Wasmtime GitHub notifications bot (Mar 27 2025 at 10:11): Wasmtime GitHub notifications bot (Mar 27 2025 at 10:11):Robbepop added the bug label to Issue #10479.
Wasmtime GitHub notifications bot (Mar 27 2025 at 10:11):Robbepop added the cranelift label to Issue #10479.
Wasmtime GitHub notifications bot (Mar 27 2025 at 10:11):Robbepop opened issue #10479:
While differentially fuzzing Wasmi and Wasmtime I encountered this Cranelift panic:
NOTE: libFuzzer has rudimentary signal handlers. Combine libFuzzer with AddressSanitizer or similar for better crash reports. SUMMARY: libFuzzer: deadly signal MS: 2 EraseBytes-EraseBytes- DE: "asmtime.info"-; base unit: 0000000000000000000000000000000000000000 artifact_prefix='/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/'; Test unit written to /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4 ********************************* CRASH_MIN: minimizing crash input: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4' (466 bytes) CRASH_MIN: executing: target/aarch64-apple-darwin/release/differential -artifact_prefix=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/ -runs=255 /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4 2>&1 CRASH_MIN: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4' (466 bytes) caused a crash. Will try to minimize it further CRASH_MIN: executing: target/aarch64-apple-darwin/release/differential -artifact_prefix=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/ -runs=255 /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4 -minimize_crash_internal_step=1 -exact_artifact_path=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325 2>&1 INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 3290884671 INFO: Loaded 1 modules (1917030 inline 8-bit counters): 1917030 [0x10c22c620, 0x10c400686), INFO: Loaded 1 PC tables (1917030 PCs): 1917030 [0x10c400688,0x10e140ce8), INFO: Starting MinimizeCrashInputInternalStep: 466 INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 466 bytes thread '<unnamed>' panicked at /Users/me/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/cranelift-codegen-0.118.0/src/isa/aarch64/lower/isle.rs:76:5: attempt to shift left with overflow note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ==7505== ERROR: libFuzzer: deadly signal #0 0x000111449cc0 in __sanitizer_print_stack_trace+0x28 (librustc-nightly_rt.asan.dylib:arm64+0x5dcc0) #1 0x00010ac19c6c in fuzzer::PrintStackTrace()+0x30 (differential:arm64+0x106041c6c) #2 0x00010ac0ced0 in fuzzer::Fuzzer::CrashCallback()+0x54 (differential:arm64+0x106034ed0) #3 0x00019959ede0 in _sigtramp+0x34 (libsystem_platform.dylib:arm64+0x3de0) #4 0x000199567f6c in pthread_kill+0x11c (libsystem_pthread.dylib:arm64+0x6f6c) #5 0x000199474904 in abort+0x7c (libsystem_c.dylib:arm64+0x79904) #6 0x00010ae2aff4 in std::sys::pal::unix::abort_internal::h3a58f5c5277e2a33+0x8 (differential:arm64+0x106252ff4) #7 0x00010ae2a0e8 in std::process::abort::hd17a0e4c17c95c53+0x8 (differential:arm64+0x1062520e8) #8 0x00010ae28248 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::haf75e4bfd0726774+0xb8 (differential:arm64+0x106250248) #9 0x00010aca6f10 in std::panicking::rust_panic_with_hook::h5c8e54d4834ba2ab+0x258 (differential:arm64+0x1060cef10) #10 0x00010aca6ad8 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h572ee2d46423c444+0x64 (differential:arm64+0x1060cead8) #11 0x00010aca463c in std::sys::backtrace::__rust_end_short_backtrace::h22ba52595261f65a+0x8 (differential:arm64+0x1060cc63c) #12 0x00010aca67a8 in _RNvCsexUFXDsTyjl_7___rustc17rust_begin_unwind+0x1c (differential:arm64+0x1060ce7a8) #13 0x00010ae2c0ec in core::panicking::panic_fmt::h40a35e81076930e8+0x1c (differential:arm64+0x1062540ec) #14 0x00010ae2ca90 in core::panicking::panic_const::panic_const_shl_overflow::hc0bf5177532c5135+0x30 (differential:arm64+0x106254a90) #15 0x0001075c44e4 in cranelift_codegen::isa::aarch64::lower::isle::generated_code::constructor_amode_no_more_iconst::h5cb6604fa9f3f57f+0x245c (differential:arm64+0x1029ec4e4) #16 0x0001075bf37c in cranelift_codegen::isa::aarch64::lower::isle::generated_code::constructor_amode::h54b0698bb9889b3b+0x470 (differential:arm64+0x1029e737c) #17 0x0001075eca94 in cranelift_codegen::isa::aarch64::lower::isle::generated_code::constructor_lower::hc04acc7b0efa0e52+0xbb78 (differential:arm64+0x102a14a94) #18 0x0001070689d8 in cranelift_codegen::machinst::lower::Lower$LT$I$GT$::lower_clif_block::h1c3c8ae4219a90b2+0x1844 (differential:arm64+0x1024909d8) #19 0x00010708ef90 in cranelift_codegen::machinst::lower::Lower$LT$I$GT$::lower::hee14631b664556c5+0x1730 (differential:arm64+0x1024b6f90) #20 0x000107111c18 in cranelift_codegen::machinst::compile::compile::h5d77ec5ff2a3f978+0x8d0 (differential:arm64+0x102539c18) #21 0x00010737d088 in cranelift_codegen::isa::aarch64::AArch64Backend::compile_vcode::h036392921792ad88+0x368 (differential:arm64+0x1027a5088) #22 0x00010737d928 in _$LT$cranelift_codegen..isa..aarch64..AArch64Backend$u20$as$u20$cranelift_codegen..isa..TargetIsa$GT$::compile_function::hcb31f50ca7c8e58d+0x224 (differential:arm64+0x1027a5928) #23 0x00010748de1c in cranelift_codegen::context::Context::compile_stencil::h6cdb966f98fc48b1+0x508 (differential:arm64+0x1028b5e1c) #24 0x00010748f80c in cranelift_codegen::context::Context::compile::ha270ad8ed2236830+0x1ac (differential:arm64+0x1028b780c) #25 0x00010640e8e0 in wasmtime_cranelift::compiler::FunctionCompiler::finish_with_info::h7f3812d7ae02e919+0x358 (differential:arm64+0x1018368e0) #26 0x0001063fbd20 in _$LT$wasmtime_cranelift..compiler..Compiler$u20$as$u20$wasmtime_environ..compile..Compiler$GT$::compile_function::hacb979ee7f120409+0x1290 (differential:arm64+0x101823d20) #27 0x000105e4f488 in wasmtime::compile::CompileInputs::collect_inputs_in_translations::_$u7b$$u7b$closure$u7d$$u7d$::h3e041c0c5b0da3ac+0x338 (differential:arm64+0x101277488) #28 0x000105ad50d0 in alloc::vec::Vec$LT$T$C$A$GT$::extend_desugared::h6f6bf23f80b42a1c+0x314 (differential:arm64+0x100efd0d0) #29 0x0001057a945c in _$LT$alloc..vec..Vec$LT$T$GT$$u20$as$u20$alloc..vec..spec_from_iter_nested..SpecFromIterNested$LT$T$C$I$GT$$GT$::from_iter::h0fc751aab0a16a74+0x5e0 (differential:arm64+0x100bd145c) #30 0x0001059de0f4 in core::iter::adapters::try_process::h5c9bb7d6d0610cc6+0x1a0 (differential:arm64+0x100e060f4) #31 0x000105e51a94 in wasmtime::compile::CompileInputs::compile::h5981ac84720f3726+0x264 (differential:arm64+0x101279a94) #32 0x000105e4a6f4 in wasmtime::compile::build_artifacts::hf8e5ceda73da360e+0x714 (differential:arm64+0x1012726f4) #33 0x000105e45ac0 in wasmtime::compile::runtime::_$LT$impl$u20$wasmtime..compile..code_builder..CodeBuilder$GT$::compile_cached::h578e279adc41f2b7+0x404 (differential:arm64+0x10126dac0) #34 0x000105e468d0 in wasmtime::compile::runtime::_$LT$impl$u20$wasmtime..compile..code_builder..CodeBuilder$GT$::compile_module::hbe0e9aa8ea7cad5b+0x26c (differential:arm64+0x10126e8d0) #35 0x000104f186b0 in _$LT$wasmi_fuzz..oracle..wasmtime..WasmtimeOracle$u20$as$u20$wasmi_fuzz..oracle..DifferentialOracleMeta$GT$::setup::h2303ebd0f8be8e1d+0x314 (differential:arm64+0x1003406b0) #36 0x000104f1cc30 in wasmi_fuzz::oracle::ChosenOracle::setup::h7f5022588851a5a1+0x1cc (differential:arm64+0x100344c30) #37 0x000104c0bb8c in differential::FuzzState::setup::h408b52229af257db differential.rs:78 #38 0x000104c117a8 in differential::_::__libfuzzer_sys_run::he9d1ec5f3c48db42 differential.rs:59 #39 0x000104c10fc0 in rust_fuzzer_test_input lib.rs:359 #40 0x00010ac0889c in std::panicking::try::do_call::ha19fc646eab30df2+0xc4 (differential:arm64+0x10603089c) #41 0x00010ac0c130 in __rust_try+0x18 (differential:arm64+0x106034130) #42 0x00010ac0b490 in LLVMFuzzerTestOneInput+0x16c (differential:arm64+0x106033490) #43 0x00010ac0e7c8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)+0x150 (differential:arm64+0x1060367c8) #44 0x00010ac108d4 in fuzzer::Fuzzer::MinimizeCrashLoop(std::__1::vector<unsigned char, std::__1::allocator<unsigned char>> const&)+0x128 (differential:arm64+0x1060388d4) #45 0x00010ac2dacc in fuzzer::MinimizeCrashInputInternalStep(fuzzer::Fuzzer*, fuzzer::InputCorpus*)+0xd8 (differential:arm64+0x106055acc) #46 0x00010ac30d70 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))+0x1adc (differential:arm64+0x106058d70) #47 0x00010ac3e87c in main+0x24 (differential:arm64+0x10606687c) #48 0x0001991e8270 (<unknown module>) NOTE: libFuzzer has rudimentary signal handlers. Combine libFuzzer with AddressSanitizer or similar for better crash reports. SUMMARY: libFuzzer: deadly signal MS: 1 EraseBytes-; base unit: 0000000000000000000000000000000000000000 artifact_prefix='/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/'; Test unit written to /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325 ********************************* CRASH_MIN: minimizing crash input: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325' (450 bytes) CRASH_MIN: executing: target/aarch64-apple-darwin/release/differential -artifact_prefix=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/ -runs=255 /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325 2>&1 CRASH_MIN: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325' (450 bytes) caused a crash. Will try to mi [message truncated]
