4,16,ffff80000e44f1f8) at kqueue_register+0x2ab
+sys_kevent(ffff80000e44f280,ffff80000e31f730,ffff80000e2ace90) at sys_kevent+0x
+207
+syscall(0) at syscall+0x3e4
+Xsyscall_untramp(6,0,0,0,0,0) at Xsyscall_untramp+0xe4
+end of kernel
+end trace frame: 0x171c1a028b50, count: 7
+https://www.openbsd.org/ddb.html describes the minimum info required in bug
+reports.  Insufficient info makes it difficult to find and fix bugs.
--- a/pkg/report/testdata/openbsd/report/5
+++ b/pkg/report/testdata/openbsd/report/5
@ -0,0 +1,2 @@
+
+reorder_kernel: kernel relinking failed; see /usr/share/relink/kernel/KCOV/relink.log
--- a/sys/openbsd/fs.txt
+++ b/sys/openbsd/fs.txt
@ -0,0 +1,69 @@
+# Copyright 2017 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <sys/types.h>
+include <sys/stat.h>
+include <fcntl.h>
+include <unistd.h>
+
+resource fd[int32]: 0xffffffffffffffff, AT_FDCWD
+resource fd_dir[fd]
+
+resource pid[int32]: 0, 0xffffffffffffffff
+resource uid[int32]: 0, 0xffffffffffffffff
+resource gid[int32]: 0, 0xffffffffffffffff
+
+open(file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd
+# Just so that we have something that creates fd_dir resources.
+open$dir(file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd_dir
+openat(fd fd_dir, file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd
+close(fd fd)
+read(fd fd, buf buffer[out], count len[buf])
+readv(fd fd, vec ptr[in, array[iovec_out]], vlen len[vec])
+preadv(fd fd, vec ptr[in, array[iovec_out]], vlen len[vec], off fileoff)
+write(fd fd, buf buffer[in], count len[buf])
+writev(fd fd, vec ptr[in, array[iovec_in]], vlen len[vec])
+pwritev(fd fd, vec ptr[in, array[iovec_in]], vlen len[vec], off fileoff)
+lseek(fd fd, offset fileoff, whence flags[seek_whence])
+dup(oldfd fd) fd
+dup2(oldfd fd, newfd fd) fd
+pipe2(pipefd ptr[out, pipefd], flags flags[pipe_flags])
+
+pipefd {
+	rfd	fd
+	wfd	fd
+}
+
+iovec_in {
+	addr	buffer[in]
+	len	len[addr, intptr]
+}
+
+iovec_out {
+	addr	buffer[out]
+	len	len[addr, intptr]
+}
+
+stat {
+	dev	int64
+	ino	int64
+	mode	int32
+	nlink	int32
+	rdev	int64
+	size	int64
+	blksize	int32
+	blocks	int64
+	atime	int64
+	ansec	int64
+	mtime	int64
+	mnsec	int64
+	ctime	int64
+	cnsec	int64
+	pad1	int32
+	pad2	int32
+}
+
+open_flags = O_RDONLY, O_WRONLY, O_RDWR, O_APPEND, O_CREAT, O_TRUNC, O_EXCL, O_SHLOCK, O_EXLOCK, O_NOFOLLOW, O_CLOEXEC, O_DSYNC, O_SYNC, O_RSYNC, O_NOCTTY, O_DIRECTORY, O_ASYNC
+open_mode = S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IWGRP, S_IXGRP, S_IROTH, S_IWOTH, S_IXOTH
+seek_whence = SEEK_SET, SEEK_CUR, SEEK_END
+pipe_flags = O_NONBLOCK, O_CLOEXEC
--- a/sys/openbsd/fs_amd64.const
+++ b/sys/openbsd/fs_amd64.const
@ -0,0 +1,45 @@
+# AUTOGENERATED FILE
+AT_FDCWD = 18446744073709551516
+O_APPEND = 8
+O_ASYNC = 64
+O_CLOEXEC = 65536
+O_CREAT = 512
+O_DIRECTORY = 131072
+O_DSYNC = 128
+O_EXCL = 2048
+O_EXLOCK = 32
+O_NOCTTY = 32768
+O_NOFOLLOW = 256
+O_NONBLOCK = 4
+O_RDONLY = 0
+O_RDWR = 2
+O_RSYNC = 128
+O_SHLOCK = 16
+O_SYNC = 128
+O_TRUNC = 1024
+O_WRONLY = 1
+SEEK_CUR = 1
+SEEK_END = 2
+SEEK_SET = 0
+SYS_close = 6
+SYS_dup = 41
+SYS_dup2 = 90
+SYS_lseek = 199
+SYS_open = 5
+SYS_openat = 321
+SYS_pipe2 = 101
+SYS_preadv = 267
+SYS_pwritev = 268
+SYS_read = 3
+SYS_readv = 120
+SYS_write = 4
+SYS_writev = 121
+S_IRGRP = 32
+S_IROTH = 4
+S_IRUSR = 256
+S_IWGRP = 16
+S_IWOTH = 2
+S_IWUSR = 128
+S_IXGRP = 8
+S_IXOTH = 1
+S_IXUSR = 64
--- a/sys/openbsd/gen/amd64.go
+++ b/sys/openbsd/gen/amd64.go
--- a/sys/openbsd/gen/empty.go
+++ b/sys/openbsd/gen/empty.go
@ -0,0 +1,3 @@
+// AUTOGENERATED FILE
+// This file is needed if OS is completely excluded by build tags.
+package gen
--- a/sys/openbsd/init.go
+++ b/sys/openbsd/init.go
@ -0,0 +1,49 @@
+// Copyright 2017 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package openbsd
+
+import (
+	"github.com/google/syzkaller/prog"
+	"github.com/google/syzkaller/sys/targets"
+)
+
+func InitTarget(target *prog.Target) {
+	arch := &arch{
+		unix: targets.MakeUnixSanitizer(target),
+	}
+
+	target.MakeMmap = targets.MakePosixMmap(target)
+	target.SanitizeCall = arch.SanitizeCall
+}
+
+type arch struct {
+	unix *targets.UnixSanitizer
+}
+
+func (arch *arch) SanitizeCall(c *prog.Call) {
+	arch.unix.SanitizeCall(c)
+
+	// Prevent vnodes of type VBAD from being created. Such vnodes will
+	// likely trigger assertion errors by the kernel.
+	pos := 1
+	switch c.Meta.CallName {
+	case "mknodat":
+		pos = 2
+		fallthrough
+	case "mknod":
+		mode := c.Args[pos].(*prog.ConstArg)
+		if (mode.Val & arch.unix.S_IFMT) != arch.unix.S_IFMT {
+			return
+		}
+		saneMode := mode.Val & ^arch.unix.S_IFMT
+		switch {
+		case (mode.Val & arch.unix.S_IFCHR) == arch.unix.S_IFCHR:
+			mode.Val = saneMode | arch.unix.S_IFCHR
+		case (mode.Val & arch.unix.S_IFBLK) == arch.unix.S_IFBLK:
+			mode.Val = saneMode | arch.unix.S_IFBLK
+		case (mode.Val & arch.unix.S_IFIFO) == arch.unix.S_IFIFO:
+			mode.Val = saneMode | arch.unix.S_IFIFO
+		}
+	}
+}
--- a/sys/openbsd/ipc.txt
+++ b/sys/openbsd/ipc.txt
@ -0,0 +1,125 @@
+# Copyright 2017 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <sys/types.h>
+include <sys/fcntl.h>
+include <sys/stat.h>
+include <sys/ipc.h>
+include <sys/shm.h>
+include <sys/msg.h>
+include <sys/sem.h>
+
+resource ipc[int32]: 0, 0xffffffffffffffff
+
+# TODO: describe ipc syscall
+
+define SYS____semctl50	442
+
+resource ipc_msq[ipc]
+msgget(key proc[2039379027, 4], flags flags[msgget_flags]) ipc_msq
+msgget$private(key const[IPC_PRIVATE], flags flags[msgget_flags]) ipc_msq
+msgsnd(msqid ipc_msq, msgp ptr[in, msgbuf], sz len[msgp], flags flags[msgsnd_flags])
+msgrcv(msqid ipc_msq, msgp ptr[out, msgbuf], sz len[msgp], typ flags[msgbuf_type], flags flags[msgrcv_flags])
+msgctl$IPC_STAT(msqid ipc_msq, cmd const[IPC_STAT], buf buffer[out])
+msgctl$IPC_SET(msqid ipc_msq, cmd const[IPC_SET], buf ptr[in, msqid_ds])
+msgctl$IPC_RMID(msqid ipc_msq, cmd const[IPC_RMID])
+
+resource ipc_sem[ipc]
+semget(key proc[2039359027, 4], nsems flags[sem_sem_id], flags flags[semget_flags]) ipc_sem
+semget$private(key const[IPC_PRIVATE], nsems flags[sem_sem_id], flags flags[semget_flags]) ipc_sem
+semop(semid ipc_sem, ops ptr[in, array[sembuf]], nops len[ops])
+semctl$IPC_STAT(semid ipc_sem, semnum const[0], cmd const[IPC_STAT], arg buffer[out])
+semctl$IPC_SET(semid ipc_sem, semnum const[0], cmd const[IPC_SET], arg ptr[in, semid_ds])
+semctl$IPC_RMID(semid ipc_sem, semnum const[0], cmd const[IPC_RMID])
+semctl$GETALL(semid ipc_sem, semnum const[0], cmd const[GETALL], arg buffer[out])
+semctl$GETNCNT(semid ipc_sem, semnum flags[sem_sem_id], cmd const[GETNCNT], arg buffer[out])
+semctl$GETPID(semid ipc_sem, semnum flags[sem_sem_id], cmd const[GETPID], arg buffer[out])
+semctl$GETVAL(semid ipc_sem, semnum flags[sem_sem_id], cmd const[GETVAL], arg buffer[out])
+semctl$GETZCNT(semid ipc_sem, semnum flags[sem_sem_id], cmd const[GETZCNT], arg buffer[out])
+semctl$SETALL(semid ipc_sem, semnum const[0], cmd const[SETALL], arg ptr[in, array[int16]])
+semctl$SETVAL(semid ipc_sem, semnum flags[sem_sem_id], cmd const[SETVAL], arg ptr[in, int32])
+
+resource ipc_shm[ipc]
+resource shmaddr[intptr]: 0
+# The unused arg is unused by syscall (does not exist at all),
+# but it helps to generate sane size values.
