sys/darwin: initial syscall definitions

Pretty much ripped from freebsd +/- what isn't applicable to darwin.

31 files changed, 1570 insertions, 31 deletions

diff --git a/executor/common.h b/executor/common.h
index c8bfccb9b..17c680b21 100644
--- a/executor/common.h
+++ b/executor/common.h
@@ -449,7 +449,7 @@ static uint16 csum_inet_digest(struct csum_inet* csum)
 #error "unknown OS"
 #endif
 
-#if !GOOS_darwin && SYZ_EXECUTOR || __NR_syz_execute_func
+#if SYZ_EXECUTOR || __NR_syz_execute_func
 // syz_execute_func(text ptr[in, text[taget]])
 static long syz_execute_func(volatile long text)
 {
diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index b2c055f5e..a162ad9f6 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -10119,7 +10119,7 @@ static void use_temporary_dir(void)
 #error "unknown OS"
 #endif
 
-#if !GOOS_darwin && SYZ_EXECUTOR || __NR_syz_execute_func
+#if SYZ_EXECUTOR || __NR_syz_execute_func
 static long syz_execute_func(volatile long text)
 {
 #if defined(__GNUC__)
diff --git a/sys/darwin/fh.txt b/sys/darwin/fh.txt
new file mode 100644
index 000000000..86ea4a716
--- /dev/null
+++ b/sys/darwin/fh.txt
@@ -0,0 +1,15 @@
+# Copyright 2020 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <stdint.h>
+include <sys/types.h>
+include <sys/mount.h>
+
+getfh(file ptr[in, filename], fhp ptr[out, fhandle])
+
+fhopen(fhp ptr[in, fhandle], flags flags[open_flags]) fd
+
+fhandle {
+	fh_len	int32
+	fh_data	array[int8, NFS_MAX_FH_SIZE]
+}
diff --git a/sys/darwin/fh.txt.const b/sys/darwin/fh.txt.const
new file mode 100644
index 000000000..d0c145546
--- /dev/null
+++ b/sys/darwin/fh.txt.const
@@ -0,0 +1,5 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = amd64
+NFS_MAX_FH_SIZE = amd64:128
+SYS_fhopen = amd64:248
+SYS_getfh = amd64:161
diff --git a/sys/darwin/ipc.txt b/sys/darwin/ipc.txt
new file mode 100644
index 000000000..537512032
--- /dev/null
+++ b/sys/darwin/ipc.txt
@@ -0,0 +1,108 @@
+# Copyright 2021 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <sys/types.h>
+include <sys/fcntl.h>
+include <sys/filio.h>
+include <sys/ipc.h>
+include <sys/mman.h>
+include <sys/msg.h>
+include <sys/sem.h>
+include <sys/shm.h>
+include <sys/stat.h>
+
+resource ipc[int32]: 0, 0xffffffffffffffff
+
+# TODO: describe ipc syscall
+
+define SYS___semctl	510
+
+resource ipc_msq[ipc]
+msgget(key proc[2039379027, 4], flags flags[msgget_flags]) ipc_msq
+msgget$private(key const[IPC_PRIVATE], flags flags[msgget_flags]) ipc_msq
+msgsnd(msqid ipc_msq, msgp ptr[in, msgbuf], sz len[msgp], flags flags[msgsnd_flags])
+msgrcv(msqid ipc_msq, msgp ptr[out, msgbuf], sz len[msgp], typ flags[msgbuf_type], flags flags[msgrcv_flags])
+msgctl$IPC_STAT(msqid ipc_msq, cmd const[IPC_STAT], buf buffer[out])
+msgctl$IPC_SET(msqid ipc_msq, cmd const[IPC_SET], buf ptr[in, msqid_ds])
+msgctl$IPC_RMID(msqid ipc_msq, cmd const[IPC_RMID])
+
+resource ipc_sem[ipc]
+semget(key proc[2039359027, 4], nsems flags[sem_sem_id], flags flags[semget_flags]) ipc_sem
+semget$private(key const[IPC_PRIVATE], nsems flags[sem_sem_id], flags flags[semget_flags]) ipc_sem
+semop(semid ipc_sem, ops ptr[in, array[sembuf]], nops len[ops])
+
+resource ipc_shm[ipc]
+resource shmaddr[intptr]: 0
+# The unused arg is unused by syscall (does not exist at all),
+# but it helps to generate sane size values.
+shmget(key proc[2039339027, 4], size len[unused], flags flags[shmget_flags], unused vma) ipc_shm
+shmget$private(key const[IPC_PRIVATE], size len[unused], flags flags[shmget_flags], unused vma) ipc_shm
+shmat(shmid ipc_shm, addr vma, flags flags[shmat_flags]) shmaddr
+shmctl$IPC_STAT(shmid ipc_shm, cmd const[IPC_STAT], buf buffer[out])
+shmctl$IPC_SET(shmid ipc_shm, cmd const[IPC_SET], buf ptr[in, shmid_ds])
+shmctl$IPC_RMID(shmid ipc_shm, cmd const[IPC_RMID])
+shmdt(addr shmaddr)
+
+shm_unlink(path ptr[in, filename])
+
+msgget_flags = IPC_CREAT, IPC_EXCL, S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IWGRP, S_IXGRP, S_IROTH, S_IWOTH, S_IXOTH
+msgbuf_type = 0, 1, 2, 3
+msgsnd_flags = IPC_NOWAIT
+msgrcv_flags = IPC_NOWAIT, MSG_NOERROR
+semget_flags = IPC_CREAT, IPC_EXCL, S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IWGRP, S_IXGRP, S_IROTH, S_IWOTH, S_IXOTH
+semop_flags = IPC_NOWAIT, SEM_UNDO
+sem_sem_id = 0, 1, 2, 3, 4
+shmget_flags = IPC_CREAT, IPC_EXCL, S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IWGRP, S_IXGRP, S_IROTH, S_IWOTH, S_IXOTH
+shmat_flags = SHM_RND, SHM_RDONLY
+
+ipc_perm {
+	key	int32
+	uid	uid
+	gid	gid
+	cuid	uid
+	cgid	gid
+	mode	flags[open_mode, int32]
+	seq	int16
+	pad0	const[0, int16]
+	pad1	const[0, intptr]
+	pad2	const[0, intptr]
+}
+
+msqid_ds {
+	perm	ipc_perm
+	stime	intptr
+	rtime	intptr
+	ctime	intptr
+	cbytes	intptr
+	qnum	intptr
+	qbytes	intptr
+	lspid	pid
+	lrpid	pid
+	pad0	const[0, intptr]
+	pad1	const[0, intptr]
+}
+
+shmid_ds {
+	perm	ipc_perm
+	segsz	int32
+	atime	intptr
+	dtime	intptr
+	ctime	intptr
+	cpid	pid
+	lpid	pid
+	nattch	int16
+	unused0	const[0, int16]
+	unused1	const[0, intptr]
+	unused2	const[0, intptr]
+}
+
+sembuf {
+	num	flags[sem_sem_id, int16]
+	op	int16
+	flg	flags[semop_flags, int16]
+}
+
+msgbuf {
+	typ	flags[msgbuf_type, intptr]
+	data	array[int8]
+} [packed]
diff --git a/sys/darwin/ipc.txt.const b/sys/darwin/ipc.txt.const
new file mode 100644
index 000000000..73ed11fc8
--- /dev/null
+++ b/sys/darwin/ipc.txt.const
@@ -0,0 +1,34 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = amd64
+IPC_CREAT = amd64:512
+IPC_EXCL = amd64:1024
+IPC_NOWAIT = amd64:2048
+IPC_PRIVATE = amd64:0
+IPC_RMID = amd64:0
+IPC_SET = amd64:1
+IPC_STAT = amd64:2
+MSG_NOERROR = amd64:4096
+SEM_UNDO = amd64:4096
+SHM_RDONLY = amd64:4096
+SHM_RND = amd64:8192
+SYS___semctl = amd64:510
+SYS_msgctl = amd64:258
+SYS_msgget = amd64:259
+SYS_msgrcv = amd64:261
+SYS_msgsnd = amd64:260
+SYS_semget = amd64:255
+SYS_semop = amd64:256
+SYS_shm_unlink = amd64:267
+SYS_shmat = amd64:262
+SYS_shmctl = amd64:263
+SYS_shmdt = amd64:264
+SYS_shmget = amd64:265
+S_IRGRP = amd64:32
+S_IROTH = amd64:4
+S_IRUSR = amd64:256
+S_IWGRP = amd64:16
+S_IWOTH = amd64:2
+S_IWUSR = amd64:128
+S_IXGRP = amd64:8
+S_IXOTH = amd64:1
+S_IXUSR = amd64:64
diff --git a/sys/darwin/kqueue.txt b/sys/darwin/kqueue.txt
new file mode 100644
index 000000000..36ecf1a09
--- /dev/null
+++ b/sys/darwin/kqueue.txt
@@ -0,0 +1,24 @@
+# Copyright 2020 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <sys/types.h>
+include <sys/event.h>
+
+resource kqueue[fd]
+
+kqueue() kqueue
+kevent(kqueue kqueue, changelist ptr[in, array[kevent]], nchanges len[changelist], eventlist ptr[out, array[kevent]], nevents len[eventlist], timeout ptr[in, timespec])
+
+kevent {
+	ident	intptr
+	filter	flags[filters, int16]
+	flags	flags[evflags, int16]
+	fflags	flags[fflags, int32]
+	data	int64
+	udata	intptr
+	ext	array[int64, 4]
+}
+
+evflags = EV_ADD, EV_ENABLE, EV_DISABLE, EV_DISPATCH, EV_DELETE, EV_RECEIPT, EV_ONESHOT, EV_CLEAR, EV_EOF, EV_ERROR
+filters = EVFILT_READ, EVFILT_WRITE, EVFILT_AIO, EVFILT_VNODE, EVFILT_PROC, EVFILT_SIGNAL, EVFILT_TIMER, EVFILT_USER
