16 files changed, 189 insertions, 116 deletions
diff --git a/executor/defs.h b/executor/defs.h
index 486a521dd..d6acd94e6 100644
--- a/executor/defs.h
+++ b/executor/defs.h
@@ -145,7 +145,7 @@
 
 #if GOARCH_32_fork_shmem
 #define GOARCH "32_fork_shmem"
-#define SYZ_REVISION "f0257b726ddd3b09086a9525a4aae0e0d8cfa6af"
+#define SYZ_REVISION "1cb234b0ee2b1630b831f86086747c3e008060c2"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@@ -155,7 +155,7 @@
 
 #if GOARCH_32_shmem
 #define GOARCH "32_shmem"
-#define SYZ_REVISION "136d60e9280b55ca8a1f24fed877e2f0ae72e348"
+#define SYZ_REVISION "8da90b7592aadc1f08e0ae1cb56ecb1ce2d0ad38"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 0
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 8192
@@ -165,7 +165,7 @@
 
 #if GOARCH_64
 #define GOARCH "64"
-#define SYZ_REVISION "ece48c7de48771745acdea340f4c52c47e058e65"
+#define SYZ_REVISION "d81730cda36dc2946536413b33737c5635fabb71"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 0
 #define SYZ_EXECUTOR_USES_SHMEM 0
 #define SYZ_PAGE_SIZE 4096
@@ -175,7 +175,7 @@
 
 #if GOARCH_64_fork
 #define GOARCH "64_fork"
-#define SYZ_REVISION "0c64cdd471dfa62b3e34ed221afe8472c9125d38"
+#define SYZ_REVISION "8c3363b9502e6df103438d98f573e2ef70ab34f2"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 0
 #define SYZ_PAGE_SIZE 8192
diff --git a/executor/executor.cc b/executor/executor.cc
index 6569326d3..c0d549c0a 100644
--- a/executor/executor.cc
+++ b/executor/executor.cc
@@ -585,6 +585,7 @@ retry:
 			}
 			case arg_data: {
 				uint64 size = read_input(&input_pos);
+				size &= ~(1ull << 63); // readable flag
 				NONFAILING(memcpy(addr, input_pos, size));
 				// Read out the data.
 				for (uint64 i = 0; i < (size + 7) / 8; i++)
diff --git a/executor/syscalls.h b/executor/syscalls.h
index 3629d04b1..51e784eb0 100644
--- a/executor/syscalls.h
+++ b/executor/syscalls.h
@@ -13545,6 +13545,7 @@ const call_t syscalls[] = {
     {"test$auto0", 0},
     {"test$bf0", 0},
     {"test$bf1", 0},
+    {"test$blob0", 0},
     {"test$csum_encode", 0},
     {"test$csum_ipv4", 0},
     {"test$csum_ipv4_tcp", 0},
@@ -13604,6 +13605,7 @@ const call_t syscalls[] = {
     {"test$res0", 0},
     {"test$res1", 0},
     {"test$res2", 0},
+    {"test$str0", 0},
     {"test$struct", 0},
     {"test$syz_union3", 0},
     {"test$syz_union4", 0},
diff --git a/pkg/csource/csource.go b/pkg/csource/csource.go
index 91e66e1cd..decb0813c 100644
--- a/pkg/csource/csource.go
+++ b/pkg/csource/csource.go
@@ -299,7 +299,7 @@ func (ctx *context) copyin(w *bytes.Buffer, csumSeq *int, copyin prog.ExecCopyin
 		ctx.copyinVal(w, copyin.Addr, arg.Size, ctx.resultArgToStr(arg), arg.Format)
 	case prog.ExecArgData:
 		fmt.Fprintf(w, "\tNONFAILING(memcpy((void*)0x%x, \"%s\", %v));\n",
-			copyin.Addr, toCString(arg.Data), len(arg.Data))
+			copyin.Addr, toCString(arg.Data, arg.Readable), len(arg.Data))
 	case prog.ExecArgCsum:
 		switch arg.Kind {
 		case prog.ExecArgCsumInet:
@@ -464,59 +464,11 @@ func (ctx *context) removeEmptyLines(result []byte) []byte {
 	}
 }
 