+shmget(key proc[2039339027, 4], size len[unused], flags flags[shmget_flags], unused vma) ipc_shm
+shmget$private(key const[IPC_PRIVATE], size len[unused], flags flags[shmget_flags], unused vma) ipc_shm
+shmat(shmid ipc_shm, addr vma, flags flags[shmat_flags]) shmaddr
+shmctl$IPC_STAT(shmid ipc_shm, cmd const[IPC_STAT], buf buffer[out])
+shmctl$IPC_SET(shmid ipc_shm, cmd const[IPC_SET], buf ptr[in, shmid_ds])
+shmctl$IPC_RMID(shmid ipc_shm, cmd const[IPC_RMID])
+shmctl$SHM_LOCK(shmid ipc_shm, cmd const[SHM_LOCK])
+shmctl$SHM_UNLOCK(shmid ipc_shm, cmd const[SHM_UNLOCK])
+shmdt(addr shmaddr)
+
+msgget_flags = IPC_CREAT, IPC_EXCL, S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IWGRP, S_IXGRP, S_IROTH, S_IWOTH, S_IXOTH
+msgbuf_type = 0, 1, 2, 3
+msgsnd_flags = IPC_NOWAIT
+msgrcv_flags = IPC_NOWAIT, MSG_NOERROR
+semget_flags = IPC_CREAT, IPC_EXCL, S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IWGRP, S_IXGRP, S_IROTH, S_IWOTH, S_IXOTH
+semop_flags = IPC_NOWAIT, SEM_UNDO
+sem_sem_id = 0, 1, 2, 3, 4
+shmget_flags = IPC_CREAT, IPC_EXCL, S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IWGRP, S_IXGRP, S_IROTH, S_IWOTH, S_IXOTH
+shmat_flags = SHM_RND, SHM_RDONLY
+
+ipc_perm {
+	key	int32
+	uid	uid
+	gid	gid
+	cuid	uid
+	cgid	gid
+	mode	flags[open_mode, int32]
+	seq	int16
+	pad0	const[0, int16]
+	pad1	const[0, intptr]
+	pad2	const[0, intptr]
+}
+
+msqid_ds {
+	perm	ipc_perm
+	qnum	intptr
+	qbytes	intptr
+	lspid	pid
+	lrpid	pid
+	stime	intptr
+	rtime	intptr
+	ctime	intptr
+	cbytes	intptr
+	pad0	const[0, intptr]
+	pad1	const[0, intptr]
+}
+
+shmid_ds {
+	perm	ipc_perm
+	segsz	int32
+	nattch	int16
+	cpid	pid
+	lpid	pid
+	atime	intptr
+	dtime	intptr
+	ctime	intptr
+	unused0	const[0, int16]
+	unused1	const[0, intptr]
+	unused2	const[0, intptr]
+}
+
+semid_ds {
+	perm	ipc_perm
+	otime	intptr
+	ctime	intptr
+	nsems	intptr
+	pad0	const[0, intptr]
+	pad1	const[0, intptr]
+}
+
+sembuf {
+	num	flags[sem_sem_id, int16]
+	op	int16
+	flg	flags[semop_flags, int16]
+}
+
+msgbuf {
+	typ	flags[msgbuf_type, intptr]
+	data	array[int8]
+} [packed]
--- a/sys/openbsd/ipc_amd64.const
+++ b/sys/openbsd/ipc_amd64.const
@ -0,0 +1,41 @@
+# AUTOGENERATED FILE
+GETALL = 6
+GETNCNT = 3
+GETPID = 4
+GETVAL = 5
+GETZCNT = 7
+IPC_CREAT = 512
+IPC_EXCL = 1024
+IPC_NOWAIT = 2048
+IPC_PRIVATE = 0
+IPC_RMID = 0
+IPC_SET = 1
+IPC_STAT = 2
+MSG_NOERROR = 4096
+SEM_UNDO = 4096
+SETALL = 9
+SETVAL = 8
+SHM_LOCK = 3
+SHM_RDONLY = 4096
+SHM_RND = 8192
+SHM_UNLOCK = 4
+SYS_msgctl = 297
+SYS_msgget = 225
+SYS_msgrcv = 227
+SYS_msgsnd = 226
+SYS_semctl = 442
+SYS_semget = 221
+SYS_semop = 290
+SYS_shmat = 228
+SYS_shmctl = 296
+SYS_shmdt = 230
+SYS_shmget = 289
+S_IRGRP = 32
+S_IROTH = 4
+S_IRUSR = 256
+S_IWGRP = 16
+S_IWOTH = 2
+S_IWUSR = 128
+S_IXGRP = 8
+S_IXOTH = 1
+S_IXUSR = 64
--- a/sys/openbsd/kqueue.txt
+++ b/sys/openbsd/kqueue.txt
@ -0,0 +1,25 @@
+include <sys/types.h>
+include <sys/event.h>
+include <sys/time.h>
+
+resource fd_kqueue[fd]
+
+kqueue() fd_kqueue
+kevent(kd fd_kqueue, changelist ptr[in, array[kevent]], nchanges int32, eventlist ptr[in, array[kevent]], nevents int32, timeout ptr[in, timespec])
+
+kevent_ident {
+	ident	fd
+} [size[8]]
+
+kevent {
+	ident	kevent_ident
+	filter	flags[kevent_filter, int16]
+	flags	flags[kevent_flags, int16]
+	fflags	flags[kevent_fflags, int32]
+	data	int64
+	udata	intptr
+}
+
+kevent_filter = EVFILT_READ, EVFILT_WRITE, EVFILT_AIO, EVFILT_VNODE, EVFILT_PROC, EVFILT_SIGNAL, EVFILT_TIMER, EVFILT_DEVICE
+kevent_flags = EV_ADD, EV_DELETE, EV_ENABLE, EV_DISABLE, EV_ONESHOT, EV_CLEAR, EV_RECEIPT, EV_DISPATCH
+kevent_fflags = NOTE_LOWAT, NOTE_EOF, NOTE_DELETE, NOTE_WRITE, NOTE_EXTEND, NOTE_ATTRIB, NOTE_LINK, NOTE_RENAME, NOTE_REVOKE, NOTE_TRUNCATE, NOTE_EXIT, NOTE_FORK, NOTE_EXEC, NOTE_PCTRLMASK, NOTE_PDATAMASK, NOTE_TRACK, NOTE_TRACKERR, NOTE_CHILD, NOTE_CHANGE
--- a/sys/openbsd/kqueue_amd64.const
+++ b/sys/openbsd/kqueue_amd64.const
@ -0,0 +1,38 @@
+# AUTOGENERATED FILE
+EVFILT_AIO = 18446744073709551613
+EVFILT_DEVICE = 18446744073709551608
+EVFILT_PROC = 18446744073709551611
+EVFILT_READ = 18446744073709551615
+EVFILT_SIGNAL = 18446744073709551610
+EVFILT_TIMER = 18446744073709551609
+EVFILT_VNODE = 18446744073709551612
+EVFILT_WRITE = 18446744073709551614
+EV_ADD = 1