+fflags = NOTE_LOWAT, NOTE_ATTRIB, NOTE_DELETE, NOTE_EXTEND, NOTE_LINK, NOTE_RENAME, NOTE_REVOKE, NOTE_WRITE, NOTE_EXIT, NOTE_FORK, NOTE_EXEC, NOTE_TRACK, NOTE_SECONDS, NOTE_USECONDS, NOTE_NSECONDS, NOTE_FFNOP, NOTE_FFAND, NOTE_FFOR, NOTE_FFCOPY, NOTE_FFCTRLMASK, NOTE_FFLAGSMASK, NOTE_TRIGGER
diff --git a/sys/darwin/kqueue.txt.const b/sys/darwin/kqueue.txt.const
new file mode 100644
index 000000000..634913f21
--- /dev/null
+++ b/sys/darwin/kqueue.txt.const
@@ -0,0 +1,44 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = amd64
+EVFILT_AIO = amd64:18446744073709551613
+EVFILT_PROC = amd64:18446744073709551611
+EVFILT_READ = amd64:18446744073709551615
+EVFILT_SIGNAL = amd64:18446744073709551610
+EVFILT_TIMER = amd64:18446744073709551609
+EVFILT_USER = amd64:18446744073709551606
+EVFILT_VNODE = amd64:18446744073709551612
+EVFILT_WRITE = amd64:18446744073709551614
+EV_ADD = amd64:1
+EV_CLEAR = amd64:32
+EV_DELETE = amd64:2
+EV_DISABLE = amd64:8
+EV_DISPATCH = amd64:128
+EV_ENABLE = amd64:4
+EV_EOF = amd64:32768
+EV_ERROR = amd64:16384
+EV_ONESHOT = amd64:16
+EV_RECEIPT = amd64:64
+NOTE_ATTRIB = amd64:8
+NOTE_DELETE = amd64:1
+NOTE_EXEC = amd64:536870912
+NOTE_EXIT = amd64:2147483648
+NOTE_EXTEND = amd64:4
+NOTE_FFAND = amd64:1073741824
+NOTE_FFCOPY = amd64:3221225472
+NOTE_FFCTRLMASK = amd64:3221225472
+NOTE_FFLAGSMASK = amd64:16777215
+NOTE_FFNOP = amd64:0
+NOTE_FFOR = amd64:2147483648
+NOTE_FORK = amd64:1073741824
+NOTE_LINK = amd64:16
+NOTE_LOWAT = amd64:1
+NOTE_NSECONDS = amd64:4
+NOTE_RENAME = amd64:32
+NOTE_REVOKE = amd64:64
+NOTE_SECONDS = amd64:1
+NOTE_TRACK = amd64:1
+NOTE_TRIGGER = amd64:16777216
+NOTE_USECONDS = amd64:2
+NOTE_WRITE = amd64:2
+SYS_kevent = amd64:363
+SYS_kqueue = amd64:362
diff --git a/sys/darwin/pf.txt b/sys/darwin/pf.txt
new file mode 100644
index 000000000..6a60a986d
--- /dev/null
+++ b/sys/darwin/pf.txt
@@ -0,0 +1,106 @@
+# Copyright 2019 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <sys/param.h>
+include <sys/socket.h>
+include <sys/lock.h>
+include <sys/mbuf.h>
+include <sys/ioccom.h>
+include <net/if.h>
+include <net/radix.h>
+include <net/pfvar.h>
+
+resource fd_pf[fd]
+
+openat$ptmx(fd const[AT_FDCWD], file ptr[in, string["/dev/pf"]], flags flags[open_flags], mode const[0]) fd_pf
+
+ioctl$DIOCADDRULE(fd fd_pf, cmd const[DIOCADDRULE], arg ptr[in, array[int8]])
+ioctl$DIOCGETRULES(fd fd_pf, cmd const[DIOCGETRULES], arg ptr[in, array[int8]])
+ioctl$DIOCGETRULE(fd fd_pf, cmd const[DIOCGETRULE], arg ptr[in, array[int8]])
+ioctl$DIOCCLRSTATES(fd fd_pf, cmd const[DIOCCLRSTATES], arg ptr[in, array[int8]])
+ioctl$DIOCGETSTATE(fd fd_pf, cmd const[DIOCGETSTATE], arg ptr[in, array[int8]])
+ioctl$DIOCSETSTATUSIF(fd fd_pf, cmd const[DIOCSETSTATUSIF], arg ptr[in, pfioc_if])
+ioctl$DIOCGETSTATUS(fd fd_pf, cmd const[DIOCGETSTATUS], arg ptr[in, array[int8]])
+ioctl$DIOCNATLOOK(fd fd_pf, cmd const[DIOCNATLOOK], arg ptr[in, array[int8]])
+ioctl$DIOCGETSTATES(fd fd_pf, cmd const[DIOCGETSTATES], arg ptr[in, array[int8]])
+ioctl$DIOCCHANGERULE(fd fd_pf, cmd const[DIOCCHANGERULE], arg ptr[in, array[int8]])
+ioctl$DIOCSETTIMEOUT(fd fd_pf, cmd const[DIOCSETTIMEOUT], arg ptr[in, pfioc_tm])
+ioctl$DIOCGETTIMEOUT(fd fd_pf, cmd const[DIOCGETTIMEOUT], arg ptr[in, pfioc_tm])
+ioctl$DIOCADDSTATE(fd fd_pf, cmd const[DIOCADDSTATE], arg ptr[in, array[int8]])
+ioctl$DIOCGETLIMIT(fd fd_pf, cmd const[DIOCGETLIMIT], arg ptr[in, pfioc_limit])
+ioctl$DIOCSETLIMIT(fd fd_pf, cmd const[DIOCSETLIMIT], arg ptr[in, pfioc_limit])
+ioctl$DIOCKILLSTATES(fd fd_pf, cmd const[DIOCKILLSTATES], arg ptr[in, array[int8]])
+ioctl$DIOCBEGINADDRS(fd fd_pf, cmd const[DIOCBEGINADDRS], arg ptr[in, array[int8]])
+ioctl$DIOCADDADDR(fd fd_pf, cmd const[DIOCADDADDR], arg ptr[in, array[int8]])
+ioctl$DIOCGETADDRS(fd fd_pf, cmd const[DIOCGETADDRS], arg ptr[in, array[int8]])
+ioctl$DIOCGETADDR(fd fd_pf, cmd const[DIOCGETADDR], arg ptr[in, array[int8]])
+ioctl$DIOCCHANGEADDR(fd fd_pf, cmd const[DIOCCHANGEADDR], arg ptr[in, array[int8]])
+ioctl$DIOCGETRULESETS(fd fd_pf, cmd const[DIOCGETRULESETS], arg ptr[in, array[int8]])
+ioctl$DIOCGETRULESET(fd fd_pf, cmd const[DIOCGETRULESET], arg ptr[in, array[int8]])
+ioctl$DIOCRCLRTABLES(fd fd_pf, cmd const[DIOCRCLRTABLES], arg ptr[in, pfioc_table])
+ioctl$DIOCRADDTABLES(fd fd_pf, cmd const[DIOCRADDTABLES], arg ptr[in, pfioc_table])
+ioctl$DIOCRDELTABLES(fd fd_pf, cmd const[DIOCRDELTABLES], arg ptr[in, pfioc_table])
+ioctl$DIOCRGETTABLES(fd fd_pf, cmd const[DIOCRGETTABLES], arg ptr[in, pfioc_table])
+ioctl$DIOCRGETTSTATS(fd fd_pf, cmd const[DIOCRGETTSTATS], arg ptr[in, pfioc_table])
+ioctl$DIOCRCLRTSTATS(fd fd_pf, cmd const[DIOCRCLRTSTATS], arg ptr[in, pfioc_table])
+ioctl$DIOCRSETTFLAGS(fd fd_pf, cmd const[DIOCRSETTFLAGS], arg ptr[in, pfioc_table])
+ioctl$DIOCRADDADDRS(fd fd_pf, cmd const[DIOCRADDADDRS], arg ptr[in, pfioc_table])
+ioctl$DIOCRDELADDRS(fd fd_pf, cmd const[DIOCRDELADDRS], arg ptr[in, pfioc_table])
+ioctl$DIOCRSETADDRS(fd fd_pf, cmd const[DIOCRSETADDRS], arg ptr[in, pfioc_table])
+ioctl$DIOCRGETADDRS(fd fd_pf, cmd const[DIOCRGETADDRS], arg ptr[in, pfioc_table])
+ioctl$DIOCRTSTADDRS(fd fd_pf, cmd const[DIOCRTSTADDRS], arg ptr[in, pfioc_table])
+ioctl$DIOCRGETASTATS(fd fd_pf, cmd const[DIOCRGETASTATS], arg ptr[in, pfioc_table])
+ioctl$DIOCRCLRASTATS(fd fd_pf, cmd const[DIOCRCLRASTATS], arg ptr[in, pfioc_table])
+ioctl$DIOCRINADEFINE(fd fd_pf, cmd const[DIOCRINADEFINE], arg ptr[in, pfioc_table])
+ioctl$DIOCOSFPADD(fd fd_pf, cmd const[DIOCOSFPADD], arg ptr[in, array[int8]])
+ioctl$DIOCOSFPGET(fd fd_pf, cmd const[DIOCOSFPGET], arg ptr[in, array[int8]])
+ioctl$DIOCXBEGIN(fd fd_pf, cmd const[DIOCXBEGIN], arg ptr[in, array[int8]])
+ioctl$DIOCXCOMMIT(fd fd_pf, cmd const[DIOCXCOMMIT], arg ptr[in, array[int8]])
+ioctl$DIOCXROLLBACK(fd fd_pf, cmd const[DIOCXROLLBACK], arg ptr[in, array[int8]])
+ioctl$DIOCGETSRCNODES(fd fd_pf, cmd const[DIOCGETSRCNODES], arg ptr[in, array[int8]])
+ioctl$DIOCIGETIFACES(fd fd_pf, cmd const[DIOCIGETIFACES], arg ptr[in, pfioc_iface])
+ioctl$DIOCSETIFFLAG(fd fd_pf, cmd const[DIOCSETIFFLAG], arg ptr[in, pfioc_iface])
+ioctl$DIOCCLRIFFLAG(fd fd_pf, cmd const[DIOCCLRIFFLAG], arg ptr[in, pfioc_iface])
+ioctl$DIOCKILLSRCNODES(fd fd_pf, cmd const[DIOCKILLSRCNODES], arg ptr[in, array[int8]])
+
+pfioc_if {
+	ifname	const[IFNAMSIZ, int8]
+}
+
+pfioc_tm {
+	timeout	int32
+	seconds	int32
+}
+
+pfioc_limit {
+	index	int32
+	limit	int32
+}
+
+pfr_table {
+	pfrt_anchor	array[int8, MAXPATHLEN]
+	pfrt_name	array[int8, PF_TABLE_NAME_SIZE]
+	pfrt_flags	int32
+	pfrt_fback	int8
+}
+
+pfioc_table {
+	pfrio_table	pfr_table
+	pfrio_buffer	ptr[in, array[int8]]
+	pfrio_esize	int64
+	pfrio_size	int64
+	pfrio_size2	int64
+	pfrio_nadd	int64
+	pfrio_ndel	int64
+	pfrio_nchange	int64
+	pfrio_flags	int64
+	pfrio_ticket	int32
+}
+
+pfioc_iface {
+	pfiio_name	const[IFNAMSIZ, int8]
+	pfiio_buffer	ptr[in, array[int8]]
+	pfiio_esize	int32
+	pfiio_size	int32
+	pfiio_flags	int32
+}
diff --git a/sys/darwin/pf.txt.const b/sys/darwin/pf.txt.const
new file mode 100644
index 000000000..f4fcbcbd3
--- /dev/null
+++ b/sys/darwin/pf.txt.const
@@ -0,0 +1,56 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = amd64
+AT_FDCWD = ???
