Wasmtime GitHub notifications bot (Oct 15 2025 at 19:11): Wasmtime GitHub notifications bot (Oct 15 2025 at 19:11):guidovranken opened issue #11868:
(no link to external bug report. Found by running fuzzers locally)
<details>
<summary>Test case input</summary><!-- Please base64-encode the input that libFuzzer generated, and paste it in the code-block below. This is required for us to reproduce the issue. -->
8v////////8JFhYWDAAAAAAAAJWVlZWVlZWVlZWVlZWVlZWVlZWVlZWVlZWVlZWVFhYWFhYWFhYWFhYWFhYWFhYWFhYWNhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYAYXNtAQIAAAEXAWAGfn5+fn5+DX6np6enp6enp6enpqenp+Xl5eXl5eXl5eXl5eXl5eXj5eXl/////////////////////////+Xl5eXl5eXl5eXl5eXl5QkAAADl/153AVABAV53AVABAV53AVABAV53AVABAV53AVABAV53AVABAV4yMzA0Nzk5MwEBXncBAQFedwFQdwFQAVABAXcBUAEBAQFedwFQAQFeAVABAQEBXncBUF53AVABdwFQAQFedwEBXncBUAEBd1BQAQEBUAEBXncBXncBUAEBXncBdCJedwFQAQFedwFQdwFQAQF3UAEBXncBUAEBXndQAQFeAVABUAEBXndQAQFedwFQAf93UFABAXQi</details>
<details>
<summary>cargo +nightly fuzz fmtoutput</summary><!-- If you can, please paste the output of
cargo +nightly fuzz fmt <target> <input>in the code-block below. This will help reviewers more quickly triage this report. -->Don't know; using fuzzer binaries downloaded from OSS-Fuzz (
wasmtime-address-202510140708)</details>
<details>
<summary>Stack trace or other relevant details</summary><!-- If you can, please paste anything that looks relevant from the failure message in the code-block below. This will help reviewers more quickly triage this report. -->
thread '<unnamed>' panicked at /src/wasmtime/winch/codegen/src/isa/x64/masm.rs:318:14: Scratch register to be available: Winch internal error: Expected register to be available note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ==3523940== ERROR: libFuzzer: deadly signal #0 0x55555823f561 in __sanitizer_print_stack_trace /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_stack.cpp:87:3 #1 0x55555ce22438 in fuzzer::PrintStackTrace() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerUtil.cpp:210:5 #2 0x55555ce05e13 in fuzzer::Fuzzer::CrashCallback() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:231:3 #3 0x7ffff7c4532f (/lib/x86_64-linux-gnu/libc.so.6+0x4532f) (BuildId: 274eec488d230825a136fa9c4d85370fed7a0a5e) #4 0x7ffff7c9eb2b in __pthread_kill_implementation nptl/pthread_kill.c:43:17 #5 0x7ffff7c9eb2b in __pthread_kill_internal nptl/pthread_kill.c:78:10 #6 0x7ffff7c9eb2b in pthread_kill nptl/pthread_kill.c:89:10 #7 0x7ffff7c4527d in raise signal/../sysdeps/posix/raise.c:26:13 #8 0x7ffff7c288fe in abort stdlib/abort.c:79:7 #9 0x5555581a6869 in std::sys::pal::unix::abort_internal::h96857ca33d9110f4 /rustc/3014e79f9c8d5510ea7b3a3b70d171d0948b1e96/library/std/src/sys/pal/unix/mod.rs:366:14 #10 0x5555581a61a8 in std::process::abort::hbb0da5b195767e3b /rustc/3014e79f9c8d5510ea7b3a3b70d171d0948b1e96/library/std/src/process.rs:2499:5 #11 0x5555581a15c4 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::ha438d9b9b7ad8ebb /rust/registry/src/index.crates.io-1949cf8c6b5b557f/libfuzzer-sys-0.4.10/src/lib.rs:94:9 #12 0x55555ce7812d in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..Fn$LT$Args$GT$$GT$::call::h2b5c5d3b4f513895 /rustc/3014e79f9c8d5510ea7b3a3b70d171d0948b1e96/library/alloc/src/boxed.rs:1985:9 #13 0x55555ce7812d in std::panicking::rust_panic_with_hook::hceef4321c6f4ad8a /rustc/3014e79f9c8d5510ea7b3a3b70d171d0948b1e96/library/std/src/panicking.rs:841:13 #14 0x55555ce77e19 in std::panicking::begin_panic_handler::_$u7b$$u7b$closure$u7d$$u7d$::hf9fd67a226c3bb3d /rustc/3014e79f9c8d5510ea7b3a3b70d171d0948b1e96/library/std/src/panicking.rs:706:13 #15 0x55555ce764c8 in std::sys::backtrace::__rust_end_short_backtrace::h52410ec1fdc70787 /rustc/3014e79f9c8d5510ea7b3a3b70d171d0948b1e96/library/std/src/sys/backtrace.rs:174:18 #16 0x55555ce77aac in __rustc::rust_begin_unwind /rustc/3014e79f9c8d5510ea7b3a3b70d171d0948b1e96/library/std/src/panicking.rs:697:5 #17 0x5555581a7b7f in core::panicking::panic_fmt::hf04b323265684a46 /rustc/3014e79f9c8d5510ea7b3a3b70d171d0948b1e96/library/core/src/panicking.rs:75:14 #18 0x5555581a8095 in core::result::unwrap_failed::hdf92484becbba54e /rustc/3014e79f9c8d5510ea7b3a3b70d171d0948b1e96/library/core/src/result.rs:1761:5 #19 0x555558fc4482 in core::result::Result$LT$T$C$E$GT$::expect::hdac8d8a13d5fde39 /rustc/3014e79f9c8d5510ea7b3a3b70d171d0948b1e96/library/core/src/result.rs:1119:23 #20 0x555558fc4482 in _$LT$winch_codegen..isa..x64..masm..MacroAssembler$u20$as$u20$winch_codegen..masm..MacroAssembler$GT$::with_scratch::h6459b94d1520bdd4 /src/wasmtime/winch/codegen/src/isa/x64/masm.rs:318:14 #21 0x555558fc4482 in winch_codegen::masm::MacroAssembler::with_scratch_for::h201b607d65eb19b6 /src/wasmtime/winch/codegen/src/masm.rs:1465:22 #22 0x555558fc4482 in winch_codegen::codegen::context::CodeGenContext$LT$winch_codegen..codegen..phase..Emission$GT$::spill_impl::he97fb477369be476 /src/wasmtime/winch/codegen/src/codegen/context.rs:849:26 #23 0x55555903c969 in winch_codegen::codegen::context::CodeGenContext$LT$winch_codegen..codegen..phase..Emission$GT$::reg_for_class::_$u7b$$u7b$closure$u7d$$u7d$::hc3830faf9c1d3250 /src/wasmtime/winch/codegen/src/codegen/context.rs:177:13 #24 0x55555903c969 in winch_codegen::regalloc::RegAlloc::reg_for_class::h3d80416d93c581ae /src/wasmtime/winch/codegen/src/regalloc.rs:41:17 #25 0x55555903c969 in winch_codegen::codegen::context::CodeGenContext$LT$winch_codegen..codegen..phase..Emission$GT$::reg_for_class::hea9144bea91ca1f4 /src/wasmtime/winch/codegen/src/codegen/context.rs:176:23 #26 0x55555903c969 in winch_codegen::codegen::context::CodeGenContext$LT$winch_codegen..codegen..phase..Emission$GT$::any_fpr::h122b92567164a9d0 /src/wasmtime/winch/codegen/src/codegen/context.rs:190:14 #27 0x55555903c969 in _$LT$winch_codegen..isa..x64..masm..MacroAssembler$u20$as$u20$winch_codegen..masm..MacroAssembler$GT$::v128_shift::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::hc9b2a26639be2d50 /src/wasmtime/winch/codegen/src/isa/x64/masm.rs:2494:44 #28 0x55555903c969 in _$LT$winch_codegen..isa..x64..masm..MacroAssembler$u20$as$u20$winch_codegen..masm..MacroAssembler$GT$::v128_shift::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::hec91286278df377b /src/wasmtime/winch/codegen/src/isa/x64/masm.rs:2666:60 #29 0x55555903c969 in _$LT$winch_codegen..isa..x64..masm..MacroAssembler$u20$as$u20$winch_codegen..masm..MacroAssembler$GT$::with_scratch::he69cea177e4f4214 /src/wasmtime/winch/codegen/src/isa/x64/masm.rs:320:19 #30 0x55555903c969 in _$LT$winch_codegen..isa..x64..masm..MacroAssembler$u20$as$u20$winch_codegen..masm..MacroAssembler$GT$::v128_shift::_$u7b$$u7b$closure$u7d$$u7d$::h8951175351e5b5c5 /src/wasmtime/winch/codegen/src/isa/x64/masm.rs:2407:18 #31 0x55555903c969 in _$LT$winch_codegen..isa..x64..masm..MacroAssembler$u20$as$u20$winch_codegen..masm..MacroAssembler$GT$::with_scratch::he0e7655ee8002377 /src/wasmtime/winch/codegen/src/isa/x64/masm.rs:320:19 #32 0x55555903c969 in _$LT$winch_codegen..isa..x64..masm..MacroAssembler$u20$as$u20$winch_codegen..masm..MacroAssembler$GT$::v128_shift::ha05c80f01a172dbf /src/wasmtime/winch/codegen/src/isa/x64/masm.rs:2406:14 #33 0x55555920f428 in winch_codegen::visitor::_$LT$impl$u20$wasmparser..readers..core..operators..VisitSimdOperator$u20$for$u20$winch_codegen..codegen..CodeGen$LT$M$C$winch_codegen..codegen..phase..Emission$GT$$GT$::visit_i64x2_shr_s::h30f5a0c4c857a224 /src/wasmtime/winch/codegen/src/visitor.rs:4089:14 #34 0x55555920f428 in _$LT$winch_codegen..codegen..CodeGen$LT$M$C$winch_codegen..codegen..phase..Emission$GT$..emit_body..ValidateThenVisit$LT$T$C$U$GT$$u20$as$u20$wasmparser..readers..core..operators..VisitSimdOperator$GT$::visit_i64x2_shr_s::hd0cd05e7f593693b /src/wasmtime/winch/codegen/src/codegen/mod.rs:362:46 #35 0x555558f20954 in wasmparser::binary_reader::BinaryReader::visit_0xfd_operator::he8d00193d7246b1b /rust/registry/src/index.crates.io-1949cf8c6b5b557f/wasmparser-0.240.0/src/[binary_reader.rs](http://binary_reader.rs/) #36 0x555558f164fb in wasmparser::binary_reader::BinaryReader::visit_operator::hb189653b002f9b5c /rust/registry/src/index.crates.io-1949cf8c6b5b557f/wasmparser-0.240.0/src/binary_reader.rs:1200:33 #37 0x55555904ddad in wasmparser::readers::core::operators::OperatorsReader::visit_operator::h89010f1eca1b4ec5 /rust/registry/src/index.crates.io-1949cf8c6b5b557f/wasmparser-0.240.0/src/readers/core/operators.rs:546:21 #38 0x55555904ddad in winch_codegen::codegen::CodeGen$LT$M$C$winch_codegen..codegen..phase..Emission$GT$::emit_body::h82249c1fe05ed862 /src/wasmtime/winch/codegen/src/codegen/mod.rs:343:17 #39 0x55555904ddad in winch_codegen::codegen::CodeGen$LT$M$C$winch_codegen..codegen..phase..Emission$GT$::emit::ha7a7e0e62fc202e2 /src/wasmtime/winch/codegen/src/codegen/mod.rs:247:14 #40 0x55555904ddad in _$LT$winch_codegen..isa..x64..X64$u20$as$u20$winch_codegen..isa..TargetIsa$GT$::compile_function::h5f43a13d22fbc46a /src/wasmtime/winch/codegen/src/isa/x64/mod.rs:127:22 #41 0x555558f0c671 in _$LT$wasmtime_internal_winch..compiler..Compiler$u20$as$u20$wasmtime_environ..compile..Compiler$GT$::compile_function::h3558ab255efb0977 /src/wasmtime/crates/winch/src/compiler.rs:137:14 #42 0x555558977917 in wasmtime::compile::CompileInputs::collect_inputs_in_translations::_$u7b$$u7b$closure$u7d$$u7d$::h5cce36bc2df831e1 /src/wasmtime/crates/wasmtime/src/compile.rs:412:26 #43 0x555558977917 in core::ops::function::FnOnce::call_once$u7b$$u7b$vtable.shim$u7d$$u7d$::ha7b869edf767140d /rustc/3014e79f9c8d5510ea7b3a3b70d171d0948b1e96/library/core/src/ops/function.rs:253:5 #44 0x555558bf0c0a in _$LT$alloc..boxed..Box$LT$F$C$A$GT$$u20$as$u20$core..ops..function..FnOnce$LT$Args$GT$$GT$::call_once::h818d1b22de3c62b5 /rustc/3014e79f9c8d5510ea7b3a3b70d17 [message truncated]
Wasmtime GitHub notifications bot (Oct 15 2025 at 19:11):guidovranken added the bug label to Issue #11868.
Wasmtime GitHub notifications bot (Oct 15 2025 at 19:11):guidovranken added the fuzz-bug label to Issue #11868.
Last updated: Dec 06 2025 at 07:03 UTC