-func toCString(data []byte) []byte {
+func toCString(data []byte, readable bool) []byte {
 	if len(data) == 0 {
-		return nil
-	}
-	readable := true
-	for i, v := range data {
-		// Allow 0 only as last byte.
-		if !isReadable(v) && (i != len(data)-1 || v != 0) {
-			readable = false
-			break
-		}
-	}
-	if !readable {
-		buf := new(bytes.Buffer)
-		for _, v := range data {
-			buf.Write([]byte{'\\', 'x', toHex(v >> 4), toHex(v << 4 >> 4)})
-		}
-		return buf.Bytes()
-	}
-	if data[len(data)-1] == 0 {
-		// Don't serialize last 0, C strings are 0-terminated anyway.
-		data = data[:len(data)-1]
+		panic("empty data arg")
 	}
 	buf := new(bytes.Buffer)
-	for _, v := range data {
-		switch v {
-		case '\t':
-			buf.Write([]byte{'\\', 't'})
-		case '\r':
-			buf.Write([]byte{'\\', 'r'})
-		case '\n':
-			buf.Write([]byte{'\\', 'n'})
-		case '\\':
-			buf.Write([]byte{'\\', '\\'})
-		case '"':
-			buf.Write([]byte{'\\', '"'})
-		default:
-			if v < 0x20 || v >= 0x7f {
-				panic("unexpected char during data serialization")
-			}
-			buf.WriteByte(v)
-		}
-	}
+	prog.EncodeData(buf, data, readable)
 	return buf.Bytes()
 }
-
-func isReadable(v byte) bool {
-	return v >= 0x20 && v < 0x7f || v == '\t' || v == '\r' || v == '\n'
-}
-
-func toHex(v byte) byte {
-	if v < 10 {
-		return '0' + v
-	}
-	return 'a' + v - 10
-}
diff --git a/prog/decodeexec.go b/prog/decodeexec.go
index 5866d8627..c57597437 100644
--- a/prog/decodeexec.go
+++ b/prog/decodeexec.go
@@ -52,7 +52,8 @@ type ExecArgResult struct {
 }
 
 type ExecArgData struct {
-	Data []byte
+	Data     []byte
+	Readable bool
 }
 
 type ExecArgCsum struct {
@@ -161,8 +162,12 @@ func (dec *execDecoder) readArg() ExecArg {
 		dec.vars[arg.Index] = arg.Default
 		return arg
 	case execArgData:
+		flags := dec.read()
+		size := flags & ^execArgDataReadable
+		readable := flags&execArgDataReadable != 0
 		return ExecArgData{
-			Data: dec.readBlob(dec.read()),
+			Data:     dec.readBlob(size),
+			Readable: readable,
 		}
 	case execArgCsum:
 		size := dec.read()
diff --git a/prog/encoding.go b/prog/encoding.go
index 9b4e9c6b6..d7f25afe2 100644
--- a/prog/encoding.go
+++ b/prog/encoding.go
@@ -102,19 +102,20 @@ func (a *PointerArg) serialize(ctx *serializer) {
 }
 
 func (a *DataArg) serialize(ctx *serializer) {
-	if a.Type().Dir() == DirOut {
+	typ := a.Type().(*BufferType)
+	if typ.Dir() == DirOut {
 		ctx.printf("\"\"/%v", a.Size())
 		return
 	}
 	data := a.Data()
-	if !a.Type().Varlen() {
+	if !typ.Varlen() {
 		// Statically typed data will be padded with 0s during
 		// deserialization, so we can strip them here for readability.
 		for len(data) >= 2 && data[len(data)-1] == 0 && data[len(data)-2] == 0 {
 			data = data[:len(data)-1]
 		}
 	}
-	serializeData(ctx.buf, data)
+	serializeData(ctx.buf, data, isReadableDataType(typ))
 }
 
 func (a *GroupArg) serialize(ctx *serializer) {
@@ -726,28 +727,31 @@ func (p *parser) parseAddr() (uint64, uint64, error) {
 	return addr, vmaSize, nil
 }
 