+DIOCADDADDR = amd64:3295691828
+DIOCADDRULE = amd64:3424666628
+DIOCADDSTATE = amd64:3240707109
+DIOCBEGINADDRS = amd64:3295691827
+DIOCCHANGEADDR = amd64:3295691831
+DIOCCHANGERULE = amd64:3424666650
+DIOCCLRIFFLAG = amd64:3223864410
+DIOCCLRSTATES = amd64:3235398674
+DIOCGETADDR = amd64:3295691830
+DIOCGETADDRS = amd64:3295691829
+DIOCGETLIMIT = amd64:3221767207
+DIOCGETRULE = amd64:3424666631
+DIOCGETRULES = amd64:3424666630
+DIOCGETRULESET = amd64:3292808251
+DIOCGETRULESETS = amd64:3292808250
+DIOCGETSRCNODES = amd64:3222291540
+DIOCGETSTATE = amd64:3240707091
+DIOCGETSTATES = amd64:3222291481
+DIOCGETSTATUS = amd64:3249554453
+DIOCGETTIMEOUT = amd64:3221767198
+DIOCIGETIFACES = amd64:3223864407
+DIOCKILLSRCNODES = amd64:3230155867
+DIOCKILLSTATES = amd64:3235398697
+DIOCNATLOOK = amd64:3226747927
+DIOCOSFPADD = amd64:3230155855
+DIOCOSFPGET = amd64:3230155856
+DIOCRADDADDRS = amd64:3293594691
+DIOCRADDTABLES = amd64:3293594685
+DIOCRCLRASTATS = amd64:3293594696
+DIOCRCLRTABLES = amd64:3293594684
+DIOCRCLRTSTATS = amd64:3293594689
+DIOCRDELADDRS = amd64:3293594692
+DIOCRDELTABLES = amd64:3293594686
+DIOCRGETADDRS = amd64:3293594694
+DIOCRGETASTATS = amd64:3293594695
+DIOCRGETTABLES = amd64:3293594687
+DIOCRGETTSTATS = amd64:3293594688
+DIOCRINADEFINE = amd64:3293594701
+DIOCRSETADDRS = amd64:3293594693
+DIOCRSETTFLAGS = amd64:3293594698
+DIOCRTSTADDRS = amd64:3293594697
+DIOCSETIFFLAG = amd64:3223864409
+DIOCSETLIMIT = amd64:3221767208
+DIOCSETSTATUSIF = amd64:3222291476
+DIOCSETTIMEOUT = amd64:3221767197
+DIOCXBEGIN = amd64:3222291537
+DIOCXCOMMIT = amd64:3222291538
+DIOCXROLLBACK = amd64:3222291539
+IFNAMSIZ = amd64:16
+MAXPATHLEN = amd64:1024
+PF_TABLE_NAME_SIZE = amd64:32
+SYS_ioctl = amd64:54
+SYS_openat = amd64:463
diff --git a/sys/darwin/posix_fs.txt b/sys/darwin/posix_fs.txt
new file mode 100644
index 000000000..ed6d08790
--- /dev/null
+++ b/sys/darwin/posix_fs.txt
@@ -0,0 +1,71 @@
+# Copyright 2021 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <sys/types.h>
+include <sys/stat.h>
+include <fcntl.h>
+include <unistd.h>
+
+resource fd[int32]: 0xffffffffffffffff, AT_FDCWD
+resource fd_dir[fd]
+
+resource pid[int32]: 0, 0xffffffffffffffff
+resource uid[int32]: 0, 0xffffffffffffffff
+resource gid[int32]: 0, 0xffffffffffffffff
+
+open(file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd
+# Just so that we have something that creates fd_dir resources.
+open$dir(file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd_dir
+openat(fd fd_dir[opt], file ptr[in, filename], flags flags[open_flags], mode flags[open_mode]) fd
+close(fd fd)
+read(fd fd, buf buffer[out], count len[buf])
+readv(fd fd, vec ptr[in, array[iovec_out]], vlen len[vec])
+write(fd fd, buf buffer[in], count len[buf])
+writev(fd fd, vec ptr[in, array[iovec_in]], vlen len[vec])
+lseek(fd fd, offset fileoff, whence flags[seek_whence])
+dup(oldfd fd) fd
+dup2(oldfd fd, newfd fd) fd
+fstat(fd fd, statbuf ptr[out, stat])
+pathconf(file ptr[in, filename], name flags[conf_value])
+fpathconf(fd fd, name flags[conf_value])
+
+iovec_in {
+	addr	buffer[in]
+	len	len[addr, intptr]
+}
+
+iovec_out {
+	addr	buffer[out]
+	len	len[addr, intptr]
+}
+
+stat {
+	dev	int64
+	ino	int64
+	nlink	int64
+	mode	int16
+	__pad0	const[0, int16]
+	uid	uid
+	gid	gid
+	__pad1	const[0, int32]
+	rdev	int64
+	atime	int64
+	ansec	int64
+	mtime	int64
+	mnsec	int64
+	ctime	int64
+	cnsec	int64
+	btime	int64
+	bnsec	int64
+	size	int64
+	blocks	int64
+	blksize	int32
+	flags	int32
+	gen	int64
+	__spare	array[int64, 10]
+}
+
+open_flags = O_RDONLY, O_WRONLY, O_RDWR, O_NONBLOCK, O_APPEND, O_CREAT, O_TRUNC, O_EXCL, O_SHLOCK, O_EXLOCK, O_NOFOLLOW, O_SYMLINK, O_EVTONLY, O_CLOEXEC, O_NOFOLLOW_ANY
+open_mode = S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IWGRP, S_IXGRP, S_IROTH, S_IWOTH, S_IXOTH
+seek_whence = SEEK_SET, SEEK_CUR, SEEK_END, SEEK_DATA, SEEK_HOLE
+conf_value = _PC_LINK_MAX, _PC_MAX_CANON, _PC_MAX_INPUT, _PC_NAME_MAX, _PC_PATH_MAX, _PC_PIPE_BUF, _PC_CHOWN_RESTRICTED, _PC_NO_TRUNC, _PC_VDISABLE, _PC_XATTR_SIZE_BITS, _PC_MIN_HOLE_SIZE
diff --git a/sys/darwin/posix_fs.txt.const b/sys/darwin/posix_fs.txt.const
new file mode 100644
index 000000000..66795053f
--- /dev/null
+++ b/sys/darwin/posix_fs.txt.const
@@ -0,0 +1,56 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = amd64
+AT_FDCWD = amd64:18446744073709551614
+O_APPEND = amd64:8
+O_CLOEXEC = amd64:16777216
+O_CREAT = amd64:512
+O_EVTONLY = amd64:32768
+O_EXCL = amd64:2048
+O_EXLOCK = amd64:32
+O_NOFOLLOW = amd64:256
+O_NOFOLLOW_ANY = amd64:536870912
+O_NONBLOCK = amd64:4
+O_RDONLY = amd64:0
+O_RDWR = amd64:2
+O_SHLOCK = amd64:16
+O_SYMLINK = amd64:2097152
+O_TRUNC = amd64:1024
+O_WRONLY = amd64:1
+SEEK_CUR = amd64:1
+SEEK_DATA = amd64:4
+SEEK_END = amd64:2
+SEEK_HOLE = amd64:3
+SEEK_SET = amd64:0
+SYS_close = amd64:6
+SYS_dup = amd64:41
+SYS_dup2 = amd64:90
+SYS_fpathconf = amd64:192
+SYS_fstat = amd64:189
+SYS_lseek = amd64:199
+SYS_open = amd64:5
+SYS_openat = amd64:463
+SYS_pathconf = amd64:191
+SYS_read = amd64:3
+SYS_readv = amd64:120
+SYS_write = amd64:4
+SYS_writev = amd64:121
+S_IRGRP = amd64:32
+S_IROTH = amd64:4
+S_IRUSR = amd64:256
+S_IWGRP = amd64:16
+S_IWOTH = amd64:2
+S_IWUSR = amd64:128
+S_IXGRP = amd64:8
+S_IXOTH = amd64:1
+S_IXUSR = amd64:64
+_PC_CHOWN_RESTRICTED = amd64:7
+_PC_LINK_MAX = amd64:1
+_PC_MAX_CANON = amd64:2
+_PC_MAX_INPUT = amd64:3
+_PC_MIN_HOLE_SIZE = amd64:27
+_PC_NAME_MAX = amd64:4
+_PC_NO_TRUNC = amd64:8
+_PC_PATH_MAX = amd64:5
+_PC_PIPE_BUF = amd64:6
+_PC_VDISABLE = amd64:9
+_PC_XATTR_SIZE_BITS = amd64:26
diff --git a/sys/darwin/posix_mm.txt b/sys/darwin/posix_mm.txt
new file mode 100644
index 000000000..4139a713c
--- /dev/null
+++ b/sys/darwin/posix_mm.txt
@@ -0,0 +1,23 @@
+# Copyright 2021 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <sys/types.h>
+include <sys/mman.h>
+
+mmap(addr vma, len len[addr], prot flags[mmap_prot], flags flags[mmap_flags], fd fd, offset fileoff)
+munmap(addr vma, len len[addr])
+mprotect(addr vma, len len[addr], prot flags[mmap_prot])
+msync(addr vma, len len[addr], f flags[msync_flags])
+madvise(addr vma, len len[addr], advice flags[madvise_flags])
+mlock(addr vma, size len[addr])
+munlock(addr vma, size len[addr])
+mlockall(flags flags[mlockall_flags])
+munlockall()
+
+mmap_prot = PROT_EXEC, PROT_READ, PROT_WRITE
+msync_flags = MS_ASYNC, MS_SYNC, MS_INVALIDATE
+mmap_flags = MAP_ANONYMOUS, MAP_ANON, MAP_FILE, MAP_FIXED, MAP_HASSEMAPHORE, MAP_PRIVATE, MAP_SHARED, MAP_NOCACHE, MAP_JIT, MAP_32BIT
+madvise_flags = MADV_NORMAL, POSIX_MADV_NORMAL, MADV_SEQUENTIAL, POSIX_MADV_SEQUENTIAL, MADV_RANDOM, POSIX_MADV_RANDOM, MADV_WILLNEED, POSIX_MADV_WILLNEED, MADV_DONTNEED, POSIX_MADV_DONTNEED, MADV_FREE, MADV_ZERO_WIRED_PAGES
+mlockall_flags = MCL_CURRENT, MCL_FUTURE
+
+define MAP_ANONYMOUS	MAP_ANON
diff --git a/sys/darwin/posix_mm.txt.const b/sys/darwin/posix_mm.txt.const
new file mode 100644
index 000000000..274a88d4f
--- /dev/null
+++ b/sys/darwin/posix_mm.txt.const
@@ -0,0 +1,41 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = amd64
+MADV_DONTNEED = amd64:4
+MADV_FREE = amd64:5
+MADV_NORMAL = amd64:0
+MADV_RANDOM = amd64:1
+MADV_SEQUENTIAL = amd64:2
+MADV_WILLNEED = amd64:3
+MADV_ZERO_WIRED_PAGES = amd64:6
+MAP_32BIT = amd64:32768
+MAP_ANON = amd64:4096
+MAP_ANONYMOUS = amd64:4096
+MAP_FILE = amd64:0
+MAP_FIXED = amd64:16
+MAP_HASSEMAPHORE = amd64:512
+MAP_JIT = amd64:2048
+MAP_NOCACHE = amd64:1024
+MAP_PRIVATE = amd64:2
+MAP_SHARED = amd64:1
+MCL_CURRENT = amd64:1
+MCL_FUTURE = amd64:2
+MS_ASYNC = amd64:1
+MS_INVALIDATE = amd64:2
+MS_SYNC = amd64:16
+POSIX_MADV_DONTNEED = amd64:4
+POSIX_MADV_NORMAL = amd64:0
+POSIX_MADV_RANDOM = amd64:1
+POSIX_MADV_SEQUENTIAL = amd64:2
+POSIX_MADV_WILLNEED = amd64:3
+PROT_EXEC = amd64:4
+PROT_READ = amd64:1
+PROT_WRITE = amd64:2
+SYS_madvise = amd64:75
+SYS_mlock = amd64:203
+SYS_mlockall = amd64:324
+SYS_mmap = amd64:197
+SYS_mprotect = amd64:74
+SYS_msync = amd64:65
+SYS_munlock = amd64:204
+SYS_munlockall = amd64:325
+SYS_munmap = amd64:73
diff --git a/sys/darwin/socket.txt b/sys/darwin/socket.txt
new file mode 100644
index 000000000..00d259ea3
--- /dev/null
+++ b/sys/darwin/socket.txt
@@ -0,0 +1,89 @@
+# Copyright 2021 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+# TODO: due to autobind a socket can bind to port 0, that will result in a random port which is not reproducible
+
+include <sys/types.h>
+include <sys/socket.h>
+include <sys/sockio.h>
+include <netinet/in.h>
+
+resource sock[fd]
+type sock_port proc[20000, 4, int16be]
+
+socket(domain flags[socket_domain], type flags[socket_type], proto int8) sock
+socketpair(domain flags[socket_domain], type flags[socket_type], proto int8, fds ptr[out, sock_pair])
+bind(fd sock, addr ptr[in, sockaddr_storage], addrlen len[addr])
+connect(fd sock, addr ptr[in, sockaddr_storage], addrlen len[addr])
+accept(fd sock, peer ptr[out, sockaddr_storage, opt], peerlen ptr[inout, len[peer, int32]]) sock
+sendto(fd sock, buf buffer[in], len len[buf], f flags[send_flags], addr ptr[in, sockaddr_storage, opt], addrlen len[addr])
+recvfrom(fd sock, buf buffer[out], len len[buf], f flags[recv_flags], addr ptr[in, sockaddr_storage, opt], addrlen len[addr])
+getsockname(fd sock, addr ptr[out, sockaddr_storage], addrlen ptr[inout, len[addr, int32]])
+getpeername(fd sock, peer ptr[out, sockaddr_storage], peerlen ptr[inout, len[peer, int32]])
+
+sendmsg(fd sock, msg ptr[in, send_msghdr], f flags[send_flags])
+recvmsg(fd sock, msg ptr[inout, recv_msghdr], f flags[recv_flags])
+
+listen(fd sock, backlog int32)
+shutdown(fd sock, how flags[shutdown_flags])
+
+getsockopt(fd sock, level int32, optname int32, optval buffer[out], optlen ptr[inout, len[optval, int32]])
+setsockopt(fd sock, level int32, optname int32, optval buffer[in], optlen len[optval])
+
+socket_domain = AF_UNIX, AF_INET, AF_APPLETALK, AF_IPX, AF_INET6
+socket_type = SOCK_STREAM, SOCK_DGRAM, SOCK_RAW, SOCK_RDM, SOCK_SEQPACKET
+shutdown_flags = SHUT_RD, SHUT_WR
+send_flags = MSG_OOB, MSG_DONTROUTE, MSG_EOR, MSG_DONTWAIT, MSG_EOF
+recv_flags = MSG_OOB, MSG_PEEK, MSG_WAITALL, MSG_DONTWAIT
+
+cmsg_levels = SOL_SOCKET, IPPROTO_IP, IPPROTO_IPV6, IPPROTO_ICMP, IPPROTO_ICMPV6, IPPROTO_SCTP, IPPROTO_TCP, IPPROTO_UDP
+
+sock_pair {
+	fd0	sock
+	fd1	sock
+}
+
+# This sockaddr type corresponds to the sockaddr_storage type and is 128 bytes size.
