7 files changed, 47 insertions, 22 deletions

diff --git a/executor/common.h b/executor/common.h
index 5dbb7f7b9..15b279956 100644
--- a/executor/common.h
+++ b/executor/common.h
@@ -364,6 +364,15 @@ static uint16 csum_inet_digest(struct csum_inet* csum)
 }
 #endif
 
+#if SYZ_EXECUTOR || __NR_syz_execute_func
+// syz_execute_func(text ptr[in, text[taget]])
+static long syz_execute_func(long text)
+{
+	((void (*)(void))(text))();
+	return 0;
+}
+#endif
+
 #if GOOS_akaros
 #include "common_akaros.h"
 #elif GOOS_freebsd || GOOS_netbsd || GOOS_openbsd
diff --git a/executor/common_linux.h b/executor/common_linux.h
index b59633273..40b06f9fe 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -36,13 +36,13 @@ static void event_set(event_t* ev)
 	if (ev->state)
 		fail("event already set");
 	__atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE);
-	syscall(SYS_futex, &ev->state, FUTEX_WAKE);
+	syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG);
 }
 
 static void event_wait(event_t* ev)
 {
 	while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE))
-		syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, 0);
+		syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0);
 }
 
 static int event_isset(event_t* ev)
@@ -59,7 +59,7 @@ static int event_timedwait(event_t* ev, uint64 timeout)
 		struct timespec ts;
 		ts.tv_sec = remain / 1000;
 		ts.tv_nsec = (remain % 1000) * 1000 * 1000;
-		syscall(SYS_futex, &ev->state, FUTEX_WAIT, 0, &ts);
+		syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts);
 		if (__atomic_load_n(&ev->state, __ATOMIC_RELAXED))
 			return 1;
 		now = current_time_ms();
diff --git a/executor/defs.h b/executor/defs.h
index 07558cdcf..3a6edd3af 100644
--- a/executor/defs.h
+++ b/executor/defs.h
@@ -5,7 +5,7 @@
 
 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "44785e2dac3e0f922841ab905a8c4e7838585083"
+#define SYZ_REVISION "f9824f5b26bc0ee36bc1e6debd6e8a8d6eee33ab"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 0
 #define SYZ_PAGE_SIZE 4096
@@ -20,7 +20,7 @@
 
 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "89eac40a68a14ffc0af9fc9b181147236b82d00b"
+#define SYZ_REVISION "06d50288c46275b56218cab0097fcb71a7f0f80e"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@@ -35,7 +35,7 @@
 
 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "2a5cb64c987696cb8bdf1d6d9561c04993cf3299"
+#define SYZ_REVISION "ee62749ce0e69fd29de1864a220e909a18613438"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 0
 #define SYZ_EXECUTOR_USES_SHMEM 0
 #define SYZ_PAGE_SIZE 4096
@@ -45,7 +45,7 @@
 
 #if GOARCH_arm64
 #define GOARCH "arm64"
-#define SYZ_REVISION "974ef513ae535d2b92308edd342169a59b596cd4"
+#define SYZ_REVISION "80d5b2ce01d8c9deca31efaa1a61da313eaa44e6"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 0
 #define SYZ_EXECUTOR_USES_SHMEM 0
 #define SYZ_PAGE_SIZE 4096
@@ -60,7 +60,7 @@
 
 #if GOARCH_386
 #define GOARCH "386"
-#define SYZ_REVISION "73c32691841967fea34cade58340298a0a6e34a3"
+#define SYZ_REVISION "cf409e12bbb8bef7899f39295b0b6d69d318af8d"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@@ -70,7 +70,7 @@
 
 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "26712f7e003ed8690f47cf5edb70bd3eb94766c1"
+#define SYZ_REVISION "3efd822501eed7b0536ca7f8ba2b7720b9f6bab3"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@@ -80,7 +80,7 @@
 
 #if GOARCH_arm
 #define GOARCH "arm"
-#define SYZ_REVISION "f155a0335de7dec3226189d25e230ba9889ff0ef"
+#define SYZ_REVISION "d64ccba4ff5f75614cce9e04b971a39e735578b2"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@@ -90,7 +90,7 @@
 
 #if GOARCH_arm64
 #define GOARCH "arm64"
-#define SYZ_REVISION "1fd22f27ba905dec42b576344dd6c58c011de140"
+#define SYZ_REVISION "33b760e03637540176d75bef5357cc5b147afabe"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@@ -100,7 +100,7 @@
 
 #if GOARCH_ppc64le
 #define GOARCH "ppc64le"
-#define SYZ_REVISION "cfee5c1892c53b104910906c54ef416def23581b"
+#define SYZ_REVISION "17f888e873bc99a49d971c80b87ddad7d8291e82"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@@ -115,7 +115,7 @@
 
 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "c05720ceb16e651f6ae9addd1f5be83497d861e3"
+#define SYZ_REVISION "741d8f94955b7b371dee88f03db02ab85d5a9384"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@@ -130,7 +130,7 @@
 