-func serializeData(buf *bytes.Buffer, data []byte) {
-	readable := true
-	for _, v := range data {
-		if v >= 0x20 && v < 0x7f {
-			continue
-		}
-		switch v {
-		case 0, '\a', '\b', '\f', '\n', '\r', '\t', '\v':
-			continue
-		}
-		readable = false
-		break
-	}
-	if !readable || len(data) == 0 {
+func serializeData(buf *bytes.Buffer, data []byte, readable bool) {
+	if !readable && !isReadableData(data) {
 		fmt.Fprintf(buf, "\"%v\"", hex.EncodeToString(data))
 		return
 	}
 	buf.WriteByte('\'')
+	encodeData(buf, data, true)
+	buf.WriteByte('\'')
+}
+
+func EncodeData(buf *bytes.Buffer, data []byte, readable bool) {
+	if !readable && isReadableData(data) {
+		readable = true
+	}
+	encodeData(buf, data, readable)
+}
+
+func encodeData(buf *bytes.Buffer, data []byte, readable bool) {
 	for _, v := range data {
+		if !readable {
+			lo, hi := byteToHex(v)
+			buf.Write([]byte{'\\', 'x', hi, lo})
+			continue
+		}
 		switch v {
-		case 0:
-			buf.Write([]byte{'\\', 'x', '0', '0'})
 		case '\a':
 			buf.Write([]byte{'\\', 'a'})
 		case '\b':
@@ -764,13 +768,40 @@ func serializeData(buf *bytes.Buffer, data []byte) {
 			buf.Write([]byte{'\\', 'v'})
 		case '\'':
 			buf.Write([]byte{'\\', '\''})
+		case '"':
+			buf.Write([]byte{'\\', '"'})
 		case '\\':
 			buf.Write([]byte{'\\', '\\'})
 		default:
-			buf.WriteByte(v)
+			if isPrintable(v) {
+				buf.WriteByte(v)
+			} else {
+				lo, hi := byteToHex(v)
+				buf.Write([]byte{'\\', 'x', hi, lo})
+			}
 		}
 	}
-	buf.WriteByte('\'')
+}
+
+func isReadableDataType(typ *BufferType) bool {
+	return typ.Kind == BufferString || typ.Kind == BufferFilename
+}
+
+func isReadableData(data []byte) bool {
+	if len(data) == 0 {
+		return false
+	}
+	for _, v := range data {
+		if isPrintable(v) {
+			continue
+		}
+		switch v {
+		case 0, '\a', '\b', '\f', '\n', '\r', '\t', '\v':
+			continue
+		}
+		return false
+	}
+	return true
 }
 
 func (p *parser) deserializeData() ([]byte, error) {
@@ -802,11 +833,7 @@ func (p *parser) deserializeData() ([]byte, error) {
 			case 'x':
 				hi := p.consume()
 				lo := p.consume()
-				if lo != '0' || hi != '0' {
-					return nil, fmt.Errorf(
-						"invalid \\x%c%c escape sequence in data arg", hi, lo)
-				}
-				data = append(data, 0)
+				data = append(data, hexToByte(lo, hi))
 			case 'a':
 				data = append(data, '\a')
 			case 'b':
@@ -823,6 +850,8 @@ func (p *parser) deserializeData() ([]byte, error) {
 				data = append(data, '\v')
 			case '\'':
 				data = append(data, '\'')
+			case '"':
+				data = append(data, '"')
 			case '\\':
 				data = append(data, '\\')
 			default:
@@ -834,6 +863,38 @@ func (p *parser) deserializeData() ([]byte, error) {
 	return data, nil
 }
 