+sockaddr_storage [
+	un	sockaddr_un
+	in	sockaddr_in
+	in6	sockaddr_in6
+] [varlen]
+
+send_msghdr {
+	msg_name	ptr[in, sockaddr_storage, opt]
+	msg_namelen	len[msg_name, int32]
+	msg_iov		ptr[in, array[iovec_in]]
+	msg_iovlen	len[msg_iov, intptr]
+	msg_control	ptr[in, array[cmsghdr]]
+	msg_controllen	bytesize[msg_control, intptr]
+	msg_flags	const[0, int32]
+}
+
+recv_msghdr {
+	msg_name	ptr[out, sockaddr_storage, opt]
+	msg_namelen	len[msg_name, int32]
+	msg_iov		ptr[in, array[iovec_out]]
+	msg_iovlen	len[msg_iov, intptr]
+	msg_control	buffer[out]
+	msg_controllen	len[msg_control, intptr]
+	msg_flags	const[0, int32]
+}
+
+cmsghdr {
+	cmsg_len	len[parent, intptr]
+	cmsg_level	flags[cmsg_levels, int32]
+	cmsg_type	int32
+	data		array[int8]
+} [align[PTR_SIZE]]
+
+# Socket options
+
+getsockopt$sock_int(fd sock, level const[SOL_SOCKET], optname flags[sockopt_opt_sock_int], optval ptr[out, int32], optlen ptr[inout, len[optval, int32]])
+setsockopt$sock_int(fd sock, level const[SOL_SOCKET], optname flags[sockopt_opt_sock_int], optval ptr[in, int32], optlen len[optval])
+getsockopt$sock_linger(fd sock, level const[SOL_SOCKET], optname const[SO_LINGER], optval ptr[out, linger], optlen ptr[inout, len[optval, int32]])
+setsockopt$sock_linger(fd sock, level const[SOL_SOCKET], optname const[SO_LINGER], optval ptr[in, linger], optlen len[optval])
+getsockopt$sock_timeval(fd sock, level const[SOL_SOCKET], optname flags[sockopt_opt_sock_timeval], optval ptr[out, timeval], optlen ptr[inout, len[optval, int32]])
+setsockopt$sock_timeval(fd sock, level const[SOL_SOCKET], optname flags[sockopt_opt_sock_timeval], optval ptr[in, timeval], optlen len[optval])
+sockopt_opt_sock_int = SO_BROADCAST, SO_DEBUG, SO_DONTROUTE, SO_DONTTRUNC, SO_ERROR, SO_KEEPALIVE, SO_LABEL, SO_LINGER, SO_LINGER_SEC, SO_NETSVC_MARKING_LEVEL, SO_NET_SERVICE_TYPE, SO_NKE, SO_NOADDRERR, SO_NOSIGPIPE, SO_NOTIFYCONFLICT, SO_NP_EXTENSIONS, SO_NREAD, SO_NUMRCVPKT, SO_NWRITE, SO_OOBINLINE, SO_PEERLABEL, SO_RANDOMPORT, SO_RCVBUF, SO_RCVLOWAT, SO_REUSEADDR, SO_REUSEPORT, SO_REUSESHAREUID, SO_SNDBUF, SO_SNDLOWAT, SO_TIMESTAMP, SO_TIMESTAMP_MONOTONIC, SO_TYPE, SO_UPCALLCLOSEWAIT, SO_USELOOPBACK, SO_WANTMORE, SO_WANTOOBFLAG
+sockopt_opt_sock_timeval = SO_RCVTIMEO, SO_SNDTIMEO
diff --git a/sys/darwin/socket.txt.const b/sys/darwin/socket.txt.const
new file mode 100644
index 000000000..3e381f00a
--- /dev/null
+++ b/sys/darwin/socket.txt.const
@@ -0,0 +1,82 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = amd64
+AF_APPLETALK = amd64:16
+AF_INET = amd64:2
+AF_INET6 = amd64:30
+AF_IPX = amd64:23
+AF_UNIX = amd64:1
+IPPROTO_ICMP = amd64:1
+IPPROTO_ICMPV6 = amd64:58
+IPPROTO_IP = amd64:0
+IPPROTO_IPV6 = amd64:41
+IPPROTO_SCTP = amd64:132
+IPPROTO_TCP = amd64:6
+IPPROTO_UDP = amd64:17
+MSG_DONTROUTE = amd64:4
+MSG_DONTWAIT = amd64:128
+MSG_EOF = amd64:256
+MSG_EOR = amd64:8
+MSG_OOB = amd64:1
+MSG_PEEK = amd64:2
+MSG_WAITALL = amd64:64
+SHUT_RD = amd64:0
+SHUT_WR = amd64:1
+SOCK_DGRAM = amd64:2
+SOCK_RAW = amd64:3
+SOCK_RDM = amd64:4
+SOCK_SEQPACKET = amd64:5
+SOCK_STREAM = amd64:1
+SOL_SOCKET = amd64:65535
+SO_BROADCAST = amd64:32
+SO_DEBUG = amd64:1
+SO_DONTROUTE = amd64:16
+SO_DONTTRUNC = amd64:8192
+SO_ERROR = amd64:4103
+SO_KEEPALIVE = amd64:8
+SO_LABEL = amd64:4112
+SO_LINGER = amd64:128
+SO_LINGER_SEC = amd64:4224
+SO_NETSVC_MARKING_LEVEL = amd64:4377
+SO_NET_SERVICE_TYPE = amd64:4374
+SO_NKE = amd64:4129
+SO_NOADDRERR = amd64:4131
+SO_NOSIGPIPE = amd64:4130
+SO_NOTIFYCONFLICT = amd64:4134
+SO_NP_EXTENSIONS = amd64:4227
+SO_NREAD = amd64:4128
+SO_NUMRCVPKT = amd64:4370
+SO_NWRITE = amd64:4132
+SO_OOBINLINE = amd64:256
+SO_PEERLABEL = amd64:4113
+SO_RANDOMPORT = amd64:4226
+SO_RCVBUF = amd64:4098
+SO_RCVLOWAT = amd64:4100
+SO_RCVTIMEO = amd64:4102
+SO_REUSEADDR = amd64:4
+SO_REUSEPORT = amd64:512
+SO_REUSESHAREUID = amd64:4133
+SO_SNDBUF = amd64:4097
+SO_SNDLOWAT = amd64:4099
+SO_SNDTIMEO = amd64:4101
+SO_TIMESTAMP = amd64:1024
+SO_TIMESTAMP_MONOTONIC = amd64:2048
+SO_TYPE = amd64:4104
+SO_UPCALLCLOSEWAIT = amd64:4135
+SO_USELOOPBACK = amd64:64
+SO_WANTMORE = amd64:16384
+SO_WANTOOBFLAG = amd64:32768
+SYS_accept = amd64:30
+SYS_bind = amd64:104
+SYS_connect = amd64:98
+SYS_getpeername = amd64:31
+SYS_getsockname = amd64:32
+SYS_getsockopt = amd64:118
+SYS_listen = amd64:106
+SYS_recvfrom = amd64:29
+SYS_recvmsg = amd64:27
+SYS_sendmsg = amd64:28
+SYS_sendto = amd64:133
+SYS_setsockopt = amd64:105
+SYS_shutdown = amd64:134
+SYS_socket = amd64:97
+SYS_socketpair = amd64:135
diff --git a/sys/darwin/socket_inet.txt b/sys/darwin/socket_inet.txt
new file mode 100644
index 000000000..dfbe5b99e
--- /dev/null
+++ b/sys/darwin/socket_inet.txt
@@ -0,0 +1,111 @@
+# Copyright 2021 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <sys/types.h>
+include <sys/socket.h>
+include <sys/sockio.h>
+include <netinet/in.h>
+
+# IP sockets
+
+resource sock_in[sock]
+resource ifindex[int32]
+
+sockaddr_in {
+	len	len[parent, int8]
+	family	const[AF_INET, int8]
+	port	sock_port
+	addr	ipv4_addr
+	pad	array[const[0, int8], 8]
+}
+
+sockaddr_storage_in {
+	addr	sockaddr_in
+	pad	array[const[0, int64], 15]
+}
+
+socket$inet(domain const[AF_INET], type flags[socket_type], proto int8) sock_in
+accept$inet(fd sock_in, peer ptr[out, sockaddr_in, opt], peerlen ptr[inout, len[peer, int32]]) sock_in
+bind$inet(fd sock_in, addr ptr[in, sockaddr_in], addrlen len[addr])
+connect$inet(fd sock_in, addr ptr[in, sockaddr_in], addrlen len[addr])
+sendto$inet(fd sock_in, buf buffer[in], len len[buf], f flags[send_flags], addr ptr[in, sockaddr_in, opt], addrlen len[addr])
+recvfrom$inet(fd sock_in, buf buffer[out], len len[buf], f flags[recv_flags], addr ptr[in, sockaddr_in, opt], addrlen len[addr])
+getsockname$inet(fd sock_in, addr ptr[out, sockaddr_in], addrlen ptr[inout, len[addr, int32]])
+getpeername$inet(fd sock_in, peer ptr[out, sockaddr_in], peerlen ptr[inout, len[peer, int32]])
+
+# Generic IP options
+
+inet_option_types_int = IP_TOS, IP_TTL, IP_HDRINCL, IP_RECVOPTS, IP_RETOPTS, IP_RECVTTL, IP_RECVTOS
+
+inet_option_types_buf = IP_OPTIONS, IP_IPSEC_POLICY, IP_MULTICAST_IF, IP_ADD_MEMBERSHIP, IP_DROP_MEMBERSHIP, IP_UNBLOCK_SOURCE, IP_BLOCK_SOURCE, IP_ADD_SOURCE_MEMBERSHIP, IP_DROP_SOURCE_MEMBERSHIP, IP_MSFILTER, MCAST_JOIN_GROUP, MCAST_BLOCK_SOURCE, MCAST_UNBLOCK_SOURCE, MCAST_LEAVE_GROUP, MCAST_JOIN_SOURCE_GROUP, MCAST_LEAVE_SOURCE_GROUP
+
+getsockopt$inet_int(fd sock_in, level const[IPPROTO_IP], optname flags[inet_option_types_int], optval ptr[out, int32], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet_int(fd sock_in, level const[IPPROTO_IP], optname flags[inet_option_types_int], optval ptr[in, int32], optlen len[optval])
+getsockopt$inet_buf(fd sock_in, level const[IPPROTO_IP], optname flags[inet_option_types_buf], optval buffer[out], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet_buf(fd sock_in, level const[IPPROTO_IP], optname flags[inet_option_types_buf], optval buffer[in], optlen len[optval])
