20 files changed, 89 insertions, 183 deletions

diff --git a/executor/defs.h b/executor/defs.h
index cdd8519e6..2a83d0141 100644
--- a/executor/defs.h
+++ b/executor/defs.h
@@ -20,7 +20,7 @@
 
 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "06d50288c46275b56218cab0097fcb71a7f0f80e"
+#define SYZ_REVISION "b8fc36a63d4105cc2a16b4671864f7a5adddadaa"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@@ -115,7 +115,7 @@
 
 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "741d8f94955b7b371dee88f03db02ab85d5a9384"
+#define SYZ_REVISION "f7c2c212cb60211857a9c1c50c9336f899bb9ce9"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
diff --git a/prog/target.go b/prog/target.go
index bff59ea4f..db8b1835e 100644
--- a/prog/target.go
+++ b/prog/target.go
@@ -169,6 +169,17 @@ func (target *Target) initTarget() {
 	initAnyTypes(target)
 }
 
+func (target *Target) GetConst(name string) uint64 {
+	if target.ConstMap == nil {
+		panic("GetConst can only be used during target initialization")
+	}
+	v, ok := target.ConstMap[name]
+	if !ok {
+		panic(fmt.Sprintf("const %v is not defined for %v/%v", name, target.OS, target.Arch))
+	}
+	return v
+}
+
 type Gen struct {
 	r *randGen
 	s *state
diff --git a/sys/akaros/init.go b/sys/akaros/init.go
index 91e1345a7..ede55dfe9 100644
--- a/sys/akaros/init.go
+++ b/sys/akaros/init.go
@@ -9,20 +9,21 @@ import (
 )
 
 type arch struct {
-	unix *targets.UnixSanitizer
+	MAP_FIXED uint64
 }
 
 func InitTarget(target *prog.Target) {
 	arch := &arch{
-		unix: targets.MakeUnixSanitizer(target),
+		MAP_FIXED: target.GetConst("MAP_FIXED"),
 	}
 	target.MakeMmap = targets.MakePosixMmap(target)
 	target.SanitizeCall = arch.sanitizeCall
 }
 