+func isPrintable(v byte) bool {
+	return v >= 0x20 && v < 0x7f
+}
+
+func byteToHex(v byte) (lo, hi byte) {
+	return toHexChar(v & 0xf), toHexChar(v >> 4)
+}
+
+func hexToByte(lo, hi byte) byte {
+	return fromHexChar(hi)<<4 + fromHexChar(lo)
+}
+
+func toHexChar(v byte) byte {
+	if v >= 16 {
+		panic("bad hex char")
+	}
+	if v < 10 {
+		return '0' + v
+	}
+	return 'a' + v - 10
+}
+
+func fromHexChar(v byte) byte {
+	if v >= '0' && v <= '9' {
+		return v - '0'
+	}
+	if v >= 'a' && v <= 'f' {
+		return v - 'a' + 10
+	}
+	panic("bad hex char")
+}
+
 type parser struct {
 	target  *Target
 	strict  bool
diff --git a/prog/encoding_test.go b/prog/encoding_test.go
index ac670a8ab..f828123db 100644
--- a/prog/encoding_test.go
+++ b/prog/encoding_test.go
@@ -28,23 +28,25 @@ func setToArray(s map[string]struct{}) []string {
 func TestSerializeData(t *testing.T) {
 	t.Parallel()
 	r := rand.New(rand.NewSource(0))
-	for i := 0; i < 1e4; i++ {
-		data := make([]byte, r.Intn(4))
-		for i := range data {
-			data[i] = byte(r.Intn(256))
-		}
-		buf := new(bytes.Buffer)
-		serializeData(buf, data)
-		p := newParser(nil, buf.Bytes(), true)
-		if !p.Scan() {
-			t.Fatalf("parser does not scan")
-		}
-		data1, err := p.deserializeData()
-		if err != nil {
-			t.Fatalf("failed to deserialize %q -> %s: %v", data, buf.Bytes(), err)
-		}
-		if !bytes.Equal(data, data1) {
-			t.Fatalf("corrupted data %q -> %s -> %q", data, buf.Bytes(), data1)
+	for _, readable := range []bool{false, true} {
+		for i := 0; i < 1e3; i++ {
+			data := make([]byte, r.Intn(4))
+			for i := range data {
+				data[i] = byte(r.Intn(256))
+			}
+			buf := new(bytes.Buffer)
+			serializeData(buf, data, readable)
+			p := newParser(nil, buf.Bytes(), true)
+			if !p.Scan() {
+				t.Fatalf("parser does not scan")
+			}
+			data1, err := p.deserializeData()
+			if err != nil {
+				t.Fatalf("failed to deserialize %q -> %s: %v", data, buf.Bytes(), err)
+			}
+			if !bytes.Equal(data, data1) {
+				t.Fatalf("corrupted data %q -> %s -> %q", data, buf.Bytes(), data1)
+			}
 		}
 	}
 }
@@ -253,6 +255,18 @@ func TestDeserialize(t *testing.T) {
 			input: `test$auto0(AUTO, &AUTO={AUTO, AUTO, AUTO}, AUTO, 0x0)`,
 			err:   regexp.MustCompile(`wrong type \*prog\.IntType for AUTO`),
 		},
+		{
+			input:  `test$str0(&AUTO="303100090a0d7022273a")`,
+			output: `test$str0(&(0x7f0000000040)='01\x00\t\n\rp\"\':')`,
+		},
+		{
+			input:  `test$blob0(&AUTO="303100090a0d7022273a")`,
+			output: `test$blob0(&(0x7f0000000040)='01\x00\t\n\rp\"\':')`,
+		},
+		{
+			input:  `test$blob0(&AUTO="3031000a0d7022273a01")`,
+			output: `test$blob0(&(0x7f0000000040)="3031000a0d7022273a01")`,
+		},
 	}
 	buf := make([]byte, ExecBufferSize)
 	for _, test := range tests {
diff --git a/prog/encodingexec.go b/prog/encodingexec.go
index 651ecef51..2d2f02e57 100644
--- a/prog/encodingexec.go
+++ b/prog/encodingexec.go
@@ -35,6 +35,8 @@ const (
 	execArgResult
 	execArgData
 	execArgCsum
+
+	execArgDataReadable = uint64(1 << 63)
 )
 