+EV_CLEAR = 32
+EV_DELETE = 2
+EV_DISABLE = 8
+EV_DISPATCH = 128
+EV_ENABLE = 4
+EV_ONESHOT = 16
+EV_RECEIPT = 64
+NOTE_ATTRIB = 8
+NOTE_CHANGE = 1
+NOTE_CHILD = 4
+NOTE_DELETE = 1
+NOTE_EOF = 2
+NOTE_EXEC = 536870912
+NOTE_EXIT = 2147483648
+NOTE_EXTEND = 4
+NOTE_FORK = 1073741824
+NOTE_LINK = 16
+NOTE_LOWAT = 1
+NOTE_PCTRLMASK = 4026531840
+NOTE_PDATAMASK = 1048575
+NOTE_RENAME = 32
+NOTE_REVOKE = 64
+NOTE_TRACK = 1
+NOTE_TRACKERR = 2
+NOTE_TRUNCATE = 128
+NOTE_WRITE = 2
+SYS_kevent = 72
+SYS_kqueue = 269
--- a/sys/openbsd/mm.txt
+++ b/sys/openbsd/mm.txt
@ -0,0 +1,19 @@
+# Copyright 2017 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <sys/types.h>
+include <sys/mman.h>
+
+mmap(addr vma, len len[addr], prot flags[mmap_prot], flags flags[mmap_flags], fd fd, pad const[0], offset fileoff)
+munmap(addr vma, len len[addr])
+mprotect(addr vma, len len[addr], prot flags[mmap_prot])
+madvise(addr vma, len len[addr], advice flags[madvise_flags])
+mlock(addr vma, size len[addr])
+munlock(addr vma, size len[addr])
+mlockall(flags flags[mlockall_flags])
+munlockall()
+
+mmap_prot = PROT_EXEC, PROT_READ, PROT_WRITE, PROT_NONE
+mmap_flags = MAP_ANON, MAP_ANONYMOUS, MAP_FIXED, MAP_PRIVATE, MAP_SHARED
+madvise_flags = MADV_NORMAL, MADV_RANDOM, MADV_SEQUENTIAL, MADV_WILLNEED, MADV_DONTNEED, MADV_FREE
+mlockall_flags = MCL_CURRENT, MCL_FUTURE
--- a/sys/openbsd/mm_amd64.const
+++ b/sys/openbsd/mm_amd64.const
@ -0,0 +1,26 @@
+# AUTOGENERATED FILE
+MADV_DONTNEED = 4
+MADV_FREE = 6
+MADV_NORMAL = 0
+MADV_RANDOM = 1
+MADV_SEQUENTIAL = 2
+MADV_WILLNEED = 3
+MAP_ANON = 4096
+MAP_ANONYMOUS = 4096
+MAP_FIXED = 16
+MAP_PRIVATE = 2
+MAP_SHARED = 1
+MCL_CURRENT = 1
+MCL_FUTURE = 2
+PROT_EXEC = 4
+PROT_NONE = 0
+PROT_READ = 1
+PROT_WRITE = 2
+SYS_madvise = 75
+SYS_mlock = 203
+SYS_mlockall = 271
+SYS_mmap = 197
+SYS_mprotect = 74
+SYS_munlock = 204
+SYS_munlockall = 272
+SYS_munmap = 73
--- a/sys/openbsd/socket.txt
+++ b/sys/openbsd/socket.txt
@ -0,0 +1,90 @@
+# Copyright 2017 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+# TODO: due to autobind a socket can bind to port 0, that will result in a random port which is not reproducible
+
+include <sys/types.h>
+include <sys/socket.h>
+include <netinet/in.h>
+
+resource sock[fd]
+type sock_port proc[20000, 4, int16be]
+
+# TODO: describe socketcall syscall
+
+socket(domain flags[socket_domain], type flags[socket_type], proto int8) sock
+socketpair(domain flags[socket_domain], type flags[socket_type], proto int8, fds ptr[out, pipefd])
+bind(fd sock, addr ptr[in, sockaddr_storage], addrlen len[addr])
+connect(fd sock, addr ptr[in, sockaddr_storage], addrlen len[addr])
+accept(fd sock, peer ptr[out, sockaddr_storage, opt], peerlen ptr[inout, len[peer, int32]]) sock
+# paccept(fd sock, peer ptr[out, sockaddr_storage, opt], peerlen ptr[inout, len[peer, int32]], flags flags[accept_flags]) sock
+sendto(fd sock, buf buffer[in], len len[buf], f flags[send_flags], addr ptr[in, sockaddr_storage, opt], addrlen len[addr])
+recvfrom(fd sock, buf buffer[out], len len[buf], f flags[recv_flags], addr ptr[in, sockaddr_storage, opt], addrlen len[addr])
+getsockname(fd sock, addr ptr[out, sockaddr_storage], addrlen ptr[inout, len[addr, int32]])
+getpeername(fd sock, peer ptr[out, sockaddr_storage], peerlen ptr[inout, len[peer, int32]])
+
+sendmsg(fd sock, msg ptr[in, send_msghdr], f flags[send_flags])
+recvmsg(fd sock, msg ptr[in, recv_msghdr], f flags[recv_flags])
+
+listen(fd sock, backlog int32)
+shutdown(fd sock, how flags[shutdown_flags])
+
+getsockopt(fd sock, level int32, optname int32, optval buffer[out], optlen ptr[inout, len[optval, int32]])
+setsockopt(fd sock, level int32, optname int32, optval buffer[in], optlen len[optval])
+
+socket_domain = AF_LOCAL, AF_INET, AF_INET6, AF_NS, AF_BLUETOOTH, AF_APPLETALK
+socket_type = SOCK_STREAM, SOCK_DGRAM, SOCK_RAW, SOCK_RDM, SOCK_SEQPACKET, SOCK_NONBLOCK, SOCK_CLOEXEC
+# accept_flags = SOCK_NONBLOCK, SOCK_CLOEXEC
+shutdown_flags = SHUT_RD, SHUT_WR, SHUT_RDWR
+send_flags = MSG_OOB, MSG_PEEK, MSG_DONTROUTE, MSG_EOR, MSG_NOSIGNAL
+recv_flags = MSG_CMSG_CLOEXEC, MSG_OOB, MSG_PEEK, MSG_WAITALL
+cmsg_levels = SOL_SOCKET, IPPROTO_ICMP
+
+# This sockaddr type corresponds to the sockaddr_storage type and is 128 bytes size.