Wasmtime GitHub notifications bot (Mar 27 2025 at 10:11):Robbepop edited issue #10479:
- Version: Wasmtime v31.0.0
- Platform:
aarch64- OS: MacOS
While differentially fuzzing Wasmi and Wasmtime I encountered this Cranelift panic:
NOTE: libFuzzer has rudimentary signal handlers. Combine libFuzzer with AddressSanitizer or similar for better crash reports. SUMMARY: libFuzzer: deadly signal MS: 2 EraseBytes-EraseBytes- DE: "asmtime.info"-; base unit: 0000000000000000000000000000000000000000 artifact_prefix='/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/'; Test unit written to /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4 ********************************* CRASH_MIN: minimizing crash input: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4' (466 bytes) CRASH_MIN: executing: target/aarch64-apple-darwin/release/differential -artifact_prefix=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/ -runs=255 /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4 2>&1 CRASH_MIN: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4' (466 bytes) caused a crash. Will try to minimize it further CRASH_MIN: executing: target/aarch64-apple-darwin/release/differential -artifact_prefix=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/ -runs=255 /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4 -minimize_crash_internal_step=1 -exact_artifact_path=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325 2>&1 INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 3290884671 INFO: Loaded 1 modules (1917030 inline 8-bit counters): 1917030 [0x10c22c620, 0x10c400686), INFO: Loaded 1 PC tables (1917030 PCs): 1917030 [0x10c400688,0x10e140ce8), INFO: Starting MinimizeCrashInputInternalStep: 466 INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 466 bytes thread '<unnamed>' panicked at /Users/me/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/cranelift-codegen-0.118.0/src/isa/aarch64/lower/isle.rs:76:5: attempt to shift left with overflow note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ==7505== ERROR: libFuzzer: deadly signal #0 0x000111449cc0 in __sanitizer_print_stack_trace+0x28 (librustc-nightly_rt.asan.dylib:arm64+0x5dcc0) #1 0x00010ac19c6c in fuzzer::PrintStackTrace()+0x30 (differential:arm64+0x106041c6c) #2 0x00010ac0ced0 in fuzzer::Fuzzer::CrashCallback()+0x54 (differential:arm64+0x106034ed0) #3 0x00019959ede0 in _sigtramp+0x34 (libsystem_platform.dylib:arm64+0x3de0) #4 0x000199567f6c in pthread_kill+0x11c (libsystem_pthread.dylib:arm64+0x6f6c) #5 0x000199474904 in abort+0x7c (libsystem_c.dylib:arm64+0x79904) #6 0x00010ae2aff4 in std::sys::pal::unix::abort_internal::h3a58f5c5277e2a33+0x8 (differential:arm64+0x106252ff4) #7 0x00010ae2a0e8 in std::process::abort::hd17a0e4c17c95c53+0x8 (differential:arm64+0x1062520e8) #8 0x00010ae28248 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::haf75e4bfd0726774+0xb8 (differential:arm64+0x106250248) #9 0x00010aca6f10 in std::panicking::rust_panic_with_hook::h5c8e54d4834ba2ab+0x258 (differential:arm64+0x1060cef10) #10 0x00010aca6ad8 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h572ee2d46423c444+0x64 (differential:arm64+0x1060cead8) #11 0x00010aca463c in std::sys::backtrace::__rust_end_short_backtrace::h22ba52595261f65a+0x8 (differential:arm64+0x1060cc63c) #12 0x00010aca67a8 in _RNvCsexUFXDsTyjl_7___rustc17rust_begin_unwind+0x1c (differential:arm64+0x1060ce7a8) #13 0x00010ae2c0ec in core::panicking::panic_fmt::h40a35e81076930e8+0x1c (differential:arm64+0x1062540ec) #14 0x00010ae2ca90 in core::panicking::panic_const::panic_const_shl_overflow::hc0bf5177532c5135+0x30 (differential:arm64+0x106254a90) #15 0x0001075c44e4 in cranelift_codegen::isa::aarch64::lower::isle::generated_code::constructor_amode_no_more_iconst::h5cb6604fa9f3f57f+0x245c (differential:arm64+0x1029ec4e4) #16 0x0001075bf37c in cranelift_codegen::isa::aarch64::lower::isle::generated_code::constructor_amode::h54b0698bb9889b3b+0x470 (differential:arm64+0x1029e737c) #17 0x0001075eca94 in cranelift_codegen::isa::aarch64::lower::isle::generated_code::constructor_lower::hc04acc7b0efa0e52+0xbb78 (differential:arm64+0x102a14a94) #18 0x0001070689d8 in cranelift_codegen::machinst::lower::Lower$LT$I$GT$::lower_clif_block::h1c3c8ae4219a90b2+0x1844 (differential:arm64+0x1024909d8) #19 0x00010708ef90 in cranelift_codegen::machinst::lower::Lower$LT$I$GT$::lower::hee14631b664556c5+0x1730 (differential:arm64+0x1024b6f90) #20 0x000107111c18 in cranelift_codegen::machinst::compile::compile::h5d77ec5ff2a3f978+0x8d0 (differential:arm64+0x102539c18) #21 0x00010737d088 