 const (
@@ -255,8 +257,15 @@ func (w *execContext) writeArg(arg Arg) {
 		w.writeConstArg(a.Size(), w.target.PhysicalAddr(a), 0, 0, 0, FormatNative)
 	case *DataArg:
 		data := a.Data()
+		if len(data) == 0 {
+			return
+		}
 		w.write(execArgData)
-		w.write(uint64(len(data)))
+		flags := uint64(len(data))
+		if isReadableDataType(a.Type().(*BufferType)) {
+			flags |= execArgDataReadable
+		}
+		w.write(flags)
 		padded := len(data)
 		if pad := 8 - len(data)%8; pad != 8 {
 			padded += pad
diff --git a/sys/test/exec.txt b/sys/test/exec.txt
index 83da4708d..80180ca14 100644
--- a/sys/test/exec.txt
+++ b/sys/test/exec.txt
@@ -3,7 +3,7 @@
 
 syz_mmap(addr vma, len len[addr])
 syz_errno(v int32)
-syz_compare(want ptr[in, string], want_len len[want], got ptr[in, compare_data], got_len len[got])
+syz_compare(want ptr[in, string], want_len bytesize[want], got ptr[in, compare_data], got_len bytesize[got])
 
 compare_data [
 	align0	align0
@@ -11,6 +11,9 @@ compare_data [
 	bf1	syz_bf_struct1
 	bf2	syz_bf_struct2
 	bf3	syz_bf_struct3
+	str	string
+	blob	array[int8]
+	arr16be	array[int16be]
 ] [varlen]
 
 align0 {
diff --git a/sys/test/gen/32_fork_shmem.go b/sys/test/gen/32_fork_shmem.go
index dfcc705dc..c05ba8b3d 100644
--- a/sys/test/gen/32_fork_shmem.go
+++ b/sys/test/gen/32_fork_shmem.go
@@ -29,6 +29,9 @@ var structDescs_32_fork_shmem = []*KeyedStruct{
 		&StructType{Key: StructKey{Name: "syz_bf_struct1"}, FldName: "bf1"},
 		&StructType{Key: StructKey{Name: "syz_bf_struct2"}, FldName: "bf2"},
 		&StructType{Key: StructKey{Name: "syz_bf_struct3"}, FldName: "bf3"},
+		&BufferType{TypeCommon: TypeCommon{TypeName: "string", FldName: "str", IsVarlen: true}, Kind: 2},
+		&BufferType{TypeCommon: TypeCommon{TypeName: "array", FldName: "blob", IsVarlen: true}},
+		&ArrayType{TypeCommon: TypeCommon{TypeName: "array", FldName: "arr16be", IsVarlen: true}, Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int16be", TypeSize: 2}, ArgFormat: 1}}},
 	}}},
 	{Key: StructKey{Name: "syz_bf_struct0"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "syz_bf_struct0", TypeSize: 32}, Fields: []Type{
 		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "syz_bf_flags", FldName: "f0", TypeSize: 2}, BitfieldLen: 10}, Vals: []uint64{0, 1, 2}, BitMask: true},
@@ -72,9 +75,9 @@ var structDescs_32_fork_shmem = []*KeyedStruct{
 var syscalls_32_fork_shmem = []*Syscall{
 	{Name: "syz_compare", CallName: "syz_compare", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "want", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "string", IsVarlen: true}, Kind: 2}},
-		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "want_len", TypeSize: 4}}, Buf: "want"},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "bytesize", FldName: "want_len", TypeSize: 4}}, BitSize: 8, Buf: "want"},
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "got", TypeSize: 4}, Type: &UnionType{Key: StructKey{Name: "compare_data"}}},
-		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "got_len", TypeSize: 4}}, Buf: "got"},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "bytesize", FldName: "got_len", TypeSize: 4}}, BitSize: 8, Buf: "got"},
 	}},
 	{Name: "syz_errno", CallName: "syz_errno", Args: []Type{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "v", TypeSize: 4}}},
@@ -95,4 +98,4 @@ var consts_32_fork_shmem = []ConstValue{
 	{Name: "ONLY_32BITS_CONST", Value: 1},
 }
 