 func (arch *arch) sanitizeCall(c *prog.Call) {
-	arch.unix.SanitizeCall(c)
 	switch c.Meta.CallName {
+	case "mmap":
+		c.Args[3].(*prog.ConstArg).Val |= arch.MAP_FIXED
 	case "provision":
 		if pid, ok := c.Args[0].(*prog.ConstArg); ok && uint32(pid.Val) == ^uint32(0) {
 			// pid -1 causes some debugging splat on console.
diff --git a/sys/freebsd/gen/amd64.go b/sys/freebsd/gen/amd64.go
index 5de2ea7bd..00f4e45ca 100644
--- a/sys/freebsd/gen/amd64.go
+++ b/sys/freebsd/gen/amd64.go
@@ -2080,16 +2080,8 @@ var consts_amd64 = []ConstValue{
 	{Name: "LINUX_RLIMIT_NPROC", Value: 6},
 	{Name: "LINUX_RLIMIT_RSS", Value: 5},
 	{Name: "LINUX_RLIMIT_STACK", Value: 3},
-	{Name: "LINUX_SA_NOCLDSTOP", Value: 1},
-	{Name: "LINUX_SA_NOCLDWAIT", Value: 2},
-	{Name: "LINUX_SA_ONSTACK", Value: 134217728},
-	{Name: "LINUX_SA_RESTART", Value: 268435456},
-	{Name: "LINUX_SA_SIGINFO", Value: 4},
 	{Name: "LINUX_SCM_CREDENTIALS", Value: 2},
 	{Name: "LINUX_SCM_RIGHTS", Value: 1},
-	{Name: "LINUX_SIG_BLOCK"},
-	{Name: "LINUX_SIG_SETMASK", Value: 2},
-	{Name: "LINUX_SIG_UNBLOCK", Value: 1},
 	{Name: "LINUX_SOCK_DGRAM", Value: 2},
 	{Name: "LINUX_SOCK_RAW", Value: 3},
 	{Name: "LINUX_SOCK_RDM", Value: 4},
@@ -2127,7 +2119,7 @@ var consts_amd64 = []ConstValue{
 	{Name: "MADV_SEQUENTIAL", Value: 2},
 	{Name: "MADV_WILLNEED", Value: 3},
 	{Name: "MAP_32BIT", Value: 524288},
-	{Name: "MAP_ANON", Value: 4096},
+	{Name: "MAP_ANONYMOUS", Value: 4096},
 	{Name: "MAP_FILE"},
 	{Name: "MAP_FIXED", Value: 16},
 	{Name: "MAP_PRIVATE", Value: 2},
@@ -2188,21 +2180,9 @@ var consts_amd64 = []ConstValue{
 	{Name: "POLLRDNORM", Value: 64},
 	{Name: "POLLWRBAND", Value: 256},
 	{Name: "POLLWRNORM", Value: 4},
-	{Name: "POSIX_FADV_DONTNEED", Value: 4},
-	{Name: "POSIX_FADV_NOREUSE", Value: 5},
-	{Name: "POSIX_FADV_NORMAL"},
-	{Name: "POSIX_FADV_RANDOM", Value: 1},
-	{Name: "POSIX_FADV_SEQUENTIAL", Value: 2},
-	{Name: "POSIX_FADV_WILLNEED", Value: 3},
-	{Name: "PRIO_PGRP", Value: 1},
-	{Name: "PRIO_PROCESS"},
-	{Name: "PRIO_USER", Value: 2},
 	{Name: "PROT_EXEC", Value: 4},
 	{Name: "PROT_READ", Value: 1},
 	{Name: "PROT_WRITE", Value: 2},
-	{Name: "P_ALL", Value: 7},
-	{Name: "P_PGID", Value: 2},
-	{Name: "P_PID"},
 	{Name: "RLIMIT_AS", Value: 10},
 	{Name: "RLIMIT_CORE", Value: 4},
 	{Name: "RLIMIT_CPU"},
@@ -2216,13 +2196,6 @@ var consts_amd64 = []ConstValue{
 	{Name: "RUSAGE_CHILDREN", Value: 18446744073709551615},
 	{Name: "RUSAGE_SELF"},
 	{Name: "RUSAGE_THREAD", Value: 1},
-	{Name: "SA_NOCLDSTOP", Value: 8},
-	{Name: "SA_NOCLDWAIT", Value: 32},
-	{Name: "SA_NODEFER", Value: 16},
-	{Name: "SA_ONSTACK", Value: 1},
-	{Name: "SA_RESETHAND", Value: 4},
-	{Name: "SA_RESTART", Value: 2},
-	{Name: "SA_SIGINFO", Value: 64},
 	{Name: "SCM_RIGHTS", Value: 1},
 	{Name: "SEEK_CUR", Value: 1},
 	{Name: "SEEK_DATA", Value: 3},
@@ -2242,13 +2215,6 @@ var consts_amd64 = []ConstValue{
 	{Name: "SHM_UNLOCK", Value: 12},
 	{Name: "SHUT_RD"},
 	{Name: "SHUT_WR", Value: 1},
-	{Name: "SIGEV_NONE"},
-	{Name: "SIGEV_SIGNAL", Value: 1},
-	{Name: "SIGEV_THREAD", Value: 2},
-	{Name: "SIGEV_THREAD_ID", Value: 4},
-	{Name: "SIG_BLOCK", Value: 1},
-	{Name: "SIG_SETMASK", Value: 3},
-	{Name: "SIG_UNBLOCK", Value: 2},
 	{Name: "SOCK_CLOEXEC", Value: 268435456},
 	{Name: "SOCK_DGRAM", Value: 2},
 	{Name: "SOCK_NONBLOCK", Value: 536870912},
@@ -2446,4 +2412,4 @@ var consts_amd64 = []ConstValue{
 	{Name: "WUNTRACED", Value: 2},
 }
 
-const revision_amd64 = "06d50288c46275b56218cab0097fcb71a7f0f80e"
+const revision_amd64 = "b8fc36a63d4105cc2a16b4671864f7a5adddadaa"
diff --git a/sys/freebsd/posix_mm.txt b/sys/freebsd/posix_mm.txt
index 0c421000c..cf363e3b5 100644
--- a/sys/freebsd/posix_mm.txt
+++ b/sys/freebsd/posix_mm.txt
@@ -16,6 +16,8 @@ munlockall()
 