 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "f1bde02bbb60bf849ed61dda9a552900891199ef"
+#define SYZ_REVISION "b7a0cb1d6df43d07bd4ab11d2c4b1a2e1c046ac1"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@@ -145,7 +145,7 @@
 
 #if GOARCH_32_fork_shmem
 #define GOARCH "32_fork_shmem"
-#define SYZ_REVISION "d09983a8bb4f2ccd0e303191862d170b5b636bd8"
+#define SYZ_REVISION "4225c1e93671306efa6a41958a6d553aed7e8cf7"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 4096
@@ -155,7 +155,7 @@
 
 #if GOARCH_32_shmem
 #define GOARCH "32_shmem"
-#define SYZ_REVISION "8d0f255b4d310c70d0e7d65ac8e5c6c3032a9e14"
+#define SYZ_REVISION "ae161a1d8e44b101412b6f8d8fdde3a6ce553e55"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 0
 #define SYZ_EXECUTOR_USES_SHMEM 1
 #define SYZ_PAGE_SIZE 8192
@@ -165,7 +165,7 @@
 
 #if GOARCH_64
 #define GOARCH "64"
-#define SYZ_REVISION "3a71e90e1d9f2ae8b0cbfa9e76a429a74ca2ce90"
+#define SYZ_REVISION "6ffded136a7c445ee912402759cc9f71c3add37a"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 0
 #define SYZ_EXECUTOR_USES_SHMEM 0
 #define SYZ_PAGE_SIZE 4096
@@ -175,7 +175,7 @@
 
 #if GOARCH_64_fork
 #define GOARCH "64_fork"
-#define SYZ_REVISION "39c2288dd1c825ce7a587f946cfc91e0e453cf5e"
+#define SYZ_REVISION "ef850b63cd75f943301e586db069812cc63ac259"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 1
 #define SYZ_EXECUTOR_USES_SHMEM 0
 #define SYZ_PAGE_SIZE 8192
@@ -190,7 +190,7 @@
 
 #if GOARCH_amd64
 #define GOARCH "amd64"
-#define SYZ_REVISION "f2b48fb82a68b0cb24b2ab9638add66deb9542dd"
+#define SYZ_REVISION "7f58e6832b5d8674b8a77505e6eb0fa213781c23"
 #define SYZ_EXECUTOR_USES_FORK_SERVER 0
 #define SYZ_EXECUTOR_USES_SHMEM 0
 #define SYZ_PAGE_SIZE 4096
diff --git a/executor/executor_akaros.h b/executor/executor_akaros.h
index 566781c2e..e60e7cfc6 100644
--- a/executor/executor_akaros.h
+++ b/executor/executor_akaros.h
@@ -13,7 +13,7 @@ static void os_init(int argc, char** argv, void* data, size_t data_size)
 {
 	program_name = argv[0];
 	if (argc == 2 && strcmp(argv[1], "child") == 0) {
-		if (mmap(data, data_size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data)
+		if (mmap(data, data_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data)
 			fail("mmap of data segment failed");
 		child();
 	}
diff --git a/executor/executor_bsd.h b/executor/executor_bsd.h
index 565a0bb3d..5bb192d8c 100644
--- a/executor/executor_bsd.h
+++ b/executor/executor_bsd.h
@@ -17,7 +17,7 @@
 
 static void os_init(int argc, char** argv, void* data, size_t data_size)
 {
-	if (mmap(data, data_size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data)
+	if (mmap(data, data_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data)
 		fail("mmap of data segment failed");
 
 	// Some minimal sandboxing.
diff --git a/executor/executor_linux.h b/executor/executor_linux.h
index 2eab98560..c7af48144 100644
--- a/executor/executor_linux.h
+++ b/executor/executor_linux.h
@@ -25,7 +25,7 @@ static void os_init(int argc, char** argv, void* data, size_t data_size)
 {
 	prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
 	is_kernel_64_bit = detect_kernel_bitness();
-	if (mmap(data, data_size, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data)
+	if (mmap(data, data_size, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) != data)
 		fail("mmap of data segment failed");
 }
 