in cranelift_codegen::isa::aarch64::AArch64Backend::compile_vcode::h036392921792ad88+0x368 (differential:arm64+0x1027a5088) #22 0x00010737d928 in _$LT$cranelift_codegen..isa..aarch64..AArch64Backend$u20$as$u20$cranelift_codegen..isa..TargetIsa$GT$::compile_function::hcb31f50ca7c8e58d+0x224 (differential:arm64+0x1027a5928) #23 0x00010748de1c in cranelift_codegen::context::Context::compile_stencil::h6cdb966f98fc48b1+0x508 (differential:arm64+0x1028b5e1c) #24 0x00010748f80c in cranelift_codegen::context::Context::compile::ha270ad8ed2236830+0x1ac (differential:arm64+0x1028b780c) #25 0x00010640e8e0 in wasmtime_cranelift::compiler::FunctionCompiler::finish_with_info::h7f3812d7ae02e919+0x358 (differential:arm64+0x1018368e0) #26 0x0001063fbd20 in _$LT$wasmtime_cranelift..compiler..Compiler$u20$as$u20$wasmtime_environ..compile..Compiler$GT$::compile_function::hacb979ee7f120409+0x1290 (differential:arm64+0x101823d20) #27 0x000105e4f488 in wasmtime::compile::CompileInputs::collect_inputs_in_translations::_$u7b$$u7b$closure$u7d$$u7d$::h3e041c0c5b0da3ac+0x338 (differential:arm64+0x101277488) #28 0x000105ad50d0 in alloc::vec::Vec$LT$T$C$A$GT$::extend_desugared::h6f6bf23f80b42a1c+0x314 (differential:arm64+0x100efd0d0) #29 0x0001057a945c in _$LT$alloc..vec..Vec$LT$T$GT$$u20$as$u20$alloc..vec..spec_from_iter_nested..SpecFromIterNested$LT$T$C$I$GT$$GT$::from_iter::h0fc751aab0a16a74+0x5e0 (differential:arm64+0x100bd145c) #30 0x0001059de0f4 in core::iter::adapters::try_process::h5c9bb7d6d0610cc6+0x1a0 (differential:arm64+0x100e060f4) #31 0x000105e51a94 in wasmtime::compile::CompileInputs::compile::h5981ac84720f3726+0x264 (differential:arm64+0x101279a94) #32 0x000105e4a6f4 in wasmtime::compile::build_artifacts::hf8e5ceda73da360e+0x714 (differential:arm64+0x1012726f4) #33 0x000105e45ac0 in wasmtime::compile::runtime::_$LT$impl$u20$wasmtime..compile..code_builder..CodeBuilder$GT$::compile_cached::h578e279adc41f2b7+0x404 (differential:arm64+0x10126dac0) #34 0x000105e468d0 in wasmtime::compile::runtime::_$LT$impl$u20$wasmtime..compile..code_builder..CodeBuilder$GT$::compile_module::hbe0e9aa8ea7cad5b+0x26c (differential:arm64+0x10126e8d0) #35 0x000104f186b0 in _$LT$wasmi_fuzz..oracle..wasmtime..WasmtimeOracle$u20$as$u20$wasmi_fuzz..oracle..DifferentialOracleMeta$GT$::setup::h2303ebd0f8be8e1d+0x314 (differential:arm64+0x1003406b0) #36 0x000104f1cc30 in wasmi_fuzz::oracle::ChosenOracle::setup::h7f5022588851a5a1+0x1cc (differential:arm64+0x100344c30) #37 0x000104c0bb8c in differential::FuzzState::setup::h408b52229af257db differential.rs:78 #38 0x000104c117a8 in differential::_::__libfuzzer_sys_run::he9d1ec5f3c48db42 differential.rs:59 #39 0x000104c10fc0 in rust_fuzzer_test_input lib.rs:359 #40 0x00010ac0889c in std::panicking::try::do_call::ha19fc646eab30df2+0xc4 (differential:arm64+0x10603089c) #41 0x00010ac0c130 in __rust_try+0x18 (differential:arm64+0x106034130) #42 0x00010ac0b490 in LLVMFuzzerTestOneInput+0x16c (differential:arm64+0x106033490) #43 0x00010ac0e7c8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)+0x150 (differential:arm64+0x1060367c8) #44 0x00010ac108d4 in fuzzer::Fuzzer::MinimizeCrashLoop(std::__1::vector<unsigned char, std::__1::allocator<unsigned char>> const&)+0x128 (differential:arm64+0x1060388d4) #45 0x00010ac2dacc in fuzzer::MinimizeCrashInputInternalStep(fuzzer::Fuzzer*, fuzzer::InputCorpus*)+0xd8 (differential:arm64+0x106055acc) #46 0x00010ac30d70 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))+0x1adc (differential:arm64+0x106058d70) #47 0x00010ac3e87c in main+0x24 (differential:arm64+0x10606687c) #48 0x0001991e8270 (<unknown module>) NOTE: libFuzzer has rudimentary signal handlers. Combine libFuzzer with AddressSanitizer or similar for better crash reports. SUMMARY: libFuzzer: deadly signal MS: 1 EraseBytes-; base unit: 0000000000000000000000000000000000000000 artifact_prefix='/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/'; Test unit written to /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325 ********************************* CRASH_MIN: minimizing crash input: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325' (450 bytes) CRASH_MIN: executing: target/aarch64-apple-darwin/release/differential -artifact_prefix=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/ -runs=255 /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325 2>&1 CRASH_MIN: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade69822237 [message truncated]
Wasmtime GitHub notifications bot (Mar 27 2025 at 10:12):Robbepop edited issue #10479:
- Version: Wasmtime v31.0.0
- Architecture:
aarch64- OS: MacOS