 mmap_prot = PROT_EXEC, PROT_READ, PROT_WRITE
 msync_flags = MS_ASYNC, MS_SYNC, MS_INVALIDATE
-mmap_flags = MAP_SHARED, MAP_PRIVATE, MAP_32BIT, MAP_ANON, MAP_FILE, MAP_FIXED, MAP_STACK
+mmap_flags = MAP_SHARED, MAP_PRIVATE, MAP_32BIT, MAP_ANONYMOUS, MAP_FILE, MAP_FIXED, MAP_STACK
 madvise_flags = MADV_NORMAL, MADV_RANDOM, MADV_SEQUENTIAL, MADV_WILLNEED, MADV_DONTNEED
 mlockall_flags = MCL_CURRENT, MCL_FUTURE
+
+define MAP_ANONYMOUS	MAP_ANON
diff --git a/sys/freebsd/posix_mm_amd64.const b/sys/freebsd/posix_mm_amd64.const
index c8550ad8b..234ee7125 100644
--- a/sys/freebsd/posix_mm_amd64.const
+++ b/sys/freebsd/posix_mm_amd64.const
@@ -5,7 +5,7 @@ MADV_RANDOM = 1
 MADV_SEQUENTIAL = 2
 MADV_WILLNEED = 3
 MAP_32BIT = 524288
-MAP_ANON = 4096
+MAP_ANONYMOUS = 4096
 MAP_FILE = 0
 MAP_FIXED = 16
 MAP_PRIVATE = 2
diff --git a/sys/freebsd/sys_amd64.const b/sys/freebsd/sys_amd64.const
index aa6a370dd..74aebbbae 100644
--- a/sys/freebsd/sys_amd64.const
+++ b/sys/freebsd/sys_amd64.const
@@ -45,20 +45,11 @@ LINUX_RLIMIT_NOFILE = 7
 LINUX_RLIMIT_NPROC = 6
 LINUX_RLIMIT_RSS = 5
 LINUX_RLIMIT_STACK = 3
-LINUX_SA_NOCLDSTOP = 1
-LINUX_SA_NOCLDWAIT = 2
-LINUX_SA_ONSTACK = 134217728
-LINUX_SA_RESTART = 268435456
-LINUX_SA_SIGINFO = 4
-LINUX_SIG_BLOCK = 0
-LINUX_SIG_SETMASK = 2
-LINUX_SIG_UNBLOCK = 1
 LOCK_EX = 2
 LOCK_NB = 4
 LOCK_SH = 1
 LOCK_UN = 8
 O_APPEND = 8
-O_CLOEXEC = 1048576
 O_DIRECT = 65536
 O_NONBLOCK = 4
 POLLERR = 8
@@ -72,18 +63,6 @@ POLLRDBAND = 128
 POLLRDNORM = 64
 POLLWRBAND = 256
 POLLWRNORM = 4
-POSIX_FADV_DONTNEED = 4
-POSIX_FADV_NOREUSE = 5
-POSIX_FADV_NORMAL = 0
-POSIX_FADV_RANDOM = 1
-POSIX_FADV_SEQUENTIAL = 2
-POSIX_FADV_WILLNEED = 3
-PRIO_PGRP = 1
-PRIO_PROCESS = 0
-PRIO_USER = 2
-P_ALL = 7
-P_PGID = 2
-P_PID = 0
 RLIMIT_AS = 10
 RLIMIT_CORE = 4
 RLIMIT_CPU = 0
@@ -97,20 +76,6 @@ RLIMIT_STACK = 3
 RUSAGE_CHILDREN = 18446744073709551615
 RUSAGE_SELF = 0
 RUSAGE_THREAD = 1
-SA_NOCLDSTOP = 8
-SA_NOCLDWAIT = 32
-SA_NODEFER = 16
-SA_ONSTACK = 1
-SA_RESETHAND = 4
-SA_RESTART = 2
-SA_SIGINFO = 64
-SIGEV_NONE = 0
-SIGEV_SIGNAL = 1
-SIGEV_THREAD = 2
-SIGEV_THREAD_ID = 4
-SIG_BLOCK = 1
-SIG_SETMASK = 3
-SIG_UNBLOCK = 2
 SYS_chdir = 12
 SYS_chmod = 15
 SYS_chown = 16
diff --git a/sys/linux/init.go b/sys/linux/init.go
index f545abdf4..09fca92fc 100644
--- a/sys/linux/init.go
+++ b/sys/linux/init.go
@@ -14,22 +14,24 @@ func InitTarget(target *prog.Target) {