+
+# Specific IP options
+
+sockopt_opt_ip_opts = IP_OPTIONS
+
+getsockopt$inet_opts(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_opts], optval buffer[out], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet_opts(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_opts], optval buffer[in], optlen len[optval])
+
+sockopt_opt_ip_mreq = IP_ADD_MEMBERSHIP, IP_DROP_MEMBERSHIP, IP_MULTICAST_IF
+
+getsockopt$inet_mreq(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_mreq], optval ptr[out, ip_mreq], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet_mreq(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_mreq], optval ptr[in, ip_mreq], optlen len[optval])
+getsockopt$inet_mreqn(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_mreq], optval ptr[out, ip_mreqn], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet_mreqn(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_mreq], optval ptr[in, ip_mreqn], optlen len[optval])
+
+sockopt_opt_ip_mreqsrc = IP_ADD_SOURCE_MEMBERSHIP, IP_BLOCK_SOURCE, IP_DROP_SOURCE_MEMBERSHIP, IP_UNBLOCK_SOURCE
+
+getsockopt$inet_mreqsrc(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_mreqsrc], optval ptr[out, ip_mreq_source], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet_mreqsrc(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_mreqsrc], optval ptr[in, ip_mreq_source], optlen len[optval])
+
+setsockopt$inet_msfilter(fd sock_in, level const[IPPROTO_IP], optname const[IP_MSFILTER], optval ptr[in, ip_msfilter], optlen len[optval])
+
+setsockopt$inet_MCAST_JOIN_GROUP(fd sock_in, level const[IPPROTO_IP], optname const[MCAST_JOIN_GROUP], optval ptr[in, group_req_in], optlen len[optval])
+setsockopt$inet_MCAST_LEAVE_GROUP(fd sock_in, level const[IPPROTO_IP], optname const[MCAST_LEAVE_GROUP], optval ptr[in, group_req_in], optlen len[optval])
+
+sockopt_opt_ip_group_source_req = MCAST_JOIN_SOURCE_GROUP, MCAST_LEAVE_SOURCE_GROUP, MCAST_BLOCK_SOURCE, MCAST_UNBLOCK_SOURCE
+
+setsockopt$inet_group_source_req(fd sock_in, level const[IPPROTO_IP], optname flags[sockopt_opt_ip_group_source_req], optval ptr[in, group_source_req_in], optlen len[optval])
+
+ip_mreq {
+	imr_multiaddr	ipv4_addr
+	imr_interface	ipv4_addr
+}
+
+ip_mreqn {
+	imr_multiaddr	ipv4_addr
+	imr_address	ipv4_addr
+	imr_ifindex	ifindex
+}
+
+ip_mreq_source {
+	imr_multiaddr	ipv4_addr
+	imr_interface	ipv4_addr
+	imr_sourceaddr	ipv4_addr
+}
+
+ip_msfilter {
+	imsf_multiaddr	ipv4_addr
+	imsf_interface	ipv4_addr
+	imsf_fmode	flags[ip_msfilter_mode, int32]
+	imsf_numsrc	len[imsf_slist, int32]
+	imsf_slist	array[ipv4_addr]
+}
+
+ip_msfilter_mode = MCAST_INCLUDE, MCAST_EXCLUDE
+
+group_req_in {
+	gr_interface	int32
+	gr_group	sockaddr_storage_in
+}
+
+group_source_req_in {
+	gsr_interface	int32
+	gsr_group	sockaddr_storage_in
+	gsr_source	sockaddr_storage_in
+}
diff --git a/sys/darwin/socket_inet.txt.const b/sys/darwin/socket_inet.txt.const
new file mode 100644
index 000000000..f9e03f6e6
--- /dev/null
+++ b/sys/darwin/socket_inet.txt.const
@@ -0,0 +1,39 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = amd64
+AF_INET = amd64:2
+IPPROTO_IP = amd64:0
+IP_ADD_MEMBERSHIP = amd64:12
+IP_ADD_SOURCE_MEMBERSHIP = amd64:70
+IP_BLOCK_SOURCE = amd64:72
+IP_DROP_MEMBERSHIP = amd64:13
+IP_DROP_SOURCE_MEMBERSHIP = amd64:71
+IP_HDRINCL = amd64:2
+IP_IPSEC_POLICY = amd64:21
+IP_MSFILTER = amd64:74
+IP_MULTICAST_IF = amd64:9
+IP_OPTIONS = amd64:1
+IP_RECVOPTS = amd64:5
+IP_RECVTOS = amd64:27
+IP_RECVTTL = amd64:24
+IP_RETOPTS = amd64:8
+IP_TOS = amd64:3
+IP_TTL = amd64:4
+IP_UNBLOCK_SOURCE = amd64:73
+MCAST_BLOCK_SOURCE = amd64:84
+MCAST_EXCLUDE = amd64:2
+MCAST_INCLUDE = amd64:1
+MCAST_JOIN_GROUP = amd64:80
+MCAST_JOIN_SOURCE_GROUP = amd64:82
+MCAST_LEAVE_GROUP = amd64:81
+MCAST_LEAVE_SOURCE_GROUP = amd64:83
+MCAST_UNBLOCK_SOURCE = amd64:85
+SYS_accept = amd64:30
+SYS_bind = amd64:104
+SYS_connect = amd64:98
+SYS_getpeername = amd64:31
+SYS_getsockname = amd64:32
+SYS_getsockopt = amd64:118
+SYS_recvfrom = amd64:29
+SYS_sendto = amd64:133
+SYS_setsockopt = amd64:105
+SYS_socket = amd64:97
diff --git a/sys/darwin/socket_inet6.txt b/sys/darwin/socket_inet6.txt
new file mode 100644
index 000000000..61e9a71cd
--- /dev/null
+++ b/sys/darwin/socket_inet6.txt
@@ -0,0 +1,66 @@
+# Copyright 2021 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+include <sys/types.h>
+include <sys/param.h>
+include <sys/socket.h>
+include <netinet/in.h>
+include <net/route.h>
+include <sys/sockio.h>
+
+# IPv6 sockets
+
+resource sock_in6[sock]
+
+sockaddr_in6 {
+	len	len[parent, int8]
+	family	const[AF_INET6, int8]
+	port	sock_port
+	flow	int32
+	addr	ipv6_addr
+	scope	int32
+}
+
+sockaddr_storage_in6 {
+	addr	sockaddr_in6
+	pad	array[const[0, int64], 12]
+}
+
+socket$inet6(domain const[AF_INET6], type flags[socket_type], proto int8) sock_in6
+accept$inet6(fd sock_in6, peer ptr[out, sockaddr_in6, opt], peerlen ptr[inout, len[peer, int32]]) sock_in6
+bind$inet6(fd sock_in6, addr ptr[in, sockaddr_in6], addrlen len[addr])
+connect$inet6(fd sock_in6, addr ptr[in, sockaddr_in6], addrlen len[addr])
+sendto$inet6(fd sock_in6, buf buffer[in], len len[buf], f flags[send_flags], addr ptr[in, sockaddr_in6, opt], addrlen len[addr])
+recvfrom$inet6(fd sock_in6, buf buffer[out], len len[buf], f flags[recv_flags], addr ptr[in, sockaddr_in6, opt], addrlen len[addr])
+getsockname$inet6(fd sock_in6, addr ptr[out, sockaddr_in6], addrlen ptr[inout, len[addr, int32]])
+getpeername$inet6(fd sock_in6, peer ptr[out, sockaddr_in6], peerlen ptr[inout, len[peer, int32]])
+
+# Generic IPv6 options
+
+inet6_option_types_int = IPV6_2292DSTOPTS, IPV6_2292HOPLIMIT, IPV6_2292HOPOPTS, IPV6_2292NEXTHOP, IPV6_2292PKTINFO, IPV6_2292PKTOPTIONS, IPV6_2292RTHDR, IPV6_BOUND_IF, IPV6_CHECKSUM, IPV6_IPSEC_POLICY, IPV6_JOIN_GROUP, IPV6_LEAVE_GROUP, IPV6_MULTICAST_HOPS, IPV6_MULTICAST_IF, IPV6_MULTICAST_LOOP, IPV6_PORTRANGE, IPV6_PORTRANGE_DEFAULT, IPV6_PORTRANGE_HIGH, IPV6_PORTRANGE_LOW, IPV6_RECVTCLASS, IPV6_RTHDR_TYPE_0, IPV6_TCLASS, IPV6_UNICAST_HOPS, IPV6_V6ONLY
+inet6_option_types_buf = IPV6_2292DSTOPTS, IPV6_2292HOPLIMIT, IPV6_2292HOPOPTS, IPV6_2292NEXTHOP, IPV6_2292PKTINFO, IPV6_2292PKTOPTIONS, IPV6_2292RTHDR, IPV6_BOUND_IF, IPV6_CHECKSUM, IPV6_IPSEC_POLICY, IPV6_JOIN_GROUP, IPV6_LEAVE_GROUP, IPV6_MULTICAST_HOPS, IPV6_MULTICAST_IF, IPV6_MULTICAST_LOOP, IPV6_PORTRANGE, IPV6_PORTRANGE_DEFAULT, IPV6_PORTRANGE_HIGH, IPV6_PORTRANGE_LOW, IPV6_RECVTCLASS, IPV6_RTHDR_TYPE_0, IPV6_TCLASS, IPV6_UNICAST_HOPS, IPV6_V6ONLY
+
+getsockopt$inet6_int(fd sock_in6, level const[IPPROTO_IPV6], optname flags[inet6_option_types_int], optval ptr[out, int32], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet6_int(fd sock_in6, level const[IPPROTO_IPV6], optname flags[inet6_option_types_int], optval ptr[in, int32], optlen len[optval])