-const revision_32_fork_shmem = "f0257b726ddd3b09086a9525a4aae0e0d8cfa6af"
+const revision_32_fork_shmem = "1cb234b0ee2b1630b831f86086747c3e008060c2"
diff --git a/sys/test/gen/32_shmem.go b/sys/test/gen/32_shmem.go
index ba9b6f103..8ccf8a0fc 100644
--- a/sys/test/gen/32_shmem.go
+++ b/sys/test/gen/32_shmem.go
@@ -29,6 +29,9 @@ var structDescs_32_shmem = []*KeyedStruct{
 		&StructType{Key: StructKey{Name: "syz_bf_struct1"}, FldName: "bf1"},
 		&StructType{Key: StructKey{Name: "syz_bf_struct2"}, FldName: "bf2"},
 		&StructType{Key: StructKey{Name: "syz_bf_struct3"}, FldName: "bf3"},
+		&BufferType{TypeCommon: TypeCommon{TypeName: "string", FldName: "str", IsVarlen: true}, Kind: 2},
+		&BufferType{TypeCommon: TypeCommon{TypeName: "array", FldName: "blob", IsVarlen: true}},
+		&ArrayType{TypeCommon: TypeCommon{TypeName: "array", FldName: "arr16be", IsVarlen: true}, Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int16be", TypeSize: 2}, ArgFormat: 1}}},
 	}}},
 	{Key: StructKey{Name: "syz_bf_struct0"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "syz_bf_struct0", TypeSize: 32}, Fields: []Type{
 		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "syz_bf_flags", FldName: "f0", TypeSize: 2}, BitfieldLen: 10}, Vals: []uint64{0, 1, 2}, BitMask: true},
@@ -72,9 +75,9 @@ var structDescs_32_shmem = []*KeyedStruct{
 var syscalls_32_shmem = []*Syscall{
 	{Name: "syz_compare", CallName: "syz_compare", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "want", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "string", IsVarlen: true}, Kind: 2}},
-		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "want_len", TypeSize: 4}}, Buf: "want"},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "bytesize", FldName: "want_len", TypeSize: 4}}, BitSize: 8, Buf: "want"},
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "got", TypeSize: 4}, Type: &UnionType{Key: StructKey{Name: "compare_data"}}},
-		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "got_len", TypeSize: 4}}, Buf: "got"},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "bytesize", FldName: "got_len", TypeSize: 4}}, BitSize: 8, Buf: "got"},
 	}},
 	{Name: "syz_errno", CallName: "syz_errno", Args: []Type{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "v", TypeSize: 4}}},
@@ -95,4 +98,4 @@ var consts_32_shmem = []ConstValue{
 	{Name: "ONLY_32BITS_CONST", Value: 1},
 }
 