 	arch := &arch{
 		unix:                      targets.MakeUnixSanitizer(target),
 		clockGettimeSyscall:       target.SyscallMap["clock_gettime"],
-		SYSLOG_ACTION_CONSOLE_OFF: target.ConstMap["SYSLOG_ACTION_CONSOLE_OFF"],
-		SYSLOG_ACTION_CONSOLE_ON:  target.ConstMap["SYSLOG_ACTION_CONSOLE_ON"],
-		SYSLOG_ACTION_SIZE_UNREAD: target.ConstMap["SYSLOG_ACTION_SIZE_UNREAD"],
-		FIFREEZE:                  target.ConstMap["FIFREEZE"],
-		FITHAW:                    target.ConstMap["FITHAW"],
-		EXT4_IOC_SHUTDOWN:         target.ConstMap["EXT4_IOC_SHUTDOWN"],
-		EXT4_IOC_MIGRATE:          target.ConstMap["EXT4_IOC_MIGRATE"],
-		FAN_OPEN_PERM:             target.ConstMap["FAN_OPEN_PERM"],
-		FAN_ACCESS_PERM:           target.ConstMap["FAN_ACCESS_PERM"],
-		PTRACE_TRACEME:            target.ConstMap["PTRACE_TRACEME"],
-		CLOCK_REALTIME:            target.ConstMap["CLOCK_REALTIME"],
-		ARCH_SET_FS:               target.ConstMap["ARCH_SET_FS"],
-		ARCH_SET_GS:               target.ConstMap["ARCH_SET_GS"],
-		AF_NFC:                    target.ConstMap["AF_NFC"],
-		AF_LLC:                    target.ConstMap["AF_LLC"],
-		AF_BLUETOOTH:              target.ConstMap["AF_BLUETOOTH"],
+		MREMAP_MAYMOVE:            target.GetConst("MREMAP_MAYMOVE"),
+		MREMAP_FIXED:              target.GetConst("MREMAP_FIXED"),
+		SYSLOG_ACTION_CONSOLE_OFF: target.GetConst("SYSLOG_ACTION_CONSOLE_OFF"),
+		SYSLOG_ACTION_CONSOLE_ON:  target.GetConst("SYSLOG_ACTION_CONSOLE_ON"),
+		SYSLOG_ACTION_SIZE_UNREAD: target.GetConst("SYSLOG_ACTION_SIZE_UNREAD"),
+		FIFREEZE:                  target.GetConst("FIFREEZE"),
+		FITHAW:                    target.GetConst("FITHAW"),
+		EXT4_IOC_SHUTDOWN:         target.GetConst("EXT4_IOC_SHUTDOWN"),
+		EXT4_IOC_MIGRATE:          target.GetConst("EXT4_IOC_MIGRATE"),
+		FAN_OPEN_PERM:             target.GetConst("FAN_OPEN_PERM"),
+		FAN_ACCESS_PERM:           target.GetConst("FAN_ACCESS_PERM"),
+		PTRACE_TRACEME:            target.GetConst("PTRACE_TRACEME"),
+		CLOCK_REALTIME:            target.GetConst("CLOCK_REALTIME"),
+		ARCH_SET_FS:               target.GetConst("ARCH_SET_FS"),
+		ARCH_SET_GS:               target.GetConst("ARCH_SET_GS"),
+		AF_NFC:                    target.GetConst("AF_NFC"),
+		AF_LLC:                    target.GetConst("AF_LLC"),
+		AF_BLUETOOTH:              target.GetConst("AF_BLUETOOTH"),
 	}
 
