Wasmtime GitHub notifications bot (Feb 27 2025 at 15:51): Wasmtime GitHub notifications bot (Feb 27 2025 at 15:51):alexcrichton added the fuzz-bug label to Issue #10301.
Wasmtime GitHub notifications bot (Feb 27 2025 at 15:51):alexcrichton added the wasm-proposal:simd label to Issue #10301.
Wasmtime GitHub notifications bot (Feb 27 2025 at 15:51):alexcrichton added the winch label to Issue #10301.
Wasmtime GitHub notifications bot (Feb 27 2025 at 15:51):alexcrichton opened issue #10301:
OSS-Fuzz is coming in with a few crashes from enabling fuzzing yesterday. cc @jeffcharles @saulecabrera
(module (func (export "") (result v128 v128) v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 ) )$ cargo run run -Ccompiler=winch testcase0.wat Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.10s Running `target/x86_64-unknown-linux-gnu/debug/wasmtime run -Ccompiler=winch testcase0.wat` zsh: segmentation fault (core dumped) cargo run run -Ccompiler=winch testcase0.wat(this one is shrunk via
wasm-tools shrink)(module (type (;0;) (func (result v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128))) (export "" (func 0)) (func (;0;) (type 0) (result v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128 v128) v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000 ) )$ cargo run run -Ccompiler=winch testcase0.wat Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.11s Running `target/x86_64-unknown-linux-gnu/debug/wasmtime run -Ccompiler=winch testcase0.wat` zsh: segmentation fault (core dumped) cargo run run -Ccompiler=winch testcase0.wat(this one didn't shrink much)
<details>
<summary>non-shrunken test case</summary>
(module (type (;0;) (func (result v128 i32 i32 v128))) (memory (;0;) 1) (global (;0;) (mut i64) i64.const 0) (global (;1;) (mut i32) i32.const 0) (global (;2;) (mut i32) i32.const 0) (export "" (func 0)) (func (;0;) (type 0) (result v128 i32 i32 v128) (local i32 f32 f64 i32 i64 f64 i32 i64) loop ;; label = @1 block ;; label = @2 f32.const 0x1.e12a36p+24 (;=31533622;) f32.const -0x1.fffffep+96 (;=-158456320000000000000000000000;) local.tee 1 local.get 1 f32.ne local.get 1 f32.const inf (;=inf;) f32.eq local.get 1 f32.const -inf (;=-inf;) f32.eq i32.or i32.or if ;; label = @3 f32.const 0x0p+0 (;=0;) local.set 1 end local.get 1 f32.const 0x0p+0 (;=0;) f32.lt if ;; label = @3 f32.const 0x0p+0 (;=0;) local.set 1 end local.get 1 f32.const 0x1.fffffep+30 (;=2147483500;) f32.gt if ;; label = @3 f32.const 0x1.fffffep+30 (;=2147483500;) local.set 1 end local.get 1 i32.trunc_f32_u i32.const -67108864 i32.shr_u i32.const -67108864 i32.clz i32.le_u memory.grow loop ;; label = @3 block ;; label = @4 f64.const -0x1.bebebebeae9e8p+703 (;=-73435622781783640000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000;) f64.sqrt local.tee 2 local.get 2 f64.ne i32.const -1685235965 i32.or if ;; label = @5 f64.const 0x0p+0 (;=0;) local.set 2 end local.get 2 f64.const -0x1p+31 (;=-2147483648;) f64.lt if ;; label = @5 nop end local.get 2 f64.const 0x1.fffffffcp+30 (;=2147483647;) f64.gt if ;; label = @5 f64.const 0x1.fffffffcp+30 (;=2147483647;) local.set 2 end local.get 2 i32.trunc_f64_s local.set 3 block ;; label = @5 block ;; label = @6 memory.size i32.const 0 i32.mul local.get 3 i32.le_u br_if 0 (;@6;) local.get 3 i32.const 0 i32.le_s br_if 0 (;@6;) local.get 3 i64.load8_u offset=16896 local.set 4 br 1 (;@5;) end nop end local.get 4 f64.convert_i64_s local.get 5 f64.ne local.get 5 f64.const inf (;=inf;) f64.eq i32.const 659065550 i32.or i32.or if ;; label = @5 f64.const 0x0p+0 (;=0;) local.set 5 end local.get 5 f64.const -0x1p+31 (;=-2147483648;) f64.lt if ;; label = @5 f64.const -0x1p+31 (;=-2147483648;) local.set 5 end local.get 5 f64.const 0x1.fffffffcp+30 (;=2147483647;) f64.gt if ;; label = @5 f64.const 0x1.fffffffcp+30 (;=2147483647;) local.set 5 end local.get 5 i32.trunc_f64_s local.set 6 block ;; label = @5 block ;; label = @6 memory.size i32.const 65536 i32.mul i32.const 16904 local.get 6 i32.add i32.le_u br_if 0 (;@6;) local.get 6 i32.const 0 i32.le_s br_if 0 (;@6;) local.get 6 i64.load8_u offset=16896 local.set 7 br 1 (;@5;) end nop end local.get 7 global.set 0 end end global.get 1 i32.xor global.set 1 i32.reinterpret_f32 global.get 2 i32.xor global.set 2 end end v128.const i32x4 0x42424242 0x42424242 0xe6e6fffe 0xe6e6e6e6 i32.const -421071898 i32.const -421075226 v128.const i32x4 0xfff80000 0xffffffff 0xf0000000 0xffffffff ) )</details>
$ cargo run run -Ccompiler=winch testcase0.shrunken.wat Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.10s Running `target/x86_64-unknown-linux-gnu/debug/wasmtime run -Ccompiler=winch testcase0.shrunken.wat` zsh: bus error (core dumped) cargo run run -Ccompiler=winch testcase0.shrunken.wat
Wasmtime GitHub notifications bot (Feb 27 2025 at 15:52):alexcrichton commented on issue #10301:
oss-fuzz links are
Last updated: Feb 28 2025 at 02:27 UTC