+sockaddr_storage [
+	un	sockaddr_un
+	in	sockaddr_in
+	in6	sockaddr_in6
+] [varlen]
+
+send_msghdr {
+	msg_name	ptr[in, sockaddr_storage, opt]
+	msg_namelen	len[msg_name, int32]
+	msg_iov		ptr[in, array[iovec_in]]
+	msg_iovlen	len[msg_iov, intptr]
+	msg_control	ptr[in, array[cmsghdr]]
+	msg_controllen	bytesize[msg_control, intptr]
+	msg_flags	flags[send_flags, int32]
+}
+
+recv_msghdr {
+	msg_name	ptr[out, sockaddr_storage, opt]
+	msg_namelen	len[msg_name, int32]
+	msg_iov		ptr[in, array[iovec_out]]
+	msg_iovlen	len[msg_iov, intptr]
+	msg_control	buffer[out]
+	msg_controllen	len[msg_control, intptr]
+	msg_flags	int32
+}
+
+cmsghdr {
+	cmsg_len	len[parent, intptr]
+	cmsg_level	flags[cmsg_levels, int32]
+	cmsg_type	int32
+	data		array[int8]
+} [align_ptr]
+
+# Socket options
+
+getsockopt$sock_int(fd sock, level const[SOL_SOCKET], optname flags[sockopt_opt_sock_int], optval ptr[out, int32], optlen ptr[inout, len[optval, int32]])
+setsockopt$sock_int(fd sock, level const[SOL_SOCKET], optname flags[sockopt_opt_sock_int], optval ptr[in, int32], optlen len[optval])
+getsockopt$sock_linger(fd sock, level const[SOL_SOCKET], optname const[SO_LINGER], optval ptr[out, linger], optlen ptr[inout, len[optval, int32]])
+setsockopt$sock_linger(fd sock, level const[SOL_SOCKET], optname const[SO_LINGER], optval ptr[in, linger], optlen len[optval])
+getsockopt$sock_cred(fd sock, level const[SOL_SOCKET], optname const[SO_PEERCRED], optval ptr[out, ucred], optlen ptr[inout, len[optval, int32]])
+setsockopt$sock_cred(fd sock, level const[SOL_SOCKET], optname const[SO_PEERCRED], optval ptr[in, ucred], optlen len[optval])
+getsockopt$sock_timeval(fd sock, level const[SOL_SOCKET], optname flags[sockopt_opt_sock_timeval], optval ptr[out, timeval], optlen ptr[inout, len[optval, int32]])
+setsockopt$sock_timeval(fd sock, level const[SOL_SOCKET], optname flags[sockopt_opt_sock_timeval], optval ptr[in, timeval], optlen len[optval])
+getsockopt$SO_PEERCRED(fd sock, level const[SOL_SOCKET], optname const[SO_PEERCRED], optval ptr[out, ucred], optlen len[optval])
+
+sockopt_opt_sock_int = SO_DEBUG, SO_REUSEADDR, SO_REUSEPORT, SO_KEEPALIVE, SO_DONTROUTE, SO_LINGER, SO_BROADCAST, SO_OOBINLINE, SO_SNDBUF, SO_RCVBUF, SO_SNDLOWAT, SO_RCVLOWAT, SO_TIMESTAMP, SO_TYPE, SO_ERROR
+sockopt_opt_sock_timeval = SO_RCVTIMEO, SO_SNDTIMEO
--- a/sys/openbsd/socket_amd64.const
+++ b/sys/openbsd/socket_amd64.const
@ -0,0 +1,59 @@
+# AUTOGENERATED FILE
+AF_APPLETALK = 16
+AF_BLUETOOTH = 32
+AF_INET = 2
+AF_INET6 = 24
+AF_LOCAL = 1
+AF_NS = 6
+IPPROTO_ICMP = 1
+MSG_CMSG_CLOEXEC = 2048
+MSG_DONTROUTE = 4
+MSG_EOR = 8
+MSG_NOSIGNAL = 1024
+MSG_OOB = 1
+MSG_PEEK = 2
+MSG_WAITALL = 64
+SHUT_RD = 0
+SHUT_RDWR = 2
+SHUT_WR = 1
+SOCK_CLOEXEC = 32768
+SOCK_DGRAM = 2
+SOCK_NONBLOCK = 16384
+SOCK_RAW = 3
+SOCK_RDM = 4
+SOCK_SEQPACKET = 5
+SOCK_STREAM = 1
+SOL_SOCKET = 65535
+SO_BROADCAST = 32
+SO_DEBUG = 1
+SO_DONTROUTE = 16
+SO_ERROR = 4103
+SO_KEEPALIVE = 8
+SO_LINGER = 128
+SO_OOBINLINE = 256
+SO_PEERCRED = 4130
+SO_RCVBUF = 4098
+SO_RCVLOWAT = 4100
+SO_RCVTIMEO = 4102
+SO_REUSEADDR = 4
+SO_REUSEPORT = 512
+SO_SNDBUF = 4097
+SO_SNDLOWAT = 4099
+SO_SNDTIMEO = 4101
+SO_TIMESTAMP = 2048
+SO_TYPE = 4104
+SYS_accept = 30
+SYS_bind = 104
+SYS_connect = 98
+SYS_getpeername = 31
+SYS_getsockname = 32
+SYS_getsockopt = 118
+SYS_listen = 106
+SYS_recvfrom = 29
+SYS_recvmsg = 27
+SYS_sendmsg = 28
+SYS_sendto = 133
+SYS_setsockopt = 105
+SYS_shutdown = 134
+SYS_socket = 97
+SYS_socketpair = 135
--- a/sys/openbsd/socket_inet.txt
+++ b/sys/openbsd/socket_inet.txt
@ -0,0 +1,41 @@
+# Copyright 2017 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <sys/types.h>
+include <sys/socket.h>
+include <sys/sockio.h>
+include <netinet/in.h>
+
+# IP sockets
+
+resource sock_in[sock]
+
+sock_in_pair {
+	f0	sock_in
+	f1	sock_in
+}
+
+sockaddr_in {
+	family	const[AF_INET, int16]
+	port	sock_port
+	pad	array[const[0, int8], 8]
+}
+
+socket$inet(domain const[AF_INET], type flags[socket_type], proto int8) sock_in
+socketpair$inet(domain const[AF_INET], type flags[socket_type], proto int8, fds ptr[out, sock_in_pair])
+accept$inet(fd sock_in, peer ptr[out, sockaddr_in, opt], peerlen ptr[inout, len[peer, int32]]) sock_in
+bind$inet(fd sock_in, addr ptr[in, sockaddr_in], addrlen len[addr])
+connect$inet(fd sock_in, addr ptr[in, sockaddr_in], addrlen len[addr])
+sendto$inet(fd sock_in, buf buffer[in], len len[buf], f flags[send_flags], addr ptr[in, sockaddr_in, opt], addrlen len[addr])
+recvfrom$inet(fd sock_in, buf buffer[out], len len[buf], f flags[recv_flags], addr ptr[in, sockaddr_in, opt], addrlen len[addr])
+getsockname$inet(fd sock_in, addr ptr[out, sockaddr_in], addrlen ptr[inout, len[addr, int32]])
+getpeername$inet(fd sock_in, peer ptr[out, sockaddr_in], peerlen ptr[inout, len[peer, int32]])
+
+# Generic IP options
+
+# Specific IP options
+
+sockopt_opt_ip_opts = IP_OPTIONS
+
+getsockopt$inet_opts(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_opts], optval buffer[out], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet_opts(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_opts], optval buffer[in], optlen len[optval])
--- a/sys/openbsd/socket_inet6.txt
+++ b/sys/openbsd/socket_inet6.txt
@ -0,0 +1,66 @@
+# Copyright 2017 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <sys/types.h>
+include <sys/param.h>
+include <sys/socket.h>
+include <netinet/in.h>
+include <net/route.h>
+include <netinet6/ip6_mroute.h>
+# include <compat/linux/common/linux_socket.h>
+include <sys/sockio.h>
+
+# IPv6 sockets
+
+resource sock_in6[sock]
+
+sock_in6_pair {
+	f0	sock_in6
+	f1	sock_in6
+}
+
+sockaddr_in6 {
+	family	const[AF_INET6, int16]
+	port	sock_port
+	flow	int32
+	scope	int32
+}
+
+socket$inet6(domain const[AF_INET6], type flags[socket_type], proto int8) sock_in6