 	target.MakeMmap = targets.MakePosixMmap(target)
@@ -70,10 +72,10 @@ func InitTarget(target *prog.Target) {
 	}
 
 	if target.Arch == runtime.GOARCH {
-		KCOV_INIT_TRACE = uintptr(target.ConstMap["KCOV_INIT_TRACE"])
-		KCOV_ENABLE = uintptr(target.ConstMap["KCOV_ENABLE"])
-		KCOV_DISABLE = uintptr(target.ConstMap["KCOV_DISABLE"])
-		KCOV_TRACE_CMP = uintptr(target.ConstMap["KCOV_TRACE_CMP"])
+		KCOV_INIT_TRACE = uintptr(target.GetConst("KCOV_INIT_TRACE"))
+		KCOV_ENABLE = uintptr(target.GetConst("KCOV_ENABLE"))
+		KCOV_DISABLE = uintptr(target.GetConst("KCOV_DISABLE"))
+		KCOV_TRACE_CMP = uintptr(target.GetConst("KCOV_TRACE_CMP"))
 	}
 }
 
@@ -90,6 +92,8 @@ type arch struct {
 
 	clockGettimeSyscall *prog.Syscall
 
+	MREMAP_MAYMOVE            uint64
+	MREMAP_FIXED              uint64
 	SYSLOG_ACTION_CONSOLE_OFF uint64
 	SYSLOG_ACTION_CONSOLE_ON  uint64
 	SYSLOG_ACTION_SIZE_UNREAD uint64
@@ -111,6 +115,12 @@ type arch struct {
 func (arch *arch) sanitizeCall(c *prog.Call) {
 	arch.unix.SanitizeCall(c)
 	switch c.Meta.CallName {
+	case "mremap":
+		// Add MREMAP_FIXED flag, otherwise it produces non-deterministic results.
+		flags := c.Args[3].(*prog.ConstArg)
+		if flags.Val&arch.MREMAP_MAYMOVE != 0 {
+			flags.Val |= arch.MREMAP_FIXED
+		}
 	case "syslog":
 		cmd := c.Args[0].(*prog.ConstArg)
 		cmd.Val = uint64(uint32(cmd.Val))
diff --git a/sys/netbsd/gen/amd64.go b/sys/netbsd/gen/amd64.go
index ece51bee1..441dd86f3 100644
--- a/sys/netbsd/gen/amd64.go
+++ b/sys/netbsd/gen/amd64.go
@@ -1396,6 +1396,7 @@ var consts_amd64 = []ConstValue{
 	{Name: "MADV_SEQUENTIAL", Value: 2},
 	{Name: "MADV_WILLNEED", Value: 3},
 	{Name: "MAP_ANON", Value: 4096},
+	{Name: "MAP_ANONYMOUS", Value: 4096},
 	{Name: "MAP_FILE"},
 	{Name: "MAP_FIXED", Value: 16},
 	{Name: "MAP_HASSEMAPHORE", Value: 512},
@@ -1449,22 +1450,10 @@ var consts_amd64 = []ConstValue{
 	{Name: "POLLRDNORM", Value: 64},
 	{Name: "POLLWRBAND", Value: 256},
 	{Name: "POLLWRNORM", Value: 4},
-	{Name: "POSIX_FADV_DONTNEED", Value: 4},
-	{Name: "POSIX_FADV_NOREUSE", Value: 5},
-	{Name: "POSIX_FADV_NORMAL"},
-	{Name: "POSIX_FADV_RANDOM", Value: 1},
-	{Name: "POSIX_FADV_SEQUENTIAL", Value: 2},
-	{Name: "POSIX_FADV_WILLNEED", Value: 3},
-	{Name: "PRIO_PGRP", Value: 1},
-	{Name: "PRIO_PROCESS"},
-	{Name: "PRIO_USER", Value: 2},
 	{Name: "PROT_EXEC", Value: 4},
 	{Name: "PROT_NONE"},
 	{Name: "PROT_READ", Value: 1},
 	{Name: "PROT_WRITE", Value: 2},
-	{Name: "P_ALL"},
-	{Name: "P_PGID", Value: 4},
-	{Name: "P_PID", Value: 1},
 	{Name: "RLIMIT_AS", Value: 10},
 	{Name: "RLIMIT_CORE", Value: 4},
 	{Name: "RLIMIT_CPU"},
@@ -1478,13 +1467,6 @@ var consts_amd64 = []ConstValue{
 	{Name: "RLIMIT_STACK", Value: 3},
 	{Name: "RUSAGE_CHILDREN", Value: 18446744073709551615},
 	{Name: "RUSAGE_SELF"},
-	{Name: "SA_NOCLDSTOP", Value: 8},
-	{Name: "SA_NOCLDWAIT", Value: 32},
-	{Name: "SA_NODEFER", Value: 16},
-	{Name: "SA_ONSTACK", Value: 1},
-	{Name: "SA_RESETHAND", Value: 4},
-	{Name: "SA_RESTART", Value: 2},
-	{Name: "SA_SIGINFO", Value: 64},
 	{Name: "SCM_RIGHTS", Value: 1},
 	{Name: "SEEK_CUR", Value: 1},
 	{Name: "SEEK_END", Value: 2},
@@ -1499,12 +1481,6 @@ var consts_amd64 = []ConstValue{
 	{Name: "SHUT_RD"},
 	{Name: "SHUT_RDWR", Value: 2},
 	{Name: "SHUT_WR", Value: 1},
-	{Name: "SIGEV_NONE"},
-	{Name: "SIGEV_SIGNAL", Value: 1},
-	{Name: "SIGEV_THREAD", Value: 2},
-	{Name: "SIG_BLOCK", Value: 1},
-	{Name: "SIG_SETMASK", Value: 3},
-	{Name: "SIG_UNBLOCK", Value: 2},
 	{Name: "SOCK_CLOEXEC", Value: 268435456},
 	{Name: "SOCK_DGRAM", Value: 2},
 	{Name: "SOCK_NONBLOCK", Value: 536870912},
@@ -1680,4 +1656,4 @@ var consts_amd64 = []ConstValue{
 	{Name: "WUNTRACED", Value: 2},
 }
 