+getsockopt$inet6_buf(fd sock_in6, level const[IPPROTO_IPV6], optname flags[inet6_option_types_buf], optval buffer[out], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet6_buf(fd sock_in6, level const[IPPROTO_IPV6], optname flags[inet6_option_types_buf], optval buffer[in], optlen len[optval])
+
+# Specific IPv6 options
+
+setsockopt$inet6_MCAST_JOIN_GROUP(fd sock_in6, level const[IPPROTO_IPV6], optname const[MCAST_JOIN_GROUP], optval ptr[in, group_req_in6], optlen len[optval])
+setsockopt$inet6_MCAST_LEAVE_GROUP(fd sock_in6, level const[IPPROTO_IPV6], optname const[MCAST_LEAVE_GROUP], optval ptr[in, group_req_in6], optlen len[optval])
+
+sockopt_opt_ipv6_group_source_req = MCAST_JOIN_SOURCE_GROUP, MCAST_LEAVE_SOURCE_GROUP, MCAST_BLOCK_SOURCE, MCAST_UNBLOCK_SOURCE
+
+setsockopt$inet6_group_source_req(fd sock_in6, level const[IPPROTO_IPV6], optname flags[sockopt_opt_ipv6_group_source_req], optval ptr[in, group_source_req_in6], optlen len[optval])
+
+group_req_in6 {
+	gr_interface	int32
+	gr_group	sockaddr_storage_in6
+}
+
+group_source_req_in6 {
+	gsr_interface	int32
+	gsr_group	sockaddr_storage_in6
+	gsr_source	sockaddr_storage_in6
+}
diff --git a/sys/darwin/socket_inet6.txt.const b/sys/darwin/socket_inet6.txt.const
new file mode 100644
index 000000000..be51a09ac
--- /dev/null
+++ b/sys/darwin/socket_inet6.txt.const
@@ -0,0 +1,44 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = amd64
+AF_INET6 = amd64:30
+IPPROTO_IPV6 = amd64:41
+IPV6_2292DSTOPTS = amd64:23
+IPV6_2292HOPLIMIT = amd64:20
+IPV6_2292HOPOPTS = amd64:22
+IPV6_2292NEXTHOP = amd64:21
+IPV6_2292PKTINFO = amd64:19
+IPV6_2292PKTOPTIONS = amd64:25
+IPV6_2292RTHDR = amd64:24
+IPV6_BOUND_IF = amd64:125
+IPV6_CHECKSUM = amd64:26
+IPV6_IPSEC_POLICY = amd64:28
+IPV6_JOIN_GROUP = amd64:12
+IPV6_LEAVE_GROUP = amd64:13
+IPV6_MULTICAST_HOPS = amd64:10
+IPV6_MULTICAST_IF = amd64:9
+IPV6_MULTICAST_LOOP = amd64:11
+IPV6_PORTRANGE = amd64:14
+IPV6_PORTRANGE_DEFAULT = amd64:0
+IPV6_PORTRANGE_HIGH = amd64:1
+IPV6_PORTRANGE_LOW = amd64:2
+IPV6_RECVTCLASS = amd64:35
+IPV6_RTHDR_TYPE_0 = amd64:0
+IPV6_TCLASS = amd64:36
+IPV6_UNICAST_HOPS = amd64:4
+IPV6_V6ONLY = amd64:27
+MCAST_BLOCK_SOURCE = amd64:84
+MCAST_JOIN_GROUP = amd64:80
+MCAST_JOIN_SOURCE_GROUP = amd64:82
+MCAST_LEAVE_GROUP = amd64:81
+MCAST_LEAVE_SOURCE_GROUP = amd64:83
+MCAST_UNBLOCK_SOURCE = amd64:85
+SYS_accept = amd64:30
+SYS_bind = amd64:104
+SYS_connect = amd64:98
+SYS_getpeername = amd64:31
+SYS_getsockname = amd64:32
+SYS_getsockopt = amd64:118
+SYS_recvfrom = amd64:29
+SYS_sendto = amd64:133
+SYS_setsockopt = amd64:105
+SYS_socket = amd64:97
diff --git a/sys/darwin/socket_inet_icmp.txt b/sys/darwin/socket_inet_icmp.txt
new file mode 100644
index 000000000..909245812
--- /dev/null
+++ b/sys/darwin/socket_inet_icmp.txt
@@ -0,0 +1,14 @@
+# Copyright 2021 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+# AF_INET and AF_INET6: ICMP support
+
+include <sys/types.h>
+include <sys/socket.h>
+include <netinet/in.h>
+
+socket$inet_icmp(domain const[AF_INET], type const[SOCK_DGRAM], proto const[IPPROTO_ICMP]) sock_in
+socket$inet_icmp_raw(domain const[AF_INET], type const[SOCK_RAW], proto const[IPPROTO_ICMP]) sock_in
+
+socket$inet6_icmp(domain const[AF_INET6], type const[SOCK_DGRAM], proto const[IPPROTO_ICMPV6]) sock_in6
+socket$inet6_icmp_raw(domain const[AF_INET6], type const[SOCK_RAW], proto const[IPPROTO_ICMPV6]) sock_in6
diff --git a/sys/darwin/socket_inet_icmp.txt.const b/sys/darwin/socket_inet_icmp.txt.const
new file mode 100644
index 000000000..2c5b95c57
--- /dev/null
+++ b/sys/darwin/socket_inet_icmp.txt.const
@@ -0,0 +1,9 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = amd64
+AF_INET = amd64:2
+AF_INET6 = amd64:30
+IPPROTO_ICMP = amd64:1
+IPPROTO_ICMPV6 = amd64:58
+SOCK_DGRAM = amd64:2
+SOCK_RAW = amd64:3
+SYS_socket = amd64:97
diff --git a/sys/darwin/socket_inet_tcp.txt b/sys/darwin/socket_inet_tcp.txt
new file mode 100644
index 000000000..bf8d611fd
--- /dev/null
+++ b/sys/darwin/socket_inet_tcp.txt
@@ -0,0 +1,33 @@
+# Copyright 2021 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+# AF_INET and AF_INET6: TCP support
+
+include <sys/types.h>
+include <sys/socket.h>
+include <netinet/in.h>
+include <netinet/tcp.h>
+
+resource sock_tcp[sock_in]
+
+socket$inet_tcp(domain const[AF_INET], type const[SOCK_STREAM], proto const[0]) sock_tcp
+
+resource sock_tcp6[sock_in6]
+
+socket$inet6_tcp(domain const[AF_INET6], type const[SOCK_STREAM], proto const[0]) sock_tcp6
+
+# Generic TCP socket options
+
+tcp_option_types_int = TCP_NODELAY, TCP_MAXSEG, TCP_NOPUSH, TCP_NOOPT, TCP_KEEPINTVL, TCP_KEEPCNT
+
+tcp_option_types_buf = TCP_FASTOPEN
+
+getsockopt$inet_tcp_int(fd sock_tcp, level const[IPPROTO_TCP], optname flags[tcp_option_types_int], optval ptr[out, int32], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet_tcp_int(fd sock_tcp, level const[IPPROTO_TCP], optname flags[tcp_option_types_int], optval ptr[in, int32], optlen len[optval])
+getsockopt$inet6_tcp_int(fd sock_tcp6, level const[IPPROTO_TCP], optname flags[tcp_option_types_int], optval ptr[out, int32], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet6_tcp_int(fd sock_tcp6, level const[IPPROTO_TCP], optname flags[tcp_option_types_int], optval ptr[in, int32], optlen len[optval])
+
+getsockopt$inet_tcp_buf(fd sock_tcp, level const[IPPROTO_TCP], optname flags[tcp_option_types_buf], optval buffer[out], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet_tcp_buf(fd sock_tcp, level const[IPPROTO_TCP], optname flags[tcp_option_types_buf], optval buffer[in], optlen len[optval])
+getsockopt$inet6_tcp_buf(fd sock_tcp6, level const[IPPROTO_TCP], optname flags[tcp_option_types_buf], optval buffer[out], optlen ptr[inout, len[optval, int32]])
+setsockopt$inet6_tcp_buf(fd sock_tcp6, level const[IPPROTO_TCP], optname flags[tcp_option_types_buf], optval buffer[in], optlen len[optval])
diff --git a/sys/darwin/socket_inet_tcp.txt.const b/sys/darwin/socket_inet_tcp.txt.const
new file mode 100644
index 000000000..fb694b16a
--- /dev/null
+++ b/sys/darwin/socket_inet_tcp.txt.const
@@ -0,0 +1,16 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = amd64
+AF_INET = amd64:2
+AF_INET6 = amd64:30
+IPPROTO_TCP = amd64:6
+SOCK_STREAM = amd64:1
+SYS_getsockopt = amd64:118
+SYS_setsockopt = amd64:105
+SYS_socket = amd64:97
+TCP_FASTOPEN = amd64:261
+TCP_KEEPCNT = amd64:258
+TCP_KEEPINTVL = amd64:257
+TCP_MAXSEG = amd64:2
+TCP_NODELAY = amd64:1
+TCP_NOOPT = amd64:8
+TCP_NOPUSH = amd64:4
diff --git a/sys/darwin/socket_unix.txt b/sys/darwin/socket_unix.txt
new file mode 100644
index 000000000..c20000015
--- /dev/null
+++ b/sys/darwin/socket_unix.txt
@@ -0,0 +1,47 @@
+# Copyright 2021 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+# AF_UNIX support.