+socketpair$inet6(domain const[AF_INET6], type flags[socket_type], proto int8, fds ptr[out, sock_in6_pair])
+accept$inet6(fd sock_in6, peer ptr[out, sockaddr_in6, opt], peerlen ptr[inout, len[peer, int32]]) sock_in6
+bind$inet6(fd sock_in6, addr ptr[in, sockaddr_in6], addrlen len[addr])
+connect$inet6(fd sock_in6, addr ptr[in, sockaddr_in6], addrlen len[addr])
+sendto$inet6(fd sock_in6, buf buffer[in], len len[buf], f flags[send_flags], addr ptr[in, sockaddr_in6, opt], addrlen len[addr])
+recvfrom$inet6(fd sock_in6, buf buffer[out], len len[buf], f flags[recv_flags], addr ptr[in, sockaddr_in6, opt], addrlen len[addr])
+getsockname$inet6(fd sock_in6, addr ptr[out, sockaddr_in6], addrlen ptr[inout, len[addr, int32]])
+getpeername$inet6(fd sock_in6, peer ptr[out, sockaddr_in6], peerlen ptr[inout, len[peer, int32]])
+
+# Generic IPv6 options
+
+# Specific IPv6 options
+
+# TODO: IPV6_HOPOPTS, IPV6_RTHDRDSTOPTS, IPV6_RTHDR, IPV6_DSTOPTS
+# TODO: IPV6_PATHMTU
+# TODO: IP6T_SO_GET_REVISION_MATCH, IP6T_SO_GET_REVISION_TARGET
+
+setsockopt$inet6_MRT6_ADD_MIF(fd sock_in6, level const[IPPROTO_IPV6], optname const[MRT6_ADD_MIF], optval ptr[in, mif6ctl], optlen len[optval])
+setsockopt$inet6_MRT6_ADD_MFC(fd sock_in6, level const[IPPROTO_IPV6], optname const[MRT6_ADD_MFC], optval ptr[in, mf6cctl], optlen len[optval])
+setsockopt$inet6_MRT6_DEL_MFC(fd sock_in6, level const[IPPROTO_IPV6], optname const[MRT6_DEL_MFC], optval ptr[in, mf6cctl], optlen len[optval])
+
+mif6ctl {
+	mif6c_mifi	int16
+	mif6c_flags	flags[mif6c_flags, int8]
+	vifc_threshold	int8
+	mif6c_pifi	int16
+	vifc_rate_limit	int32
+}
+
+mif6c_flags = MIFF_REGISTER
+
+mf6cctl {
+	mf6cc_origin	sockaddr_in6
+	mf6cc_mcastgrp	sockaddr_in6
+	mf6cc_parent	int16
+	mf6cc_ifset	array[int32, 8]
+}
--- a/sys/openbsd/socket_inet6_amd64.const
+++ b/sys/openbsd/socket_inet6_amd64.const
@ -0,0 +1,17 @@
+# AUTOGENERATED FILE
+AF_INET6 = 24
+IPPROTO_IPV6 = 41
+MIFF_REGISTER = 1
+MRT6_ADD_MFC = 104
+MRT6_ADD_MIF = 102
+MRT6_DEL_MFC = 105
+SYS_accept = 30
+SYS_bind = 104
+SYS_connect = 98
+SYS_getpeername = 31
+SYS_getsockname = 32
+SYS_recvfrom = 29
+SYS_sendto = 133
+SYS_setsockopt = 105
+SYS_socket = 97
+SYS_socketpair = 135
--- a/sys/openbsd/socket_inet_amd64.const
+++ b/sys/openbsd/socket_inet_amd64.const
@ -0,0 +1,15 @@
+# AUTOGENERATED FILE
+AF_INET = 2
+IPPROTO_IP = 0
+IP_OPTIONS = 1
+SYS_accept = 30
+SYS_bind = 104
+SYS_connect = 98
+SYS_getpeername = 31
+SYS_getsockname = 32
+SYS_getsockopt = 118
+SYS_recvfrom = 29
+SYS_sendto = 133
+SYS_setsockopt = 105
+SYS_socket = 97
+SYS_socketpair = 135
--- a/sys/openbsd/socket_unix.txt
+++ b/sys/openbsd/socket_unix.txt
@ -0,0 +1,79 @@
+# Copyright 2017 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+# AF_UNIX support.
+
+include <sys/types.h>
+include <sys/socket.h>
+include <netinet/in.h>
+# include <compat/linux/common/linux_socket.h>
+
+resource sock_unix[sock]
+
+socket$unix(domain const[AF_UNIX], type flags[unix_socket_type], proto const[0]) sock_unix
+socketpair$unix(domain const[AF_UNIX], type flags[unix_socket_type], proto const[0], fds ptr[out, unix_pair])
+bind$unix(fd sock_unix, addr ptr[in, sockaddr_un], addrlen len[addr])
+connect$unix(fd sock_unix, addr ptr[in, sockaddr_un], addrlen len[addr])
+accept$unix(fd sock_unix, peer ptr[out, sockaddr_un, opt], peerlen ptr[inout, len[peer, int32]]) sock_unix
+
+sendto$unix(fd sock_unix, buf buffer[in], len len[buf], f flags[send_flags], addr ptr[in, sockaddr_un, opt], addrlen len[addr])
+sendmsg$unix(fd sock_unix, msg ptr[in, msghdr_un], f flags[send_flags])
+recvfrom$unix(fd sock_unix, buf buffer[out], len len[buf], f flags[recv_flags], addr ptr[in, sockaddr_un, opt], addrlen len[addr])
+getsockname$unix(fd sock_unix, addr ptr[out, sockaddr_un], addrlen ptr[inout, len[addr, int32]])
+getpeername$unix(fd sock_unix, peer ptr[out, sockaddr_un], peerlen ptr[inout, len[peer, int32]])
+
+unix_socket_type = SOCK_STREAM, SOCK_DGRAM, SOCK_SEQPACKET
+unix_socket_family = AF_UNIX, AF_UNSPEC
+
+unix_pair {
+	fd0	sock_unix
+	fd1	sock_unix
+}
+
+sockaddr_un [
+	file	sockaddr_un_file
+	abs	sockaddr_un_abstract
+] [varlen]
+
+sockaddr_un_file {
+	family	flags[unix_socket_family, int16]
+	path	filename
+} [packed]
+
+sockaddr_un_abstract {
+	family	flags[unix_socket_family, int16]
+	ind	const[0, int8]
+	id	proc[20000, 4, int32]
+}
+
+msghdr_un {
+	addr	ptr[in, sockaddr_un]
+	addrlen	len[addr, int32]
+	vec	ptr[in, array[iovec_in]]
+	vlen	len[vec, intptr]
+	ctrl	ptr[in, array[cmsghdr_un], opt]
+	ctrllen	bytesize[ctrl, intptr]
+	f	flags[send_flags, int32]
+}
+
+cmsghdr_un [
+	rights	cmsghdr_un_rights
+	cred	cmsghdr_un_cred
+] [varlen]
+
+cmsghdr_un_rights {
+	len	len[parent, intptr]
+	level	const[SOL_SOCKET, int32]
+	type	const[SCM_RIGHTS, int32]
+	fds	array[fd]
+} [align_ptr]
+
+cmsghdr_un_cred {
+	len	len[parent, intptr]
+	level	const[SOL_SOCKET, int32]
+	# XXX type	const[LINUX_SCM_CREDENTIALS, int32]
+	type	const[0, int32]
+	pid	pid
+	uid	uid
+	gid	gid
+} [align_ptr]
--- a/sys/openbsd/socket_unix_amd64.const
+++ b/sys/openbsd/socket_unix_amd64.const
@ -0,0 +1,18 @@
+# AUTOGENERATED FILE
+AF_UNIX = 1
+AF_UNSPEC = 0
+SCM_RIGHTS = 1
+SOCK_DGRAM = 2
+SOCK_SEQPACKET = 5
+SOCK_STREAM = 1
+SOL_SOCKET = 65535
+SYS_accept = 30
+SYS_bind = 104
+SYS_connect = 98
+SYS_getpeername = 31
+SYS_getsockname = 32
+SYS_recvfrom = 29
+SYS_sendmsg = 28
+SYS_sendto = 133
+SYS_socket = 97
+SYS_socketpair = 135
--- a/sys/openbsd/sys.txt
+++ b/sys/openbsd/sys.txt
@ -0,0 +1,208 @@
+# Copyright 2017 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <sys/types.h>
+include <sys/mman.h>
+include <sys/stat.h>
+include <fcntl.h>
+include <unistd.h>
+include <sys/time.h>
+include <dirent.h>
+include <poll.h>
+include <sys/select.h>
+include <sys/param.h>
+include <sys/resource.h>
+include <time.h>
+include <signal.h>
+include <sys/wait.h>
+
+pipe(pipefd ptr[out, pipefd])
+