-const revision_amd64 = "741d8f94955b7b371dee88f03db02ab85d5a9384"
+const revision_amd64 = "f7c2c212cb60211857a9c1c50c9336f899bb9ce9"
diff --git a/sys/netbsd/mm.txt b/sys/netbsd/mm.txt
index c98caee13..432ac8287 100644
--- a/sys/netbsd/mm.txt
+++ b/sys/netbsd/mm.txt
@@ -17,3 +17,5 @@ mmap_prot = PROT_EXEC, PROT_READ, PROT_WRITE, PROT_NONE
 mmap_flags = MAP_ANON, MAP_FILE, MAP_FIXED, MAP_HASSEMAPHORE, MAP_INHERIT, MAP_TRYFIXED, MAP_WIRED, MAP_PRIVATE, MAP_SHARED
 madvise_flags = MADV_NORMAL, MADV_RANDOM, MADV_SEQUENTIAL, MADV_WILLNEED, MADV_DONTNEED, MADV_FREE
 mlockall_flags = MCL_CURRENT, MCL_FUTURE
+
+define MAP_ANONYMOUS	MAP_ANON
diff --git a/sys/netbsd/mm_amd64.const b/sys/netbsd/mm_amd64.const
index 7cffb10ce..12ee91b0b 100644
--- a/sys/netbsd/mm_amd64.const
+++ b/sys/netbsd/mm_amd64.const
@@ -6,6 +6,7 @@ MADV_RANDOM = 1
 MADV_SEQUENTIAL = 2
 MADV_WILLNEED = 3
 MAP_ANON = 4096
+MAP_ANONYMOUS = 4096
 MAP_FILE = 0
 MAP_FIXED = 16
 MAP_HASSEMAPHORE = 512
diff --git a/sys/netbsd/socket.txt b/sys/netbsd/socket.txt
index 4b3dbfa34..05bd059f4 100644
--- a/sys/netbsd/socket.txt
+++ b/sys/netbsd/socket.txt
@@ -3,6 +3,7 @@
 
 # TODO: due to autobind a socket can bind to port 0, that will result in a random port which is not reproducible
 
+include <stddef.h>
 include <sys/types.h>
 include <sys/socket.h>
 include <netinet/in.h>
diff --git a/sys/netbsd/socket_inet.txt b/sys/netbsd/socket_inet.txt
index 98b72d23c..0b12eadff 100644
--- a/sys/netbsd/socket_inet.txt
+++ b/sys/netbsd/socket_inet.txt
@@ -1,6 +1,7 @@
 # Copyright 2017 syzkaller project authors. All rights reserved.
 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
 
+include <stddef.h>
 include <sys/types.h>
 include <sys/socket.h>
 include <sys/sockio.h>
diff --git a/sys/netbsd/socket_inet6.txt b/sys/netbsd/socket_inet6.txt
index dce4f2ec5..1ede058ab 100644
--- a/sys/netbsd/socket_inet6.txt
+++ b/sys/netbsd/socket_inet6.txt
@@ -1,6 +1,7 @@
 # Copyright 2017 syzkaller project authors. All rights reserved.
 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
 
+include <stddef.h>
 include <sys/types.h>
 include <sys/param.h>
 include <sys/socket.h>
diff --git a/sys/netbsd/socket_unix.txt b/sys/netbsd/socket_unix.txt
index 4a42c5845..0e42b74a0 100644
--- a/sys/netbsd/socket_unix.txt
+++ b/sys/netbsd/socket_unix.txt
@@ -3,6 +3,7 @@
 