-const revision_32_shmem = "136d60e9280b55ca8a1f24fed877e2f0ae72e348"
+const revision_32_shmem = "8da90b7592aadc1f08e0ae1cb56ecb1ce2d0ad38"
diff --git a/sys/test/gen/64.go b/sys/test/gen/64.go
index d3c24241d..0c7f78426 100644
--- a/sys/test/gen/64.go
+++ b/sys/test/gen/64.go
@@ -76,6 +76,9 @@ var structDescs_64 = []*KeyedStruct{
 		&StructType{Key: StructKey{Name: "syz_bf_struct1"}, FldName: "bf1"},
 		&StructType{Key: StructKey{Name: "syz_bf_struct2"}, FldName: "bf2"},
 		&StructType{Key: StructKey{Name: "syz_bf_struct3"}, FldName: "bf3"},
+		&BufferType{TypeCommon: TypeCommon{TypeName: "string", FldName: "str", IsVarlen: true}, Kind: 2},
+		&BufferType{TypeCommon: TypeCommon{TypeName: "array", FldName: "blob", IsVarlen: true}},
+		&ArrayType{TypeCommon: TypeCommon{TypeName: "array", FldName: "arr16be", IsVarlen: true}, Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int16be", TypeSize: 2}, ArgFormat: 1}}},
 	}}},
 	{Key: StructKey{Name: "excessive_fields"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "excessive_fields", TypeSize: 1}, Fields: []Type{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int8", FldName: "f1", TypeSize: 1}}},
@@ -617,9 +620,9 @@ var syscalls_64 = []*Syscall{
 	}},
 	{Name: "syz_compare", CallName: "syz_compare", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "want", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "string", IsVarlen: true}, Kind: 2}},
-		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "want_len", TypeSize: 8}}, Buf: "want"},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "bytesize", FldName: "want_len", TypeSize: 8}}, BitSize: 8, Buf: "want"},
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "got", TypeSize: 8}, Type: &UnionType{Key: StructKey{Name: "compare_data"}}},
-		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "got_len", TypeSize: 8}}, Buf: "got"},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "bytesize", FldName: "got_len", TypeSize: 8}}, BitSize: 8, Buf: "got"},
 	}},
 	{Name: "syz_errno", CallName: "syz_errno", Args: []Type{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "v", TypeSize: 4}}},
@@ -677,6 +680,9 @@ var syscalls_64 = []*Syscall{
 	{Name: "test$bf1", CallName: "test", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "syz_bf_struct1"}}},
 	}},
+	{Name: "test$blob0", CallName: "test", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}}},
+	}},
 	{Name: "test$csum_encode", CallName: "test", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "syz_csum_encode"}}},
 	}},
@@ -865,6 +871,9 @@ var syscalls_64 = []*Syscall{
 		&ResourceType{TypeCommon: TypeCommon{TypeName: "syz_res", FldName: "a0", TypeSize: 4}},
 	}},
 	{Name: "test$res2", CallName: "test", Ret: &ResourceType{TypeCommon: TypeCommon{TypeName: "fd", FldName: "ret", TypeSize: 4, ArgDir: 1}}},
+	{Name: "test$str0", CallName: "test", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "string", IsVarlen: true}, Kind: 2}},
+	}},
 	{Name: "test$struct", CallName: "test", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "a0", TypeSize: 8}, Type: &StructType{Key: StructKey{Name: "syz_struct0"}}},
 	}},
@@ -940,4 +949,4 @@ var consts_64 = []ConstValue{
 	{Name: "SYS_unsupported"},
 }
 