+
+include <sys/types.h>
+include <sys/socket.h>
+include <netinet/in.h>
+
+resource sock_unix[sock]
+
+socket$unix(domain const[AF_UNIX], type flags[unix_socket_type], proto const[0]) sock_unix
+socketpair$unix(domain const[AF_UNIX], type flags[unix_socket_type], proto const[0], fds ptr[out, unix_pair])
+bind$unix(fd sock_unix, addr ptr[in, sockaddr_un], addrlen len[addr])
+connect$unix(fd sock_unix, addr ptr[in, sockaddr_un], addrlen len[addr])
+accept$unix(fd sock_unix, peer ptr[out, sockaddr_un, opt], peerlen ptr[inout, len[peer, int32]]) sock_unix
+
+sendto$unix(fd sock_unix, buf buffer[in], len len[buf], f flags[send_flags], addr ptr[in, sockaddr_un, opt], addrlen len[addr])
+recvfrom$unix(fd sock_unix, buf buffer[out], len len[buf], f flags[recv_flags], addr ptr[in, sockaddr_un, opt], addrlen len[addr])
+getsockname$unix(fd sock_unix, addr ptr[out, sockaddr_un], addrlen ptr[inout, len[addr, int32]])
+getpeername$unix(fd sock_unix, peer ptr[out, sockaddr_un], peerlen ptr[inout, len[peer, int32]])
+
+unix_socket_type = SOCK_STREAM, SOCK_DGRAM, SOCK_SEQPACKET
+unix_socket_family = AF_UNIX, AF_UNSPEC
+
+unix_pair {
+	fd0	sock_unix
+	fd1	sock_unix
+}
+
+sockaddr_un [
+	file	sockaddr_un_file
+	abs	sockaddr_un_abstract
+] [varlen]
+
+sockaddr_un_file {
+	len	len[parent, int8]
+	family	flags[unix_socket_family, int8]
+	path	filename
+} [packed]
+
+sockaddr_un_abstract {
+	len	len[parent, int8]
+	family	flags[unix_socket_family, int8]
+	ind	const[0, int8]
+	id	proc[20000, 4, int32]
+}
diff --git a/sys/darwin/socket_unix.txt.const b/sys/darwin/socket_unix.txt.const
new file mode 100644
index 000000000..5e451fc60
--- /dev/null
+++ b/sys/darwin/socket_unix.txt.const
@@ -0,0 +1,16 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = amd64
+AF_UNIX = amd64:1
+AF_UNSPEC = amd64:0
+SOCK_DGRAM = amd64:2
+SOCK_SEQPACKET = amd64:5
+SOCK_STREAM = amd64:1
+SYS_accept = amd64:30
+SYS_bind = amd64:104
+SYS_connect = amd64:98
+SYS_getpeername = amd64:31
+SYS_getsockname = amd64:32
+SYS_recvfrom = amd64:29
+SYS_sendto = amd64:133
+SYS_socket = amd64:97
+SYS_socketpair = amd64:135
diff --git a/sys/darwin/sys.txt b/sys/darwin/sys.txt
index bebb19142..f45c1d704 100644
--- a/sys/darwin/sys.txt
+++ b/sys/darwin/sys.txt
@@ -1,18 +1,186 @@
 # Copyright 2021 syzkaller project authors. All rights reserved.
 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
 
-include <fcntl.h>
+include <sys/types.h>
 include <sys/mman.h>
+include <sys/proc.h>
+include <sys/stat.h>
+include <fcntl.h>
+include <unistd.h>
+include <poll.h>
+include <sys/socket.h>
+include <sys/uio.h>
+include <sys/param.h>
+include <sys/mount.h>
+include <sys/resource.h>
+include <time.h>
+include <signal.h>
+include <sys/wait.h>
+
+syz_execute_func(text ptr[in, text[target]])
+
+poll(fds ptr[in, array[pollfd]], nfds len[fds], timeout int32)
+select(n len[inp], inp ptr[inout, fd_set], outp ptr[inout, fd_set], exp ptr[inout, fd_set], tvp ptr[inout, timeval])
+
+mincore(addr vma, size len[addr], vec buffer[out])
 
-resource fd[int32]: 0xffffffffffffffff, AT_FDCWD
+fcntl$dupfd(fd fd, cmd flags[fcntl_dupfd], arg fd) fd
+fcntl$getflags(fd fd, cmd flags[fcntl_getflags])
+fcntl$setflags(fd fd, cmd const[F_SETFD], flags flags[fcntl_flags])
+fcntl$setstatus(fd fd, cmd const[F_SETFL], flags flags[fcntl_status])
+fcntl$lock(fd fd, cmd flags[fcntl_lock], lock ptr[in, flock])
+fcntl$getown(fd fd, cmd const[F_GETOWN]) pid
+fcntl$setown(fd fd, cmd const[F_SETOWN], pid pid)
 
-open(file ptr[in, filename], flags flags[open_flags]) fd
-close(fd fd)
-mmap(addr vma, len len[addr], prot flags[mmap_prot], flags flags[mmap_flags], fd fd, offset fileoff)
-munmap(addr vma, len len[addr])
 mknod(file ptr[in, filename], mode flags[mknod_mode], dev int32)
+chmod(file ptr[in, filename], mode flags[open_mode])
+fchmod(fd fd, mode flags[open_mode])
+fchmodat(dirfd fd_dir, file ptr[in, filename], mode flags[open_mode])
+chown(file ptr[in, filename], uid uid, gid gid)
+lchown(file ptr[in, filename], uid uid, gid gid)
+fchown(fd fd, uid uid, gid gid)
+fchownat(dirfd fd_dir, file ptr[in, filename], uid uid, gid gid, flags flags[at_flags])
+chflags(file ptr[in, filename], flags flags[chflags_flags])
+fchflags(fd fd, flags flags[chflags_flags])
+faccessat(dirfd fd_dir, pathname ptr[in, filename], mode flags[open_mode], flags flags[faccessat_flags])
+utimes(filename ptr[in, filename], times ptr[in, itimerval])
+
+execve(file ptr[in, filename], argv ptr[in, array[ptr[in, string]]], envp ptr[in, array[ptr[in, string]]])
+
+getgid() gid
+getegid() gid
+setuid(uid uid)
+setgid(gid gid)
+getuid() uid
+geteuid() uid
+setpgid(pid pid, pgid pid)
+getpgid(pid pid) pid
+getpgrp(pid pid) pid
+getpid() pid
+setreuid(ruid uid, euid uid)
+setregid(rgid gid, egid gid)
+getgroups(size len[list], list ptr[inout, array[gid]])
+setgroups(size len[list], list ptr[in, array[gid]])
+
+link(old ptr[in, filename], new ptr[in, filename])
+linkat(oldfd fd_dir, old ptr[in, filename], newfd fd_dir, new ptr[in, filename], flags flags[linkat_flags])
+symlinkat(old ptr[in, filename], newfd fd_dir, new ptr[in, filename])
+symlink(old ptr[in, filename], new ptr[in, filename])
+unlink(path ptr[in, filename])
+unlinkat(fd fd_dir, path ptr[in, filename], flags flags[unlinkat_flags])
+readlink(path ptr[in, filename], buf buffer[out], siz len[buf])
+readlinkat(fd fd_dir, path ptr[in, filename], buf buffer[out], siz len[buf])
+rename(old ptr[in, filename], new ptr[in, filename])
+renameat(oldfd fd_dir, old ptr[in, filename], newfd fd_dir, new ptr[in, filename])
+mkdir(path ptr[in, filename], mode flags[open_mode])
+mkdirat(fd fd_dir, path ptr[in, filename], mode flags[open_mode])
+rmdir(path ptr[in, filename])
+truncate(file ptr[in, filename], len intptr)
+ftruncate(fd fd, len intptr)
+flock(fd fd, op flags[flock_op])
+fsync(fd fd)
+fdatasync(fd fd)
+sync()
+chroot(dir ptr[in, filename])
+chdir(dir ptr[in, filename])
+fchdir(fd fd)
+undelete(path ptr[in, filename])
+
+getrusage(who flags[rusage_who], usage ptr[out, rusage])
+getrlimit(res flags[rlimit_type], rlim ptr[out, rlimit])
+setrlimit(res flags[rlimit_type], rlim ptr[in, rlimit])
+
+sigaltstack(ss vma, oss ptr[out, intptr, opt])
+getitimer(which flags[getitimer_which], cur ptr[out, itimerval])
+setitimer(which flags[getitimer_which], new ptr[in, itimerval], old ptr[out, itimerval, opt])
+exit(code intptr)
+wait4(pid pid, status ptr[out, int32, opt], options flags[wait_options], ru ptr[out, rusage, opt])
+
+pollfd {
+	fd	fd
+	events	flags[pollfd_events, int16]
+	revents	const[0, int16]
+}
+
+timespec {
+	sec	intptr
+	nsec	intptr
+}
+
+timeval {
+	sec	intptr
+	usec	intptr
+}
+
+itimerval {
+	interv	timeval
+	value	timeval
+}
+
+# TODO: fd_set needs to be a separate type
+fd_set {
+	mask0	int64
+	mask1	int64
+	mask2	int64
+	mask3	int64
+	mask4	int64
+	mask5	int64
+	mask6	int64
+	mask7	int64
+}
+
+rusage {
+	utime	timeval
+	stime	timeval
+	maxrss	intptr
+	ixrss	intptr
+	idrss	intptr
+	isrss	intptr
+	minflt	intptr
+	majflt	intptr
+	nswap	intptr
+	inblock	intptr
+	oublock	intptr
+	msgsnd	intptr
+	msgrcv	intptr
+	signals	intptr
+	nvcsw	intptr
+	nivcsw	intptr
+}
+
+rlimit {
+	soft	intptr
+	hard	intptr
+}
+
+flock {
+	type	flags[flock_type, int16]
+	whence	flags[seek_whence, int16]
+	start	intptr
+	len	intptr
+	pid	pid
+}
+
+linger {
+	onoff	int32
+	linger	int32
+}
 
-open_flags = O_RDONLY
-mmap_prot = PROT_EXEC, PROT_READ, PROT_WRITE
-mmap_flags = MAP_ANONYMOUS, MAP_ANON, MAP_FILE, MAP_FIXED, MAP_HASSEMAPHORE, MAP_PRIVATE, MAP_SHARED, MAP_NOCACHE, MAP_JIT, MAP_32BIT
-mknod_mode = S_IFREG, S_IFCHR, S_IFBLK, S_IFIFO, S_IFSOCK
+pollfd_events = POLLIN, POLLPRI, POLLOUT, POLLERR, POLLHUP, POLLNVAL, POLLRDNORM, POLLRDBAND, POLLWRNORM, POLLWRBAND
+mknod_mode = S_IFREG, S_IFCHR, S_IFBLK, S_IFIFO, S_IFSOCK, S_IRUSR, S_IWUSR, S_IXUSR, S_IRGRP, S_IWGRP, S_IXGRP, S_IROTH, S_IWOTH, S_IXOTH
+at_flags = AT_SYMLINK_NOFOLLOW, AT_SYMLINK_FOLLOW
+linkat_flags = AT_SYMLINK_FOLLOW
+unlinkat_flags = 0, AT_REMOVEDIR
+flock_op = LOCK_SH, LOCK_EX, LOCK_UN, LOCK_NB
+faccessat_flags = AT_EACCESS, AT_SYMLINK_NOFOLLOW, AT_SYMLINK_FOLLOW, AT_REMOVEDIR
+rusage_who = RUSAGE_SELF, RUSAGE_CHILDREN
+rlimit_type = RLIMIT_AS, RLIMIT_CORE, RLIMIT_CPU, RLIMIT_DATA, RLIMIT_FSIZE, RLIMIT_MEMLOCK, RLIMIT_NOFILE, RLIMIT_NPROC, RLIMIT_RSS, RLIMIT_STACK