 # AF_UNIX support.
 
+include <stddef.h>
 include <sys/types.h>
 include <sys/socket.h>
 include <netinet/in.h>
diff --git a/sys/netbsd/sys_amd64.const b/sys/netbsd/sys_amd64.const
index 4931e5592..c88ee22b3 100644
--- a/sys/netbsd/sys_amd64.const
+++ b/sys/netbsd/sys_amd64.const
@@ -50,18 +50,6 @@ POLLRDBAND = 128
 POLLRDNORM = 64
 POLLWRBAND = 256
 POLLWRNORM = 4
-POSIX_FADV_DONTNEED = 4
-POSIX_FADV_NOREUSE = 5
-POSIX_FADV_NORMAL = 0
-POSIX_FADV_RANDOM = 1
-POSIX_FADV_SEQUENTIAL = 2
-POSIX_FADV_WILLNEED = 3
-PRIO_PGRP = 1
-PRIO_PROCESS = 0
-PRIO_USER = 2
-P_ALL = 0
-P_PGID = 4
-P_PID = 1
 RLIMIT_AS = 10
 RLIMIT_CORE = 4
 RLIMIT_CPU = 0
@@ -75,19 +63,6 @@ RLIMIT_RSS = 5
 RLIMIT_STACK = 3
 RUSAGE_CHILDREN = 18446744073709551615
 RUSAGE_SELF = 0
-SA_NOCLDSTOP = 8
-SA_NOCLDWAIT = 32
-SA_NODEFER = 16
-SA_ONSTACK = 1
-SA_RESETHAND = 4
-SA_RESTART = 2
-SA_SIGINFO = 64
-SIGEV_NONE = 0
-SIGEV_SIGNAL = 1
-SIGEV_THREAD = 2
-SIG_BLOCK = 1
-SIG_SETMASK = 3
-SIG_UNBLOCK = 2
 SYS_chdir = 12
 SYS_chmod = 15
 SYS_chown = 16
diff --git a/sys/openbsd/init.go b/sys/openbsd/init.go
index 376665f4c..4dfb1a930 100644
--- a/sys/openbsd/init.go
+++ b/sys/openbsd/init.go
@@ -10,7 +10,9 @@ import (
 
 func InitTarget(target *prog.Target) {
 	arch := &arch{
-		unix: targets.MakeUnixSanitizer(target),
+		unix:    targets.MakeUnixSanitizer(target),
+		S_IFMT:  target.GetConst("S_IFMT"),
+		S_IFCHR: target.GetConst("S_IFCHR"),
 	}
 
 	target.MakeMmap = targets.MakePosixMmap(target)
@@ -18,7 +20,9 @@ func InitTarget(target *prog.Target) {
 }
 
 type arch struct {
-	unix *targets.UnixSanitizer
+	unix    *targets.UnixSanitizer
+	S_IFMT  uint64
+	S_IFCHR uint64
 }
 
 func (arch *arch) SanitizeCall(c *prog.Call) {
@@ -31,9 +35,9 @@ func (arch *arch) SanitizeCall(c *prog.Call) {
 		fallthrough
 	case "mknod":
 		mode := c.Args[pos].(*prog.ConstArg)
-		if mode.Val&arch.unix.S_IFMT == arch.unix.S_IFMT {
-			mode.Val &^= arch.unix.S_IFMT
-			mode.Val |= arch.unix.S_IFCHR
+		if mode.Val&arch.S_IFMT == arch.S_IFMT {
+			mode.Val &^= arch.S_IFMT
+			mode.Val |= arch.S_IFCHR
 		}
 	default:
 		arch.unix.SanitizeCall(c)
diff --git a/sys/syz-extract/netbsd.go b/sys/syz-extract/netbsd.go
index 822c73dc6..d0059f836 100644
--- a/sys/syz-extract/netbsd.go
+++ b/sys/syz-extract/netbsd.go
@@ -61,6 +61,7 @@ func (*netbsd) processFile(arch *Arch, info *compiler.ConstInfo) (map[string]uin
 		"-I", filepath.Join(arch.sourceDir, "sys", "arch", "amd64"),
 		"-I", filepath.Join(arch.sourceDir, "common", "include"),
 		"-I", filepath.Join(arch.sourceDir, "sys", "compat", "linux", "common"),
+		"-I", filepath.Join(arch.sourceDir, "include"),
 		"-I", arch.buildDir,
 	}
 	for _, incdir := range info.Incdirs {
diff --git a/sys/targets/common.go b/sys/targets/common.go
index abe8b6c39..7ca86fa4e 100644
--- a/sys/targets/common.go
+++ b/sys/targets/common.go
@@ -10,8 +10,8 @@ import (
 // MakePosixMmap creates a "normal" posix mmap call that maps [addr, addr+size) range.
 func MakePosixMmap(target *prog.Target) func(addr, size uint64) *prog.Call {
 	meta := target.SyscallMap["mmap"]
-	prot := target.ConstMap["PROT_READ"] | target.ConstMap["PROT_WRITE"]
-	flags := target.ConstMap["MAP_ANONYMOUS"] | target.ConstMap["MAP_PRIVATE"] | target.ConstMap["MAP_FIXED"]
+	prot := target.GetConst("PROT_READ") | target.GetConst("PROT_WRITE")
+	flags := target.GetConst("MAP_ANONYMOUS") | target.GetConst("MAP_PRIVATE") | target.GetConst("MAP_FIXED")
 	const invalidFD = ^uint64(0)
 	return func(addr, size uint64) *prog.Call {
 		return &prog.Call{
@@ -44,28 +44,22 @@ func MakeSyzMmap(target *prog.Target) func(addr, size uint64) *prog.Call {
 }
 