+stat(file ptr[in, filename], statbuf ptr[out, stat])
+lstat(file ptr[in, filename], statbuf ptr[out, stat])
+
+poll(fds ptr[in, array[pollfd]], nfds len[fds], timeout int32)
+select(n len[inp], inp ptr[inout, fd_set], outp ptr[inout, fd_set], exp ptr[inout, fd_set], tvp ptr[inout, timeval])
+
+mincore(addr vma, size len[addr], vec buffer[out])
+
+fcntl$dupfd(fd fd, cmd flags[fcntl_dupfd], arg fd) fd
+fcntl$getflags(fd fd, cmd flags[fcntl_getflags])
+fcntl$setflags(fd fd, cmd const[F_SETFD], flags flags[fcntl_flags])
+fcntl$setstatus(fd fd, cmd const[F_SETFL], flags flags[fcntl_status])
+fcntl$lock(fd fd, cmd flags[fcntl_lock], lock ptr[in, flock])
+fcntl$getown(fd fd, cmd const[F_GETOWN]) pid
+fcntl$setown(fd fd, cmd const[F_SETOWN], pid pid)
+
+mknod(file ptr[in, filename], mode flags[mknod_mode], dev int32)
+mknod$loop(file ptr[in, filename], mode flags[mknod_mode], dev proc[1792, 2])
+mknodat(dirfd fd_dir, file ptr[in, filename], mode flags[mknod_mode], dev int32)
+chmod(file ptr[in, filename], mode flags[open_mode])
+fchmod(fd fd, mode flags[open_mode])
+fchmodat(dirfd fd_dir, file ptr[in, filename], mode flags[open_mode], flags flags[at_flags])
+chown(file ptr[in, filename], uid uid, gid gid)
+lchown(file ptr[in, filename], uid uid, gid gid)
+fchown(fd fd, uid uid, gid gid)
+fchownat(dirfd fd_dir, file ptr[in, filename], uid uid, gid gid, flags flags[at_flags])
+faccessat(dirfd fd_dir, pathname ptr[in, filename], mode flags[open_mode], flags flags[faccessat_flags])
+utimes(filename ptr[in, filename], times ptr[in, itimerval])
+utimensat(dir fd_dir, pathname ptr[in, filename], times ptr[in, itimerval], flags flags[utimensat_flags])
+
+execve(file ptr[in, filename], argv ptr[in, array[ptr[in, string]]], envp ptr[in, array[ptr[in, string]]])
+
+getgid() gid
+getegid() gid
+setuid(uid uid)
+setgid(gid gid)
+seteuid(euid uid)
+setegid(egid gid)
+getuid() uid
+geteuid() uid
+setpgid(pid pid, pgid pid)
+getpgid(pid pid) pid
+getpgrp() pid
+getpid() pid
+getppid() pid
+setreuid(ruid uid, euid uid)
+setregid(rgid gid, egid gid)
+getgroups(size len[list], list ptr[inout, array[gid]])
+setgroups(size len[list], list ptr[in, array[gid]])
+
+link(old ptr[in, filename], new ptr[in, filename])
+linkat(oldfd fd_dir, old ptr[in, filename], newfd fd_dir, new ptr[in, filename], flags flags[linkat_flags])
+symlinkat(old ptr[in, filename], newfd fd_dir, new ptr[in, filename])
+symlink(old ptr[in, filename], new ptr[in, filename])
+unlink(path ptr[in, filename])
+unlinkat(fd fd_dir, path ptr[in, filename], flags flags[unlinkat_flags])
+readlink(path ptr[in, filename], buf buffer[out], siz len[buf])
+readlinkat(fd fd_dir, path ptr[in, filename], buf buffer[out], siz len[buf])
+rename(old ptr[in, filename], new ptr[in, filename])
+renameat(oldfd fd_dir, old ptr[in, filename], newfd fd_dir, new ptr[in, filename])
+mkdir(path ptr[in, filename], mode flags[open_mode])
+mkdirat(fd fd_dir, path ptr[in, filename], mode flags[open_mode])
+rmdir(path ptr[in, filename])
+truncate(file ptr[in, filename], len intptr)
+ftruncate(fd fd, len intptr)
+flock(fd fd, op flags[flock_op])
+fsync(fd fd)
+# fdatasync(fd fd)
+sync()
+getdents(fd fd_dir, ent buffer[out], count len[ent])
+chroot(dir ptr[in, filename])
+# fchroot(fd fd)
+chdir(dir ptr[in, filename])
+fchdir(fd fd)
+
+getrusage(who flags[rusage_who], usage ptr[out, rusage])
+getrlimit(res flags[rlimit_type], rlim ptr[out, rlimit])
+setrlimit(res flags[rlimit_type], rlim ptr[in, rlimit])
+
+clock_gettime(id flags[clock_id], tp ptr[out, timespec])
+clock_settime(id flags[clock_id], tp ptr[in, timespec])
+clock_getres(id flags[clock_id], tp ptr[out, timespec])
+nanosleep(req ptr[in, timespec], rem ptr[out, timespec, opt])
+getitimer(which flags[getitimer_which], cur ptr[out, itimerval])
+setitimer(which flags[getitimer_which], new ptr[in, itimerval], old ptr[out, itimerval, opt])
+wait4(pid pid, status ptr[out, int32, opt], options flags[wait_options], ru ptr[out, rusage, opt])
+
+pledge(promises ptr[in, string], execpromises ptr[in, string])
+unveil(path ptr[in, filename], permissions ptr[in, string[unveil_permissions]])
+
+pollfd {
+	fd	fd
+	events	flags[pollfd_events, int16]
+	revents	const[0, int16]
+}
+
+# prog knowns about this struct type
+timespec {
+	sec	intptr
+	nsec	intptr
+}
+
+# prog knowns about this struct type
+timeval {
+	sec	intptr
+	usec	intptr
+}
+
+itimerval {
+	interv	timeval
+	value	timeval
+}
+
+# TODO: fd_set needs to be a separate type
+fd_set {
+	mask0	int64
+	mask1	int64
+	mask2	int64
+	mask3	int64
+	mask4	int64
+	mask5	int64
+	mask6	int64
+	mask7	int64
+}
+
+rusage {
+	utime	timeval
+	stime	timeval
+	maxrss	intptr
+	ixrss	intptr
+	idrss	intptr
+	isrss	intptr
+	minflt	intptr
+	majflt	intptr
+	nswap	intptr
+	inblock	intptr
+	oublock	intptr
+	msgsnd	intptr
+	msgrcv	intptr
+	signals	intptr
+	nvcsw	intptr
+	nivcsw	intptr
+}
+
+rlimit {
+	soft	intptr
+	hard	intptr
+}
+
+flock {
+	type	flags[flock_type, int16]
+	whence	flags[seek_whence, int16]
+	start	intptr
+	len	intptr
+	pid	pid
+}
+
+linger {
+	onoff	int32
+	linger	int32
+}
+
+ucred {
+	pid	pid
+	uid	uid
+	gid	gid
+}
+
+pollfd_events = POLLIN, POLLPRI, POLLOUT, POLLERR, POLLHUP, POLLNVAL, POLLRDNORM, POLLRDBAND, POLLWRNORM, POLLWRBAND
+mknod_mode = S_IFMT, S_IFREG, S_IFCHR, S_IFBLK, S_IFIFO, S_IFSOCK, S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IWGRP, S_IXGRP, S_IROTH, S_IWOTH, S_IXOTH
+at_flags = AT_SYMLINK_NOFOLLOW, AT_SYMLINK_FOLLOW
+linkat_flags = AT_SYMLINK_FOLLOW
+unlinkat_flags = 0, AT_REMOVEDIR
+flock_op = LOCK_SH, LOCK_EX, LOCK_UN, LOCK_NB
+faccessat_flags = AT_EACCESS, AT_SYMLINK_NOFOLLOW
+rusage_who = RUSAGE_SELF, RUSAGE_CHILDREN
+rlimit_type = RLIMIT_CORE, RLIMIT_CPU, RLIMIT_DATA, RLIMIT_FSIZE, RLIMIT_MEMLOCK, RLIMIT_NOFILE, RLIMIT_NPROC, RLIMIT_RSS, RLIMIT_STACK, RLIMIT_STACK