diff --git a/executor/syscalls.h b/executor/syscalls.h
index b86f53c87..44d46ea59 100644
--- a/executor/syscalls.h
+++ b/executor/syscalls.h
@@ -201,6 +201,7 @@ const call_t syscalls[] = {
     {"send_event", 39},
     {"stat", 105},
     {"symlink", 114},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"tap_fds", 126},
     {"tcgetattr", 141},
     {"umask", 109},
@@ -471,6 +472,7 @@ const call_t syscalls[] = {
     {"symlink", 57},
     {"symlinkat", 502},
     {"sync", 36},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"truncate", 479},
     {"unlink", 10},
     {"unlinkat", 503},
@@ -542,6 +544,7 @@ const call_t syscalls[] = {
     {"symlink", 0, (syscall_t)symlink},
     {"symlinkat", 0, (syscall_t)symlinkat},
     {"sync", 0, (syscall_t)sync},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"syz_future_time", 0, (syscall_t)syz_future_time},
     {"syz_job_default", 0, (syscall_t)syz_job_default},
     {"syz_mmap", 0, (syscall_t)syz_mmap},
@@ -789,6 +792,7 @@ const call_t syscalls[] = {
     {"symlink", 0, (syscall_t)symlink},
     {"symlinkat", 0, (syscall_t)symlinkat},
     {"sync", 0, (syscall_t)sync},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"syz_future_time", 0, (syscall_t)syz_future_time},
     {"syz_job_default", 0, (syscall_t)syz_job_default},
     {"syz_mmap", 0, (syscall_t)syz_mmap},
@@ -2932,6 +2936,7 @@ const call_t syscalls[] = {
     {"sysinfo", 116},
     {"syslog", 103},
     {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res},
     {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res},
     {"syz_genetlink_get_family_id$fou", 0, (syscall_t)syz_genetlink_get_family_id},
@@ -5152,6 +5157,7 @@ const call_t syscalls[] = {
     {"sysinfo", 99},
     {"syslog", 103},
     {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res},
     {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res},
     {"syz_genetlink_get_family_id$fou", 0, (syscall_t)syz_genetlink_get_family_id},
@@ -7330,6 +7336,7 @@ const call_t syscalls[] = {
     {"sysinfo", 116},
     {"syslog", 103},
     {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res},
     {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res},
     {"syz_genetlink_get_family_id$fou", 0, (syscall_t)syz_genetlink_get_family_id},
@@ -9483,6 +9490,7 @@ const call_t syscalls[] = {
     {"sysinfo", 179},
     {"syslog", 116},
     {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res},
     {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res},
     {"syz_genetlink_get_family_id$fou", 0, (syscall_t)syz_genetlink_get_family_id},
@@ -11513,6 +11521,7 @@ const call_t syscalls[] = {
     {"sysinfo", 116},
     {"syslog", 103},
     {"syz_emit_ethernet", 0, (syscall_t)syz_emit_ethernet},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"syz_extract_tcp_res", 0, (syscall_t)syz_extract_tcp_res},
     {"syz_extract_tcp_res$synack", 0, (syscall_t)syz_extract_tcp_res},
     {"syz_genetlink_get_family_id$fou", 0, (syscall_t)syz_genetlink_get_family_id},
@@ -11920,6 +11929,7 @@ const call_t syscalls[] = {
     {"symlink", 57},
     {"symlinkat", 470},
     {"sync", 36},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"truncate", 200},
     {"unlink", 10},
     {"unlinkat", 471},
@@ -12152,6 +12162,7 @@ const call_t syscalls[] = {
     {"symlink", 57},
     {"symlinkat", 324},
     {"sync", 36},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"syz_open_pts", 0, (syscall_t)syz_open_pts},
     {"truncate", 200},
     {"unlink", 10},
@@ -12174,6 +12185,7 @@ const call_t syscalls[] = {
 const call_t syscalls[] = {
     {"syz_compare", 0, (syscall_t)syz_compare},
     {"syz_errno", 0, (syscall_t)syz_errno},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"syz_mmap", 0, (syscall_t)syz_mmap},
 
 };
@@ -12183,6 +12195,7 @@ const call_t syscalls[] = {
 const call_t syscalls[] = {
     {"syz_compare", 0, (syscall_t)syz_compare},
     {"syz_errno", 0, (syscall_t)syz_errno},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"syz_mmap", 0, (syscall_t)syz_mmap},
 
 };
@@ -12214,6 +12227,7 @@ const call_t syscalls[] = {
     {"serialize1", 0},
     {"syz_compare", 0, (syscall_t)syz_compare},
     {"syz_errno", 0, (syscall_t)syz_errno},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"syz_mmap", 0, (syscall_t)syz_mmap},
     {"test", 0},
     {"test$align0", 0},
@@ -12310,6 +12324,7 @@ const call_t syscalls[] = {
 const call_t syscalls[] = {
     {"syz_compare", 0, (syscall_t)syz_compare},
     {"syz_errno", 0, (syscall_t)syz_errno},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"syz_mmap", 0, (syscall_t)syz_mmap},
 
 };
@@ -15215,6 +15230,7 @@ const call_t syscalls[] = {
     {"setsockopt", 0, (syscall_t)setsockopt},
     {"sndPlaySoundA", 0, (syscall_t)sndPlaySoundA},
     {"socket", 0, (syscall_t)socket},
+    {"syz_execute_func", 0, (syscall_t)syz_execute_func},
     {"timeBeginPeriod", 0, (syscall_t)timeBeginPeriod},
     {"timeEndPeriod", 0, (syscall_t)timeEndPeriod},
     {"timeGetDevCaps", 0, (syscall_t)timeGetDevCaps},