 type UnixSanitizer struct {
-	MAP_FIXED      uint64
-	MREMAP_MAYMOVE uint64
-	MREMAP_FIXED   uint64
-	S_IFREG        uint64
-	S_IFCHR        uint64
-	S_IFBLK        uint64
-	S_IFIFO        uint64
-	S_IFSOCK       uint64
-	S_IFMT         uint64
+	MAP_FIXED uint64
+	S_IFREG   uint64
+	S_IFCHR   uint64
+	S_IFBLK   uint64
+	S_IFIFO   uint64
+	S_IFSOCK  uint64
 }
 
 func MakeUnixSanitizer(target *prog.Target) *UnixSanitizer {
 	return &UnixSanitizer{
-		MAP_FIXED:      target.ConstMap["MAP_FIXED"],
-		MREMAP_MAYMOVE: target.ConstMap["MREMAP_MAYMOVE"],
-		MREMAP_FIXED:   target.ConstMap["MREMAP_FIXED"],
-		S_IFREG:        target.ConstMap["S_IFREG"],
-		S_IFCHR:        target.ConstMap["S_IFCHR"],
-		S_IFBLK:        target.ConstMap["S_IFBLK"],
-		S_IFIFO:        target.ConstMap["S_IFIFO"],
-		S_IFSOCK:       target.ConstMap["S_IFSOCK"],
-		S_IFMT:         target.ConstMap["S_IFMT"],
+		MAP_FIXED: target.GetConst("MAP_FIXED"),
+		S_IFREG:   target.GetConst("S_IFREG"),
+		S_IFCHR:   target.GetConst("S_IFCHR"),
+		S_IFBLK:   target.GetConst("S_IFBLK"),
+		S_IFIFO:   target.GetConst("S_IFIFO"),
+		S_IFSOCK:  target.GetConst("S_IFSOCK"),
 	}
 }
 
@@ -74,12 +68,6 @@ func (arch *UnixSanitizer) SanitizeCall(c *prog.Call) {
 	case "mmap":
 		// Add MAP_FIXED flag, otherwise it produces non-deterministic results.
 		c.Args[3].(*prog.ConstArg).Val |= arch.MAP_FIXED
-	case "mremap":
-		// Add MREMAP_FIXED flag, otherwise it produces non-deterministic results.
-		flags := c.Args[3].(*prog.ConstArg)
-		if flags.Val&arch.MREMAP_MAYMOVE != 0 {
-			flags.Val |= arch.MREMAP_FIXED
-		}
 	case "mknod", "mknodat":
 		pos := 1
 		if c.Meta.CallName == "mknodat" {
diff --git a/sys/windows/init.go b/sys/windows/init.go
index 2c165cea7..5c1a1e9a9 100644
--- a/sys/windows/init.go
+++ b/sys/windows/init.go
@@ -10,9 +10,9 @@ import (
 func InitTarget(target *prog.Target) {
 	arch := &arch{
 		virtualAllocSyscall:    target.SyscallMap["VirtualAlloc"],
-		MEM_COMMIT:             target.ConstMap["MEM_COMMIT"],
-		MEM_RESERVE:            target.ConstMap["MEM_RESERVE"],
-		PAGE_EXECUTE_READWRITE: target.ConstMap["PAGE_EXECUTE_READWRITE"],
+		MEM_COMMIT:             target.GetConst("MEM_COMMIT"),
+		MEM_RESERVE:            target.GetConst("MEM_RESERVE"),
+		PAGE_EXECUTE_READWRITE: target.GetConst("PAGE_EXECUTE_READWRITE"),
 	}
 
 	target.MakeMmap = arch.makeMmap