+clock_id = CLOCK_REALTIME, CLOCK_MONOTONIC, CLOCK_PROCESS_CPUTIME_ID, CLOCK_THREAD_CPUTIME_ID
+getitimer_which = ITIMER_REAL, ITIMER_VIRTUAL, ITIMER_PROF
+wait_options = WCONTINUED, WNOHANG, WUNTRACED
+utimensat_flags = 0, AT_SYMLINK_NOFOLLOW
+fcntl_dupfd = F_DUPFD, F_DUPFD_CLOEXEC
+fcntl_getflags = F_GETFD, F_GETFL
+fcntl_lock = F_SETLK, F_SETLKW, F_GETLK
+fcntl_flags = FD_CLOEXEC
+fcntl_status = O_APPEND, O_ASYNC, O_NONBLOCK, O_DSYNC, O_RSYNC
+flock_type = F_RDLCK, F_WRLCK, F_UNLCK
+unveil_permissions = "r", "W", "x", "c"
--- a/sys/openbsd/sys_amd64.const
+++ b/sys/openbsd/sys_amd64.const
@ -0,0 +1,146 @@
+# AUTOGENERATED FILE
+AT_EACCESS = 1
+AT_REMOVEDIR = 8
+AT_SYMLINK_FOLLOW = 4
+AT_SYMLINK_NOFOLLOW = 2
+CLOCK_MONOTONIC = 3
+CLOCK_PROCESS_CPUTIME_ID = 2
+CLOCK_REALTIME = 0
+CLOCK_THREAD_CPUTIME_ID = 4
+FD_CLOEXEC = 1
+F_DUPFD = 0
+F_DUPFD_CLOEXEC = 10
+F_GETFD = 1
+F_GETFL = 3
+F_GETLK = 7
+F_GETOWN = 5
+F_RDLCK = 1
+F_SETFD = 2
+F_SETFL = 4
+F_SETLK = 8
+F_SETLKW = 9
+F_SETOWN = 6
+F_UNLCK = 2
+F_WRLCK = 3
+ITIMER_PROF = 2
+ITIMER_REAL = 0
+ITIMER_VIRTUAL = 1
+LOCK_EX = 2
+LOCK_NB = 4
+LOCK_SH = 1
+LOCK_UN = 8
+O_APPEND = 8
+O_ASYNC = 64
+O_DSYNC = 128
+O_NONBLOCK = 4
+O_RSYNC = 128
+POLLERR = 8
+POLLHUP = 16
+POLLIN = 1
+POLLNVAL = 32
+POLLOUT = 4
+POLLPRI = 2
+POLLRDBAND = 128
+POLLRDNORM = 64
+POLLWRBAND = 256
+POLLWRNORM = 4
+RLIMIT_CORE = 4
+RLIMIT_CPU = 0
+RLIMIT_DATA = 2
+RLIMIT_FSIZE = 1
+RLIMIT_MEMLOCK = 6
+RLIMIT_NOFILE = 8
+RLIMIT_NPROC = 7
+RLIMIT_RSS = 5
+RLIMIT_STACK = 3
+RUSAGE_CHILDREN = 18446744073709551615
+RUSAGE_SELF = 0
+SYS_chdir = 12
+SYS_chmod = 15
+SYS_chown = 16
+SYS_chroot = 61
+SYS_clock_getres = 89
+SYS_clock_gettime = 87
+SYS_clock_settime = 88
+SYS_execve = 59
+SYS_faccessat = 313
+SYS_fchdir = 13
+SYS_fchmod = 124
+SYS_fchmodat = 314
+SYS_fchown = 123
+SYS_fchownat = 315
+SYS_fcntl = 92
+SYS_flock = 131
+SYS_fsync = 95
+SYS_ftruncate = 201
+SYS_getdents = 99
+SYS_getegid = 43
+SYS_geteuid = 25
+SYS_getgid = 47
+SYS_getgroups = 79
+SYS_getitimer = 70
+SYS_getpgid = 207
+SYS_getpgrp = 81
+SYS_getpid = 20
+SYS_getppid = 39
+SYS_getrlimit = 194
+SYS_getrusage = 19
+SYS_getuid = 24
+SYS_lchown = 254
+SYS_link = 9
+SYS_linkat = 317
+SYS_lstat = 40
+SYS_mincore = 78
+SYS_mkdir = 136
+SYS_mkdirat = 318
+SYS_mknod = 14
+SYS_mknodat = 320
+SYS_nanosleep = 91
+SYS_pipe = 263
+SYS_pledge = 108
+SYS_poll = 252
+SYS_readlink = 58
+SYS_readlinkat = 322
+SYS_rename = 128
+SYS_renameat = 323
+SYS_rmdir = 137
+SYS_select = 71
+SYS_setegid = 182
+SYS_seteuid = 183
+SYS_setgid = 181
+SYS_setgroups = 80
+SYS_setitimer = 69
+SYS_setpgid = 82
+SYS_setregid = 127
+SYS_setreuid = 126
+SYS_setrlimit = 195
+SYS_setuid = 23
+SYS_stat = 38
+SYS_symlink = 57
+SYS_symlinkat = 324
+SYS_sync = 36
+SYS_truncate = 200
+SYS_unlink = 10
+SYS_unlinkat = 325
+SYS_unveil = 114
+SYS_utimensat = 84
+SYS_utimes = 76
+SYS_wait4 = 11
+S_IFBLK = 24576
+S_IFCHR = 8192
+S_IFIFO = 4096
+S_IFMT = 61440
+S_IFREG = 32768
+S_IFSOCK = 49152
+S_IRGRP = 32
+S_IROTH = 4
+S_IRUSR = 256
+S_IWGRP = 16
+S_IWOTH = 2
+S_IWUSR = 128
+S_IXGRP = 8
+S_IXOTH = 1
+S_IXUSR = 64
+WCONTINUED = 8
+WNOHANG = 1
+WUNTRACED = 2
--- a/sys/openbsd/tty.txt
+++ b/sys/openbsd/tty.txt
@ -0,0 +1,69 @@
+# Copyright 2018 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <sys/types.h>
+include <time.h>
+include <sys/tty.h>
+include <fcntl.h>
+
+resource fd_tty[fd]
+
+syz_open_pts() fd_tty
+
+ioctl$TIOCSETD(fd fd_tty, cmd const[TIOCSETD], arg ptr[in, int32])
+ioctl$TIOCGETD(fd fd_tty, cmd const[TIOCGETD], arg ptr[out, int32])
+ioctl$TIOCSBRK(fd fd_tty, cmd const[TIOCSBRK])
+ioctl$TIOCCBRK(fd fd_tty, cmd const[TIOCCBRK])
+ioctl$TIOCSDTR(fd fd_tty, cmd const[TIOCSDTR])
+ioctl$TIOCCDTR(fd fd_tty, cmd const[TIOCCDTR])
+ioctl$TIOCSPGRP(fd fd_tty, cmd const[TIOCGPGRP], arg ptr[out, int32])
+ioctl$TIOCGETA(fd fd_tty, cmd const[TIOCGETA], arg ptr[out, termios])
+ioctl$TIOCSETA(fd fd_tty, cmd const[TIOCSETA], arg ptr[in, termios])
+ioctl$TIOCSETAW(fd fd_tty, cmd const[TIOCSETAW], arg ptr[in, termios])
+ioctl$TIOCSETAF(fd fd_tty, cmd const[TIOCSETAF], arg ptr[in, termios])
+ioctl$TIOCOUTQ(fd fd_tty, cmd const[TIOCOUTQ], arg ptr[in, int32])
+ioctl$TIOCNOTTY(fd fd_tty, cmd const[TIOCNOTTY])
+ioctl$TIOCSETVERAUTH(fd fd_tty, cmd const[TIOCSETVERAUTH], arg ptr[in, int32])
+ioctl$TIOCCLRVERAUTH(fd fd_tty, cmd const[TIOCCLRVERAUTH])
+ioctl$TIOCCHKVERAUTH(fd fd_tty, cmd const[TIOCCHKVERAUTH])
+ioctl$TIOCSTOP(fd fd_tty, cmd const[TIOCSTOP])
+ioctl$TIOCSTART(fd fd_tty, cmd const[TIOCSTART])
+ioctl$TIOCSCTTY(fd fd_tty, cmd const[TIOCSCTTY])
+ioctl$TIOCDRAIN(fd fd_tty, cmd const[TIOCDRAIN])
+ioctl$TIOCEXCL(fd fd_tty, cmd const[TIOCEXCL])
+ioctl$TIOCNXCL(fd fd_tty, cmd const[TIOCNXCL])
+ioctl$TIOCFLUSH(fd fd_tty, cmd const[TIOCFLUSH], arg ptr[in, int32])
+ioctl$TIOCGWINSZ(fd fd_tty, cmd const[TIOCGWINSZ], arg ptr[out, winsize])
+ioctl$TIOCSWINSZ(fd fd_tty, cmd const[TIOCSWINSZ], arg ptr[in, winsize])
+ioctl$TIOCCONS(fd fd_tty, cmd const[TIOCCONS], arg ptr[in, int32])
+ioctl$TIOCMSET(fd fd_tty, cmd const[TIOCMSET], arg ptr[in, int32])
+ioctl$TIOCMGET(fd fd_tty, cmd const[TIOCMGET], arg ptr[out, int32])
+ioctl$TIOCMBIS(fd fd_tty, cmd const[TIOCMBIS], arg ptr[in, int32])
+ioctl$TIOCMBIC(fd fd_tty, cmd const[TIOCMBIC], arg ptr[in, int32])
+ioctl$TIOCGTSTAMP(fd fd_tty, cmd const[TIOCGTSTAMP], arg ptr[out, timeval])
+ioctl$TIOCSTSTAMP(fd fd_tty, cmd const[TIOCSTSTAMP], arg ptr[in, tstamps])
+ioctl$TIOCSFLAGS(fd fd_tty, cmd const[TIOCSFLAGS], arg ptr[in, int32])
+ioctl$TIOCGFLAGS(fd fd_tty, cmd const[TIOCGFLAGS], arg ptr[out, int32])
+ioctl$TIOCSTAT(fd fd_tty, cmd const[TIOCSTAT], arg ptr[out, int32])
+
+termios {
+	iflag	int32
+	oflag	int32
+	cflag	int32
+	lflag	int32
+	cc	array[int8, NCCS]
+	ispeed	int32
+	ospeed	int32
+}
+
+tstamps {
+	set	int32
+	clr	int32
+}
+
+winsize {
+	row	int16
+	col	int16
+	xpixel	int16
+	ypixel	int16
+}