While differentially fuzzing Wasmi and Wasmtime I encountered this Cranelift panic:
NOTE: libFuzzer has rudimentary signal handlers. Combine libFuzzer with AddressSanitizer or similar for better crash reports. SUMMARY: libFuzzer: deadly signal MS: 2 EraseBytes-EraseBytes- DE: "asmtime.info"-; base unit: 0000000000000000000000000000000000000000 artifact_prefix='/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/'; Test unit written to /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4 ********************************* CRASH_MIN: minimizing crash input: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4' (466 bytes) CRASH_MIN: executing: target/aarch64-apple-darwin/release/differential -artifact_prefix=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/ -runs=255 /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4 2>&1 CRASH_MIN: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4' (466 bytes) caused a crash. Will try to minimize it further CRASH_MIN: executing: target/aarch64-apple-darwin/release/differential -artifact_prefix=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/ -runs=255 /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4 -minimize_crash_internal_step=1 -exact_artifact_path=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325 2>&1 INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 3290884671 INFO: Loaded 1 modules (1917030 inline 8-bit counters): 1917030 [0x10c22c620, 0x10c400686), INFO: Loaded 1 PC tables (1917030 PCs): 1917030 [0x10c400688,0x10e140ce8), INFO: Starting MinimizeCrashInputInternalStep: 466 INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 466 bytes thread '<unnamed>' panicked at /Users/me/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/cranelift-codegen-0.118.0/src/isa/aarch64/lower/isle.rs:76:5: attempt to shift left with overflow note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ==7505== ERROR: libFuzzer: deadly signal #0 0x000111449cc0 in __sanitizer_print_stack_trace+0x28 (librustc-nightly_rt.asan.dylib:arm64+0x5dcc0) #1 0x00010ac19c6c in fuzzer::PrintStackTrace()+0x30 (differential:arm64+0x106041c6c) #2 0x00010ac0ced0 in fuzzer::Fuzzer::CrashCallback()+0x54 (differential:arm64+0x106034ed0) #3 0x00019959ede0 in _sigtramp+0x34 (libsystem_platform.dylib:arm64+0x3de0) #4 0x000199567f6c in pthread_kill+0x11c (libsystem_pthread.dylib:arm64+0x6f6c) #5 0x000199474904 in abort+0x7c (libsystem_c.dylib:arm64+0x79904) #6 0x00010ae2aff4 in std::sys::pal::unix::abort_internal::h3a58f5c5277e2a33+0x8 (differential:arm64+0x106252ff4) #7 0x00010ae2a0e8 in std::process::abort::hd17a0e4c17c95c53+0x8 (differential:arm64+0x1062520e8) #8 0x00010ae28248 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::haf75e4bfd0726774+0xb8 (differential:arm64+0x106250248) #9 0x00010aca6f10 in std::panicking::rust_panic_with_hook::h5c8e54d4834ba2ab+0x258 (differential:arm64+0x1060cef10) #10 0x00010aca6ad8 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h572ee2d46423c444+0x64 (differential:arm64+0x1060cead8) #11 0x00010aca463c in std::sys::backtrace::__rust_end_short_backtrace::h22ba52595261f65a+0x8 (differential:arm64+0x1060cc63c) #12 0x00010aca67a8 in _RNvCsexUFXDsTyjl_7___rustc17rust_begin_unwind+0x1c (differential:arm64+0x1060ce7a8) #13 0x00010ae2c0ec in core::panicking::panic_fmt::h40a35e81076930e8+0x1c (differential:arm64+0x1062540ec) #14 0x00010ae2ca90 in core::panicking::panic_const::panic_const_shl_overflow::hc0bf5177532c5135+0x30 (differential:arm64+0x106254a90) #15 0x0001075c44e4 in cranelift_codegen::isa::aarch64::lower::isle::generated_code::constructor_amode_no_more_iconst::h5cb6604fa9f3f57f+0x245c (differential:arm64+0x1029ec4e4) #16 0x0001075bf37c in cranelift_codegen::isa::aarch64::lower::isle::generated_code::constructor_amode::h54b0698bb9889b3b+0x470 (differential:arm64+0x1029e737c) #17 0x0001075eca94 in cranelift_codegen::isa::aarch64::lower::isle::generated_code::constructor_lower::hc04acc7b0efa0e52+0xbb78 (differential:arm64+0x102a14a94) #18 0x0001070689d8 in cranelift_codegen::machinst::lower::Lower$LT$I$GT$::lower_clif_block::h1c3c8ae4219a90b2+0x1844 (differential:arm64+0x1024909d8) #19 0x00010708ef90 in cranelift_codegen::machinst::lower::Lower$LT$I$GT$::lower::hee14631b664556c5+0x1730 (differential:arm64+0x1024b6f90) #20 0x000107111c18 in cranelift_codegen::machinst::compile::compile::h5d77ec5ff2a3f978+0x8d0 (differential:arm64+0x102539c18) #21 0x00010737d088 in cranelift_codegen::isa::aarch64::AArch64Backend::compile_vcode::h036392921792ad88+0x368 (differential:arm64+0x1027a5088) #22 0x00010737d928 in _$LT$cranelift_codegen..isa..aarch64..AArch64Backend$u20$as$u20$cranelift_codegen..isa..TargetIsa$GT$::compile_function::hcb31f50ca7c8e58d+0x224 (differential:arm64+0x1027a5928) #23 0x00010748de1c in cranelift_codegen::context::Context::compile_stencil::h6cdb966f98fc48b1+0x508 (differential:arm64+0x1028b5e1c) #24 0x00010748f80c in cranelift_codegen::context::Context::compile::ha270ad8ed2236830+0x1ac (differential:arm64+0x1028b780c) #25 0x00010640e8e0 in wasmtime_cranelift::compiler::FunctionCompiler::finish_with_info::h7f3812d7ae02e919+0x358 (differential:arm64+0x1018368e0) #26 0x0001063fbd20 in _$LT$wasmtime_cranelift..compiler..Compiler$u20$as$u20$wasmtime_environ..compile..Compiler$GT$::compile_function::hacb979ee7f120409+0x1290 (differential:arm64+0x101823d20) #27 0x000105e4f488 in wasmtime::compile::CompileInputs::collect_inputs_in_translations::_$u7b$$u7b$closure$u7d$$u7d$::h3e041c0c5b0da3ac+0x338 (differential:arm64+0x101277488) #28 0x000105ad50d0 in alloc::vec::Vec$LT$T$C$A$GT$::extend_desugared::h6f6bf23f80b42a1c+0x314 (differential:arm64+0x100efd0d0) #29 0x0001057a945c in _$LT$alloc..vec..Vec$LT$T$GT$$u20$as$u20$alloc..vec..spec_from_iter_nested..SpecFromIterNested$LT$T$C$I$GT$$GT$::from_iter::h0fc751aab0a16a74+0x5e0 (differential:arm64+0x100bd145c) #30 0x0001059de0f4 in core::iter::adapters::try_process::h5c9bb7d6d0610cc6+0x1a0 (differential:arm64+0x100e060f4) #31 0x000105e51a94 in wasmtime::compile::CompileInputs::compile::h5981ac84720f3726+0x264 (differential:arm64+0x101279a94) #32 0x000105e4a6f4 in wasmtime::compile::build_artifacts::hf8e5ceda73da360e+0x714 (differential:arm64+0x1012726f4) #33 0x000105e45ac0 in wasmtime::compile::runtime::_$LT$impl$u20$wasmtime..compile..code_builder..CodeBuilder$GT$::compile_cached::h578e279adc41f2b7+0x404 (differential:arm64+0x10126dac0) #34 0x000105e468d0 in wasmtime::compile::runtime::_$LT$impl$u20$wasmtime..compile..code_builder..CodeBuilder$GT$::compile_module::hbe0e9aa8ea7cad5b+0x26c (differential:arm64+0x10126e8d0) #35 0x000104f186b0 in _$LT$wasmi_fuzz..oracle..wasmtime..WasmtimeOracle$u20$as$u20$wasmi_fuzz..oracle..DifferentialOracleMeta$GT$::setup::h2303ebd0f8be8e1d+0x314 (differential:arm64+0x1003406b0) #36 0x000104f1cc30 in wasmi_fuzz::oracle::ChosenOracle::setup::h7f5022588851a5a1+0x1cc (differential:arm64+0x100344c30) #37 0x000104c0bb8c in differential::FuzzState::setup::h408b52229af257db differential.rs:78 #38 0x000104c117a8 in differential::_::__libfuzzer_sys_run::he9d1ec5f3c48db42 differential.rs:59 #39 0x000104c10fc0 in rust_fuzzer_test_input lib.rs:359 #40 0x00010ac0889c in std::panicking::try::do_call::ha19fc646eab30df2+0xc4 (differential:arm64+0x10603089c) #41 0x00010ac0c130 in __rust_try+0x18 (differential:arm64+0x106034130) #42 0x00010ac0b490 in LLVMFuzzerTestOneInput+0x16c (differential:arm64+0x106033490) #43 0x00010ac0e7c8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)+0x150 (differential:arm64+0x1060367c8) #44 0x00010ac108d4 in fuzzer::Fuzzer::MinimizeCrashLoop(std::__1::vector<unsigned char, std::__1::allocator<unsigned char>> const&)+0x128 (differential:arm64+0x1060388d4) #45 0x00010ac2dacc in fuzzer::MinimizeCrashInputInternalStep(fuzzer::Fuzzer*, fuzzer::InputCorpus*)+0xd8 (differential:arm64+0x106055acc) #46 0x00010ac30d70 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))+0x1adc (differential:arm64+0x106058d70) #47 0x00010ac3e87c in main+0x24 (differential:arm64+0x10606687c) #48 0x0001991e8270 (<unknown module>) NOTE: libFuzzer has rudimentary signal handlers. Combine libFuzzer with AddressSanitizer or similar for better crash reports. SUMMARY: libFuzzer: deadly signal MS: 1 EraseBytes-; base unit: 0000000000000000000000000000000000000000 artifact_prefix='/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/'; Test unit written to /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325 ********************************* CRASH_MIN: minimizing crash input: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325' (450 bytes) CRASH_MIN: executing: target/aarch64-apple-darwin/release/differential -artifact_prefix=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/ -runs=255 /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325 2>&1 CRASH_MIN: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982 [message truncated]
Wasmtime GitHub notifications bot (Mar 27 2025 at 10:12):Robbepop edited issue #10479:
- Version: Wasmtime v31.0.0
- Architecture:
aarch64- OS: MacOS
While differentially fuzzing Wasmi and Wasmtime I encountered this Cranelift panic:
NOTE: libFuzzer has rudimentary signal handlers. Combine libFuzzer with AddressSanitizer or similar for better crash reports. SUMMARY: libFuzzer: deadly signal MS: 2 EraseBytes-EraseBytes- DE: "asmtime.info"-; base unit: 0000000000000000000000000000000000000000 artifact_prefix='/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/'; Test unit written to /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4 ********************************* CRASH_MIN: minimizing crash input: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4' (466 bytes) CRASH_MIN: executing: target/aarch64-apple-darwin/release/differential -artifact_prefix=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/ -runs=255 /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4 2>&1 CRASH_MIN: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4' (466 bytes) caused a crash. Will try to minimize it further CRASH_MIN: executing: target/aarch64-apple-darwin/release/differential -artifact_prefix=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/ -runs=255 /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-de00244b92a84f05f080a7fdff69dee621206cd4 -minimize_crash_internal_step=1 -exact_artifact_path=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325 2>&1 INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 3290884671 INFO: Loaded 1 modules (1917030 inline 8-bit counters): 1917030 [0x10c22c620, 0x10c400686), INFO: Loaded 1 PC tables (1917030 PCs): 1917030 [0x10c400688,0x10e140ce8), INFO: Starting MinimizeCrashInputInternalStep: 466 INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 466 bytes thread '<unnamed>' panicked at /Users/me/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/cranelift-codegen-0.118.0/src/isa/aarch64/lower/isle.rs:76:5: attempt to shift left with overflow note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ==7505== ERROR: libFuzzer: deadly signal #0 0x000111449cc0 in __sanitizer_print_stack_trace+0x28 (librustc-nightly_rt.asan.dylib:arm64+0x5dcc0) #1 0x00010ac19c6c in fuzzer::PrintStackTrace()+0x30 (differential:arm64+0x106041c6c) #2 0x00010ac0ced0 in fuzzer::Fuzzer::CrashCallback()+0x54 (differential:arm64+0x106034ed0) #3 0x00019959ede0 in _sigtramp+0x34 (libsystem_platform.dylib:arm64+0x3de0) #4 0x000199567f6c in pthread_kill+0x11c (libsystem_pthread.dylib:arm64+0x6f6c) #5 0x000199474904 in abort+0x7c (libsystem_c.dylib:arm64+0x79904) #6 0x00010ae2aff4 in std::sys::pal::unix::abort_internal::h3a58f5c5277e2a33+0x8 (differential:arm64+0x106252ff4) #7 0x00010ae2a0e8 in std::process::abort::hd17a0e4c17c95c53+0x8 (differential:arm64+0x1062520e8) #8 0x00010ae28248 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::haf75e4bfd0726774+0xb8 (differential:arm64+0x106250248) #9 0x00010aca6f10 in std::panicking::rust_panic_with_hook::h5c8e54d4834ba2ab+0x258 (differential:arm64+0x1060cef10) #10 0x00010aca6ad8 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::h572ee2d46423c444+0x64 (differential:arm64+0x1060cead8) #11 0x00010aca463c in std::sys::backtrace::__rust_end_short_backtrace::h22ba52595261f65a+0x8 (differential:arm64+0x1060cc63c) #12 0x00010aca67a8 in _RNvCsexUFXDsTyjl_7___rustc17rust_begin_unwind+0x1c (differential:arm64+0x1060ce7a8) #13 0x00010ae2c0ec in core::panicking::panic_fmt::h40a35e81076930e8+0x1c (differential:arm64+0x1062540ec) #14 0x00010ae2ca90 in core::panicking::panic_const::panic_const_shl_overflow::hc0bf5177532c5135+0x30 (differential:arm64+0x106254a90) #15 0x0001075c44e4 in cranelift_codegen::isa::aarch64::lower::isle::generated_code::constructor_amode_no_more_iconst::h5cb6604fa9f3f57f+0x245c (differential:arm64+0x1029ec4e4) #16 0x0001075bf37c in cranelift_codegen::isa::aarch64::lower::isle::generated_code::constructor_amode::h54b0698bb9889b3b+0x470 (differential:arm64+0x1029e737c) #17 0x0001075eca94 in cranelift_codegen::isa::aarch64::lower::isle::generated_code::constructor_lower::hc04acc7b0efa0e52+0xbb78 (differential:arm64+0x102a14a94) #18 0x0001070689d8 in cranelift_codegen::machinst::lower::Lower$LT$I$GT$::lower_clif_block::h1c3c8ae4219a90b2+0x1844 (differential:arm64+0x1024909d8) #19 0x00010708ef90 in cranelift_codegen::machinst::lower::Lower$LT$I$GT$::lower::hee14631b664556c5+0x1730 (differential:arm64+0x1024b6f90) #20 0x000107111c18 in cranelift_codegen::machinst::compile::compile::h5d77ec5ff2a3f978+0x8d0 (differential:arm64+0x102539c18) #21 0x00010737d088 in cranelift_codegen::isa::aarch64::AArch64Backend::compile_vcode::h036392921792ad88+0x368 (differential:arm64+0x1027a5088) #22 0x00010737d928 in _$LT$cranelift_codegen..isa..aarch64..AArch64Backend$u20$as$u20$cranelift_codegen..isa..TargetIsa$GT$::compile_function::hcb31f50ca7c8e58d+0x224 (differential:arm64+0x1027a5928) #23 0x00010748de1c in