-const revision_64 = "ece48c7de48771745acdea340f4c52c47e058e65"
+const revision_64 = "d81730cda36dc2946536413b33737c5635fabb71"
diff --git a/sys/test/gen/64_fork.go b/sys/test/gen/64_fork.go
index 9e93e56c8..4d53ca53e 100644
--- a/sys/test/gen/64_fork.go
+++ b/sys/test/gen/64_fork.go
@@ -29,6 +29,9 @@ var structDescs_64_fork = []*KeyedStruct{
 		&StructType{Key: StructKey{Name: "syz_bf_struct1"}, FldName: "bf1"},
 		&StructType{Key: StructKey{Name: "syz_bf_struct2"}, FldName: "bf2"},
 		&StructType{Key: StructKey{Name: "syz_bf_struct3"}, FldName: "bf3"},
+		&BufferType{TypeCommon: TypeCommon{TypeName: "string", FldName: "str", IsVarlen: true}, Kind: 2},
+		&BufferType{TypeCommon: TypeCommon{TypeName: "array", FldName: "blob", IsVarlen: true}},
+		&ArrayType{TypeCommon: TypeCommon{TypeName: "array", FldName: "arr16be", IsVarlen: true}, Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int16be", TypeSize: 2}, ArgFormat: 1}}},
 	}}},
 	{Key: StructKey{Name: "syz_bf_struct0"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "syz_bf_struct0", TypeSize: 32}, Fields: []Type{
 		&FlagsType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "syz_bf_flags", FldName: "f0", TypeSize: 2}, BitfieldLen: 10}, Vals: []uint64{0, 1, 2}, BitMask: true},
@@ -72,9 +75,9 @@ var structDescs_64_fork = []*KeyedStruct{
 var syscalls_64_fork = []*Syscall{
 	{Name: "syz_compare", CallName: "syz_compare", Args: []Type{
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "want", TypeSize: 8}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "string", IsVarlen: true}, Kind: 2}},
-		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "want_len", TypeSize: 8}}, Buf: "want"},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "bytesize", FldName: "want_len", TypeSize: 8}}, BitSize: 8, Buf: "want"},
 		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "got", TypeSize: 8}, Type: &UnionType{Key: StructKey{Name: "compare_data"}}},
-		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "got_len", TypeSize: 8}}, Buf: "got"},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "bytesize", FldName: "got_len", TypeSize: 8}}, BitSize: 8, Buf: "got"},
 	}},
 	{Name: "syz_errno", CallName: "syz_errno", Args: []Type{
 		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "v", TypeSize: 4}}},
@@ -94,4 +97,4 @@ var consts_64_fork = []ConstValue{
 	{Name: "IPPROTO_UDP", Value: 17},
 }
 
-const revision_64_fork = "0c64cdd471dfa62b3e34ed221afe8472c9125d38"
+const revision_64_fork = "8c3363b9502e6df103438d98f573e2ef70ab34f2"
diff --git a/sys/test/test.txt b/sys/test/test.txt
index 214c42c6c..1d49dffa8 100644
--- a/sys/test/test.txt
+++ b/sys/test/test.txt
@@ -11,6 +11,11 @@ test()
 
 test$int(a0 intptr, a1 int8, a2 int16, a3 int32, a4 int64)
 
+# String types.
+
+test$str0(a ptr[in, string])
+test$blob0(a ptr[in, array[int8]])
+
 # Opt arguments
 
 test$opt0(a0 intptr[opt])
diff --git a/sys/test/test/strings b/sys/test/test/strings
new file mode 100644
index 000000000..5b665ba5a
--- /dev/null
+++ b/sys/test/test/strings
@@ -0,0 +1,3 @@
+syz_compare(&AUTO="303100090a0d7022273a", 0xa, &AUTO=@str='01\x00\t\n\rp\"\':', AUTO)
+syz_compare(&AUTO="303100090a0d7022273a01", 0xb, &AUTO=@blob='01\x00\t\n\rp\"\':\x01', AUTO)
+syz_compare(&AUTO="303100090a0d7022273a0102", 0xc, &AUTO=@arr16be=[0x3031, 0x0009, 0x0a0d, 0x7022, 0x273a, 0x0102], AUTO)
diff --git a/tools/syz-mutate/mutate.go b/tools/syz-mutate/mutate.go
index f2403f75c..63bc47ef5 100644
--- a/tools/syz-mutate/mutate.go
+++ b/tools/syz-mutate/mutate.go
@@ -67,7 +67,7 @@ func main() {
 			fmt.Fprintf(os.Stderr, "failed to read prog file: %v\n", err)
 			os.Exit(1)
 		}
-		p, err = target.Deserialize(data, prog.Strict)
+		p, err = target.Deserialize(data, prog.NonStrict)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "failed to deserialize the program: %v\n", err)
 			os.Exit(1)