+getitimer_which = ITIMER_REAL, ITIMER_VIRTUAL, ITIMER_PROF
+wait_options = WNOHANG, WUNTRACED, WCONTINUED, WEXITED, WSTOPPED, WCONTINUED, WNOHANG, WNOWAIT
+fcntl_dupfd = F_DUPFD, F_DUPFD_CLOEXEC
+fcntl_getflags = F_GETFD, F_GETFL
+fcntl_lock = F_SETLK, F_SETLKW, F_GETLK
+fcntl_flags = FD_CLOEXEC
+fcntl_status = O_APPEND, FASYNC, O_NONBLOCK
+flock_type = F_RDLCK, F_WRLCK, F_UNLCK
+chflags_flags = SF_APPEND, SF_ARCHIVED, SF_IMMUTABLE, SF_NOUNLINK
diff --git a/sys/darwin/sys.txt.const b/sys/darwin/sys.txt.const
index 7632f92da..98df05f83 100644
--- a/sys/darwin/sys.txt.const
+++ b/sys/darwin/sys.txt.const
@@ -1,27 +1,139 @@
 # Code generated by syz-sysgen. DO NOT EDIT.
 arches = amd64
-AT_FDCWD = amd64:18446744073709551614
-MAP_32BIT = amd64:32768
-MAP_ANON = amd64:4096
-MAP_ANONYMOUS = amd64:4096
-MAP_FILE = amd64:0
-MAP_FIXED = amd64:16
-MAP_HASSEMAPHORE = amd64:512
-MAP_JIT = amd64:2048
-MAP_NOCACHE = amd64:1024
-MAP_PRIVATE = amd64:2
-MAP_SHARED = amd64:1
-O_RDONLY = amd64:0
-PROT_EXEC = amd64:4
-PROT_READ = amd64:1
-PROT_WRITE = amd64:2
-SYS_close = amd64:6
+AT_EACCESS = amd64:16
+AT_REMOVEDIR = amd64:128
+AT_SYMLINK_FOLLOW = amd64:64
+AT_SYMLINK_NOFOLLOW = amd64:32
+FASYNC = amd64:64
+FD_CLOEXEC = amd64:1
+F_DUPFD = amd64:0
+F_DUPFD_CLOEXEC = amd64:67
+F_GETFD = amd64:1
+F_GETFL = amd64:3
+F_GETLK = amd64:7
+F_GETOWN = amd64:5
+F_RDLCK = amd64:1
+F_SETFD = amd64:2
+F_SETFL = amd64:4
+F_SETLK = amd64:8
+F_SETLKW = amd64:9
+F_SETOWN = amd64:6
+F_UNLCK = amd64:2
+F_WRLCK = amd64:3
+ITIMER_PROF = amd64:2
+ITIMER_REAL = amd64:0
+ITIMER_VIRTUAL = amd64:1
+LOCK_EX = amd64:2
+LOCK_NB = amd64:4
+LOCK_SH = amd64:1
+LOCK_UN = amd64:8
+O_APPEND = amd64:8
+O_NONBLOCK = amd64:4
+POLLERR = amd64:8
+POLLHUP = amd64:16
+POLLIN = amd64:1
+POLLNVAL = amd64:32
+POLLOUT = amd64:4
+POLLPRI = amd64:2
+POLLRDBAND = amd64:128
+POLLRDNORM = amd64:64
+POLLWRBAND = amd64:256
+POLLWRNORM = amd64:4
+RLIMIT_AS = amd64:5
+RLIMIT_CORE = amd64:4
+RLIMIT_CPU = amd64:0
+RLIMIT_DATA = amd64:2
+RLIMIT_FSIZE = amd64:1
+RLIMIT_MEMLOCK = amd64:6
+RLIMIT_NOFILE = amd64:8
+RLIMIT_NPROC = amd64:7
+RLIMIT_RSS = amd64:5
+RLIMIT_STACK = amd64:3
+RUSAGE_CHILDREN = amd64:18446744073709551615
+RUSAGE_SELF = amd64:0
+SF_APPEND = amd64:262144
+SF_ARCHIVED = amd64:65536
+SF_IMMUTABLE = amd64:131072
+SF_NOUNLINK = amd64:1048576
+SYS_chdir = amd64:12
+SYS_chflags = amd64:34
+SYS_chmod = amd64:15
+SYS_chown = amd64:16
+SYS_chroot = amd64:61
+SYS_execve = amd64:59
+SYS_exit = amd64:1
+SYS_faccessat = amd64:466
+SYS_fchdir = amd64:13
+SYS_fchflags = amd64:35
+SYS_fchmod = amd64:124
+SYS_fchmodat = amd64:467
+SYS_fchown = amd64:123
+SYS_fchownat = amd64:468
+SYS_fcntl = amd64:92
+SYS_fdatasync = amd64:187
+SYS_flock = amd64:131
+SYS_fsync = amd64:95
+SYS_ftruncate = amd64:201
+SYS_getegid = amd64:43
+SYS_geteuid = amd64:25
+SYS_getgid = amd64:47
+SYS_getgroups = amd64:79
+SYS_getitimer = amd64:86
+SYS_getpgid = amd64:151
+SYS_getpgrp = amd64:81
+SYS_getpid = amd64:20
+SYS_getrlimit = amd64:194
+SYS_getrusage = amd64:117
+SYS_getuid = amd64:24
+SYS_lchown = amd64:364
+SYS_link = amd64:9
+SYS_linkat = amd64:471
+SYS_mincore = amd64:78
+SYS_mkdir = amd64:136
+SYS_mkdirat = amd64:475
 SYS_mknod = amd64:14
-SYS_mmap = amd64:197
-SYS_munmap = amd64:73
-SYS_open = amd64:5
+SYS_poll = amd64:230
+SYS_readlink = amd64:58
+SYS_readlinkat = amd64:473
+SYS_rename = amd64:128
+SYS_renameat = amd64:465
+SYS_rmdir = amd64:137
+SYS_select = amd64:93
+SYS_setgid = amd64:181
+SYS_setgroups = amd64:80
+SYS_setitimer = amd64:83
+SYS_setpgid = amd64:82
+SYS_setregid = amd64:127
+SYS_setreuid = amd64:126
+SYS_setrlimit = amd64:195
+SYS_setuid = amd64:23
+SYS_sigaltstack = amd64:53
+SYS_symlink = amd64:57
+SYS_symlinkat = amd64:474
+SYS_sync = amd64:36
+SYS_truncate = amd64:200
+SYS_undelete = amd64:205
+SYS_unlink = amd64:10
+SYS_unlinkat = amd64:472
+SYS_utimes = amd64:138
+SYS_wait4 = amd64:7
 S_IFBLK = amd64:24576
 S_IFCHR = amd64:8192
 S_IFIFO = amd64:4096
 S_IFREG = amd64:32768
 S_IFSOCK = amd64:49152
+S_IRGRP = amd64:32
+S_IROTH = amd64:4
+S_IRUSR = amd64:256
+S_IWGRP = amd64:16
+S_IWOTH = amd64:2
+S_IWUSR = amd64:128
+S_IXGRP = amd64:8
+S_IXOTH = amd64:1
+S_IXUSR = amd64:64
+WCONTINUED = amd64:16
+WEXITED = amd64:4
+WNOHANG = amd64:1
+WNOWAIT = amd64:32
+WSTOPPED = amd64:8
+WUNTRACED = amd64:2
diff --git a/sys/darwin/vnet.txt b/sys/darwin/vnet.txt
new file mode 100644
index 000000000..d1a1127b3
--- /dev/null
+++ b/sys/darwin/vnet.txt
@@ -0,0 +1,106 @@
+# Copyright 2021 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+################################################################################
+##################################### IPv4 #####################################
+################################################################################
+
+# https://tools.ietf.org/html/rfc791#section-3.1
+# https://en.wikipedia.org/wiki/IPv4#Header
+# This corresponds to LOCAL_IPV4 ("172.20.%d.170" % pid) in executor/common_bsd.h
+
+ipv4_addr_local {
+	a0	const[0xac, int8]
+	a1	const[0x14, int8]
+	a2	proc[0, 1, int8]
+	a3	const[0xaa, int8]
+} [packed]
+
+# This corresponds to LOCAL_IPV4 ("172.20.%d.187" % pid) in executor/common_bsd.h
+ipv4_addr_remote {
+	a0	const[0xac, int8]
+	a1	const[0x14, int8]
+	a2	proc[0, 1, int8]
+	a3	const[0xbb, int8]
+} [packed]
+
+ipv4_addr [
+# 0.0.0.0
+	empty		const[0x0, int32be]
+# 172.20.%d.170
+	local		ipv4_addr_local
+# 172.20.%d.187
+	remote		ipv4_addr_remote
+# 127.0.0.1
+	loopback	const[0x7f000001, int32be]
+# 224.0.0.1
+	multicast1	const[0xe0000001, int32be]
+# 224.0.0.2
+	multicast2	const[0xe0000002, int32be]
+# 255.255.255.255
+	broadcast	const[0xffffffff, int32be]
+# random
+	rand_addr	int32be
+]
+
+################################################################################
+##################################### IPv6 #####################################
+################################################################################
+
+ipv6_addr_empty {
+	a0	array[const[0x0, int8], 16]
+}
+
+# This corresponds to LOCAL_IPV6 ("fe80::%02hxaa" % pid) in executor/common_bsd.h
+ipv6_addr_local {
+	a0	const[0xfe, int8]
+	a1	const[0x80, int8]
+	a2	array[const[0x0, int8], 12]
+	a3	proc[0, 1, int8]
+	a4	const[0xaa, int8]
+} [packed]
+
+# This corresponds to REMOTE_IPV6 ("fe80::%02hxbb" % pid) in executor/common_bsd.h
+ipv6_addr_remote {
+	a0	const[0xfe, int8]
+	a1	const[0x80, int8]
+	a2	array[const[0x0, int8], 12]
+	a3	proc[0, 1, int8]
+	a4	const[0xbb, int8]
+} [packed]
+
+ipv6_addr_loopback {
+	a0	const[0, int64be]
+	a1	const[1, int64be]
+} [packed]
+
+ipv6_addr_ipv4 {
+	a0	array[const[0x0, int8], 10]
+	a1	array[const[0xff, int8], 2]
+	a3	ipv4_addr
+} [packed]
+
+ipv6_addr_multicast1 {
+	a0	const[0xff, int8]
+	a1	const[0x1, int8]
+	a2	array[const[0x0, int8], 13]
+	a3	const[0x1, int8]
+} [packed]
+
+ipv6_addr_multicast2 {
+	a0	const[0xff, int8]
+	a1	const[0x2, int8]
+	a2	array[const[0x0, int8], 13]
+	a3	const[0x1, int8]
+} [packed]
+
+ipv6_addr [
+	rand_addr	array[int8, 16]
+	empty		ipv6_addr_empty
+	local		ipv6_addr_local
+	remote		ipv6_addr_remote
+	loopback	ipv6_addr_loopback
+	ipv4		ipv6_addr_ipv4
+	mcast1		ipv6_addr_multicast1
+	mcast2		ipv6_addr_multicast2
+] [size[16]]
diff --git a/sys/darwin/vnet.txt.const b/sys/darwin/vnet.txt.const
new file mode 100644
index 000000000..0297f1051
--- /dev/null
+++ b/sys/darwin/vnet.txt.const
@@ -0,0 +1,2 @@
+# Code generated by syz-sysgen. DO NOT EDIT.
+arches = amd64
diff --git a/sys/syz-extract/darwin.go b/sys/syz-extract/darwin.go
index 8f2267f04..68322be01 100644
--- a/sys/syz-extract/darwin.go
+++ b/sys/syz-extract/darwin.go
@@ -24,6 +24,8 @@ func (*darwin) prepareArch(arch *Arch) error {
 func (*darwin) processFile(arch *Arch, info *compiler.ConstInfo) (map[string]uint64, map[string]bool, error) {
 	args := []string{
 		"-nostdinc",
+		"-DPRIVATE",
+		"-DPF",
 		"-I", filepath.Join(arch.sourceDir, "bsd"),
 		"-I", filepath.Join(arch.sourceDir, "bsd", "sys"),
 		"-I", filepath.Join(arch.sourceDir, "osfmk"),