cranelift_codegen::context::Context::compile_stencil::h6cdb966f98fc48b1+0x508 (differential:arm64+0x1028b5e1c) #24 0x00010748f80c in cranelift_codegen::context::Context::compile::ha270ad8ed2236830+0x1ac (differential:arm64+0x1028b780c) #25 0x00010640e8e0 in wasmtime_cranelift::compiler::FunctionCompiler::finish_with_info::h7f3812d7ae02e919+0x358 (differential:arm64+0x1018368e0) #26 0x0001063fbd20 in _$LT$wasmtime_cranelift..compiler..Compiler$u20$as$u20$wasmtime_environ..compile..Compiler$GT$::compile_function::hacb979ee7f120409+0x1290 (differential:arm64+0x101823d20) #27 0x000105e4f488 in wasmtime::compile::CompileInputs::collect_inputs_in_translations::_$u7b$$u7b$closure$u7d$$u7d$::h3e041c0c5b0da3ac+0x338 (differential:arm64+0x101277488) #28 0x000105ad50d0 in alloc::vec::Vec$LT$T$C$A$GT$::extend_desugared::h6f6bf23f80b42a1c+0x314 (differential:arm64+0x100efd0d0) #29 0x0001057a945c in _$LT$alloc..vec..Vec$LT$T$GT$$u20$as$u20$alloc..vec..spec_from_iter_nested..SpecFromIterNested$LT$T$C$I$GT$$GT$::from_iter::h0fc751aab0a16a74+0x5e0 (differential:arm64+0x100bd145c) #30 0x0001059de0f4 in core::iter::adapters::try_process::h5c9bb7d6d0610cc6+0x1a0 (differential:arm64+0x100e060f4) #31 0x000105e51a94 in wasmtime::compile::CompileInputs::compile::h5981ac84720f3726+0x264 (differential:arm64+0x101279a94) #32 0x000105e4a6f4 in wasmtime::compile::build_artifacts::hf8e5ceda73da360e+0x714 (differential:arm64+0x1012726f4) #33 0x000105e45ac0 in wasmtime::compile::runtime::_$LT$impl$u20$wasmtime..compile..code_builder..CodeBuilder$GT$::compile_cached::h578e279adc41f2b7+0x404 (differential:arm64+0x10126dac0) #34 0x000105e468d0 in wasmtime::compile::runtime::_$LT$impl$u20$wasmtime..compile..code_builder..CodeBuilder$GT$::compile_module::hbe0e9aa8ea7cad5b+0x26c (differential:arm64+0x10126e8d0) #35 0x000104f186b0 in _$LT$wasmi_fuzz..oracle..wasmtime..WasmtimeOracle$u20$as$u20$wasmi_fuzz..oracle..DifferentialOracleMeta$GT$::setup::h2303ebd0f8be8e1d+0x314 (differential:arm64+0x1003406b0) #36 0x000104f1cc30 in wasmi_fuzz::oracle::ChosenOracle::setup::h7f5022588851a5a1+0x1cc (differential:arm64+0x100344c30) #37 0x000104c0bb8c in differential::FuzzState::setup::h408b52229af257db differential.rs:78 #38 0x000104c117a8 in differential::_::__libfuzzer_sys_run::he9d1ec5f3c48db42 differential.rs:59 #39 0x000104c10fc0 in rust_fuzzer_test_input lib.rs:359 #40 0x00010ac0889c in std::panicking::try::do_call::ha19fc646eab30df2+0xc4 (differential:arm64+0x10603089c) #41 0x00010ac0c130 in __rust_try+0x18 (differential:arm64+0x106034130) #42 0x00010ac0b490 in LLVMFuzzerTestOneInput+0x16c (differential:arm64+0x106033490) #43 0x00010ac0e7c8 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long)+0x150 (differential:arm64+0x1060367c8) #44 0x00010ac108d4 in fuzzer::Fuzzer::MinimizeCrashLoop(std::__1::vector<unsigned char, std::__1::allocator<unsigned char>> const&)+0x128 (differential:arm64+0x1060388d4) #45 0x00010ac2dacc in fuzzer::MinimizeCrashInputInternalStep(fuzzer::Fuzzer*, fuzzer::InputCorpus*)+0xd8 (differential:arm64+0x106055acc) #46 0x00010ac30d70 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long))+0x1adc (differential:arm64+0x106058d70) #47 0x00010ac3e87c in main+0x24 (differential:arm64+0x10606687c) #48 0x0001991e8270 (<unknown module>) NOTE: libFuzzer has rudimentary signal handlers. Combine libFuzzer with AddressSanitizer or similar for better crash reports. SUMMARY: libFuzzer: deadly signal MS: 1 EraseBytes-; base unit: 0000000000000000000000000000000000000000 artifact_prefix='/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/'; Test unit written to /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325 ********************************* CRASH_MIN: minimizing crash input: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325' (450 bytes) CRASH_MIN: executing: target/aarch64-apple-darwin/release/differential -artifact_prefix=/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/ -runs=255 /Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982223726c65803bbebce42325 2>&1 CRASH_MIN: '/Users/me/Documents/GitHub/wasmi/fuzz/artifacts/differential/minimized-from-6bc04e97d6ade6982 [message truncated]
Wasmtime GitHub notifications bot (Mar 27 2025 at 16:20):fitzgen assigned fitzgen to issue #10479.
Wasmtime GitHub notifications bot (Mar 27 2025 at 18:30):alexcrichton commented on issue #10479:
For @fitzgen when you look into this, the panic here looks similar to https://github.com/bytecodealliance/wasmtime/pull/10382 which hasn't made it into any releases yet so this may already be fixed on main (unsure, I have not tested myself)
Last updated: Apr 18 2025 at 11:03 UTC