--- a/sys/openbsd/tty_amd64.const
+++ b/sys/openbsd/tty_amd64.const
@ -0,0 +1,38 @@
+# AUTOGENERATED FILE
+NCCS = 20
+SYS_ioctl = 54
+TIOCCBRK = 536900730
+TIOCCDTR = 536900728
+TIOCCHKVERAUTH = 536900638
+TIOCCLRVERAUTH = 536900637
+TIOCCONS = 2147775586
+TIOCDRAIN = 536900702
+TIOCEXCL = 536900621
+TIOCFLUSH = 2147775504
+TIOCGETA = 1076655123
+TIOCGETD = 1074033690
+TIOCGFLAGS = 1074033757
+TIOCGPGRP = 1074033783
+TIOCGTSTAMP = 1074820187
+TIOCGWINSZ = 1074295912
+TIOCMBIC = 2147775595
+TIOCMBIS = 2147775596
+TIOCMGET = 1074033770
+TIOCMSET = 2147775597
+TIOCNOTTY = 536900721
+TIOCNXCL = 536900622
+TIOCOUTQ = 1074033779
+TIOCSBRK = 536900731
+TIOCSCTTY = 536900705
+TIOCSDTR = 536900729
+TIOCSETA = 2150396948
+TIOCSETAF = 2150396950
+TIOCSETAW = 2150396949
+TIOCSETD = 2147775515
+TIOCSETVERAUTH = 2147775516
+TIOCSFLAGS = 2147775580
+TIOCSTART = 536900718
+TIOCSTAT = 536900709
+TIOCSTOP = 536900719
+TIOCSTSTAMP = 2148037722
+TIOCSWINSZ = 2148037735
--- a/sys/sys.go
+++ b/sys/sys.go
@ -10,6 +10,7 @@ import (
 	_ "github.com/google/syzkaller/sys/fuchsia/gen"
 	_ "github.com/google/syzkaller/sys/linux/gen"
 	_ "github.com/google/syzkaller/sys/netbsd/gen"
+	_ "github.com/google/syzkaller/sys/openbsd/gen"
 	_ "github.com/google/syzkaller/sys/test/gen"
 	_ "github.com/google/syzkaller/sys/windows/gen"
 )
--- a/sys/syz-extract/extract.go
+++ b/sys/syz-extract/extract.go
@ -59,6 +59,7 @@ var extractors = map[string]Extractor{
 	"linux":   new(linux),
 	"freebsd": new(freebsd),
 	"netbsd":  new(netbsd),
+	"openbsd": new(openbsd),
 	"android": new(linux),
 	"fuchsia": new(fuchsia),
 	"windows": new(windows),
--- a/sys/syz-extract/openbsd.go
+++ b/sys/syz-extract/openbsd.go
@ -0,0 +1,86 @@
+// Copyright 2017 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package main
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/google/syzkaller/pkg/compiler"
+)
+
+type openbsd struct{}
+
+func (*openbsd) prepare(sourcedir string, build bool, arches []string) error {
+	if sourcedir == "" {
+		return fmt.Errorf("provide path to kernel checkout via -sourcedir flag (or make extract SOURCEDIR)")
+	}
+	if !build {
+		return fmt.Errorf("openbsd requires -build flag")
+	}
+	return nil
+}
+
+func (*openbsd) prepareArch(arch *Arch) error {
+	if err := os.Symlink(filepath.Join(arch.sourceDir, "sys", "arch", "amd64", "include"),
+		filepath.Join(arch.buildDir, "amd64")); err != nil {
+		return fmt.Errorf("failed to create link: %v", err)
+	}
+	if err := os.Symlink(filepath.Join(arch.sourceDir, "sys", "arch", "amd64", "include"),
+		filepath.Join(arch.buildDir, "machine")); err != nil {
+		return fmt.Errorf("failed to create link: %v", err)
+	}
+	return nil
+}
+
+func (*openbsd) processFile(arch *Arch, info *compiler.ConstInfo) (map[string]uint64, map[string]bool, error) {
+	args := []string{
+		"-fmessage-length=0",
+		"-nostdinc",
+		"-D_KERNEL",
+		"-D__BSD_VISIBLE=1",
+		"-I", filepath.Join(arch.sourceDir, "sys"),
+		"-I", filepath.Join(arch.sourceDir, "sys", "sys"),
+		"-I", filepath.Join(arch.sourceDir, "sys", "arch", "amd64"),
+		"-I", filepath.Join(arch.sourceDir, "common", "include"),
+		"-I", filepath.Join(arch.sourceDir, "sys", "compat", "linux", "common"),
+		"-I", arch.buildDir,
+	}
+	for _, incdir := range info.Incdirs {
+		args = append(args, "-I"+filepath.Join(arch.sourceDir, incdir))
+	}
+	// Syscall consts on openbsd have weird prefixes sometimes,
+	// try to extract consts with these prefixes as well.
+	compatNames := make(map[string][]string)
+	for _, val := range info.Consts {
+		const SYS = "SYS_"
+		if strings.HasPrefix(val, SYS) {
+			for _, prefix := range []string{"_", "__", "___"} {
+				for _, suffix := range []string{"30", "50"} {
+					compat := SYS + prefix + val[len(SYS):] + suffix
+					compatNames[val] = append(compatNames[val], compat)
+					info.Consts = append(info.Consts, compat)
+				}
+			}
+		} else {
+			compat := "LINUX_" + val
+			compatNames[val] = append(compatNames[val], compat)
+			info.Consts = append(info.Consts, compat)
+		}
+	}
+	res, undeclared, err := extract(info, "gcc", args, "#include <sys/syscall.h>", false)
+	for orig, compats := range compatNames {
+		for _, compat := range compats {
+			if undeclared[orig] && !undeclared[compat] {
+				res[orig] = res[compat]
+				delete(res, compat)
+				delete(undeclared, orig)
+			}
+			delete(undeclared, compat)
+		}
+	}
+	return res, undeclared, err
+}
--- a/sys/targets/common.go
+++ b/sys/targets/common.go
@ -52,6 +52,7 @@ type UnixSanitizer struct {
 	S_IFBLK        uint64
 	S_IFIFO        uint64
 	S_IFSOCK       uint64
+	S_IFMT         uint64
 }

 func MakeUnixSanitizer(target *prog.Target) *UnixSanitizer {
@ -64,6 +65,7 @@ func MakeUnixSanitizer(target *prog.Target) *UnixSanitizer {
 		S_IFBLK:        target.ConstMap["S_IFBLK"],
 		S_IFIFO:        target.ConstMap["S_IFIFO"],
 		S_IFSOCK:       target.ConstMap["S_IFSOCK"],
+		S_IFMT:         target.ConstMap["S_IFMT"],
 	}
 }

--- a/sys/targets/targets.go
+++ b/sys/targets/targets.go
@ -177,6 +177,15 @@ var List = map[string]map[string]*Target{
 			CrossCFlags: []string{"-m64", "-static"},
 		},
 	},
+	"openbsd": {
+		"amd64": {
+			PtrSize:     8,
+			PageSize:    4 << 10,
+			CFlags:      []string{"-m64"},
+			CCompiler:   "c++",
+			CrossCFlags: []string{"-m64", "-static", "-lutil"},
+		},
+	},
 	"fuchsia": {
 		"amd64": {
 			PtrSize:          8,
@ -253,6 +262,12 @@ var oses = map[string]osCommon{
 		ExecutorUsesShmem:      true,
 		ExecutorUsesForkServer: true,
 	},
+	"openbsd": {
+		SyscallNumbers:         true,
+		SyscallPrefix:          "SYS_",
+		ExecutorUsesShmem:      true,
+		ExecutorUsesForkServer: true,
+	},
 	"fuchsia": {
 		SyscallNumbers:         false,
 		ExecutorUsesShmem:      false,
				`@ -0,0 +1,2 @@`

				`reorder_kernel: kernel relinking failed; see /usr/share/relink/kernel/KCOV/relink.log`