Wasmtime GitHub notifications bot (Feb 02 2026 at 15:55): Wasmtime GitHub notifications bot (Feb 02 2026 at 15:55):alexcrichton opened issue #12488:
Using input.txt as input:
$ cargo +nightly fuzz run -s none --dev cranelift-fuzzgen ./input.txt Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.11s Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.11s Running `target/x86_64-unknown-linux-gnu/debug/cranelift-fuzzgen -artifact_prefix=/home/alex/code/wasmtime/fuzz/artifacts/cranelift-fuzzgen/ ./clusterfuzz-testcase-minimized-cranelift-fuzzgen-6203223651450880` WARNING: Failed to find function "__sanitizer_acquire_crash_state". WARNING: Failed to find function "__sanitizer_print_stack_trace". WARNING: Failed to find function "__sanitizer_set_death_callback". INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 2634861286 INFO: Loaded 1 modules (384706 inline 8-bit counters): 384706 [0x5b3c82422440, 0x5b3c82480302), INFO: Loaded 1 PC tables (384706 PCs): 384706 [0x5b3c82480308,0x5b3c82a5ef28), target/x86_64-unknown-linux-gnu/debug/cranelift-fuzzgen: Running 1 inputs 1 time(s) each. Running: ./clusterfuzz-testcase-minimized-cranelift-fuzzgen-6203223651450880 thread '<unnamed>' (427986) panicked at fuzz/fuzz_targets/cranelift-fuzzgen.rs:255:61: called `Result::unwrap()` on an `Err` value: Verifier(VerifierErrors([VerifierError { location: function, context: None, message: "Signature with `preserve_all` ABI cannot have return values" }])) note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ==427986== ERROR: libFuzzer: deadly signal NOTE: libFuzzer has rudimentary signal handlers. Combine libFuzzer with AddressSanitizer or similar for better crash reports. SUMMARY: libFuzzer: deadly signal ──────────────────────────────────────────────────────────────────────────────── Error: Fuzz target exited with exit status: 77and
fmtshows:$ cargo +nightly fuzz fmt -s none --dev cranelift-fuzzgen ./input.txt Output of `std::fmt::Debug`: ;; Testing against optimized version ;; Run test case test interpret test run set opt_level=speed_and_size set bb_padding_log2_minus_one=6 set enable_alias_analysis=false set enable_nan_canonicalization=true set enable_llvm_abi_extensions=true set enable_multi_ret_implicit_sret=true set unwind_info=false set machine_code_cfg_info=true set enable_heap_access_spectre_mitigation=false set enable_table_access_spectre_mitigation=false target x86_64 has_sse3 has_ssse3 has_cmpxchg16b has_sse41 has_sse42 has_avx has_avx2 has_fma has_popcnt has_bmi1 has_bmi2 has_lzcnt function u1:0(i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext) -> i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext preserve_all { sig0 = (f32) -> f32 system_v sig1 = (f64) -> f64 system_v sig2 = (f32) -> f32 system_v sig3 = (f64) -> f64 system_v sig4 = (f32) -> f32 system_v sig5 = (f64) -> f64 system_v fn0 = %CeilF32 sig0 fn1 = %CeilF64 sig1 fn2 = %FloorF32 sig2 fn3 = %FloorF64 sig3 fn4 = %TruncF32 sig4 fn5 = %TruncF64 sig5 block0(v0: i8, v1: i8, v2: i8, v3: i8, v4: i8, v5: i8, v6: i8, v7: i8, v8: i8, v9: i8, v10: i8, v11: i8, v12: i8, v13: i8, v14: i8): v15 = iconst.i8 0 v16 = iconst.i16 0 v17 = iconst.i32 0 v18 = iconst.i64 0 v19 = uextend.i128 v18 ; v18 = 0 return v0, v0, v0, v0, v0, v0, v0, v0, v0, v0, v0, v0, v0, v0, v0 } ; Note: the results in the below test cases are simply a placeholder and probably will be wrong ; run: u1:0(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) == [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]cc @cfallin
Wasmtime GitHub notifications bot (Feb 02 2026 at 15:55):alexcrichton added the fuzz-bug label to Issue #12488.
Wasmtime GitHub notifications bot (Feb 03 2026 at 01:29):cfallin closed issue #12488:
Using input.txt as input:
$ cargo +nightly fuzz run -s none --dev cranelift-fuzzgen ./input.txt Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.11s Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.11s Running `target/x86_64-unknown-linux-gnu/debug/cranelift-fuzzgen -artifact_prefix=/home/alex/code/wasmtime/fuzz/artifacts/cranelift-fuzzgen/ ./clusterfuzz-testcase-minimized-cranelift-fuzzgen-6203223651450880` WARNING: Failed to find function "__sanitizer_acquire_crash_state". WARNING: Failed to find function "__sanitizer_print_stack_trace". WARNING: Failed to find function "__sanitizer_set_death_callback". INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 2634861286 INFO: Loaded 1 modules (384706 inline 8-bit counters): 384706 [0x5b3c82422440, 0x5b3c82480302), INFO: Loaded 1 PC tables (384706 PCs): 384706 [0x5b3c82480308,0x5b3c82a5ef28), target/x86_64-unknown-linux-gnu/debug/cranelift-fuzzgen: Running 1 inputs 1 time(s) each. Running: ./clusterfuzz-testcase-minimized-cranelift-fuzzgen-6203223651450880 thread '<unnamed>' (427986) panicked at fuzz/fuzz_targets/cranelift-fuzzgen.rs:255:61: called `Result::unwrap()` on an `Err` value: Verifier(VerifierErrors([VerifierError { location: function, context: None, message: "Signature with `preserve_all` ABI cannot have return values" }])) note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ==427986== ERROR: libFuzzer: deadly signal NOTE: libFuzzer has rudimentary signal handlers. Combine libFuzzer with AddressSanitizer or similar for better crash reports. SUMMARY: libFuzzer: deadly signal ──────────────────────────────────────────────────────────────────────────────── Error: Fuzz target exited with exit status: 77and
fmtshows:$ cargo +nightly fuzz fmt -s none --dev cranelift-fuzzgen ./input.txt Output of `std::fmt::Debug`: ;; Testing against optimized version ;; Run test case test interpret test run set opt_level=speed_and_size set bb_padding_log2_minus_one=6 set enable_alias_analysis=false set enable_nan_canonicalization=true set enable_llvm_abi_extensions=true set enable_multi_ret_implicit_sret=true set unwind_info=false set machine_code_cfg_info=true set enable_heap_access_spectre_mitigation=false set enable_table_access_spectre_mitigation=false target x86_64 has_sse3 has_ssse3 has_cmpxchg16b has_sse41 has_sse42 has_avx has_avx2 has_fma has_popcnt has_bmi1 has_bmi2 has_lzcnt function u1:0(i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext) -> i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext, i8 sext preserve_all { sig0 = (f32) -> f32 system_v sig1 = (f64) -> f64 system_v sig2 = (f32) -> f32 system_v sig3 = (f64) -> f64 system_v sig4 = (f32) -> f32 system_v sig5 = (f64) -> f64 system_v fn0 = %CeilF32 sig0 fn1 = %CeilF64 sig1 fn2 = %FloorF32 sig2 fn3 = %FloorF64 sig3 fn4 = %TruncF32 sig4 fn5 = %TruncF64 sig5 block0(v0: i8, v1: i8, v2: i8, v3: i8, v4: i8, v5: i8, v6: i8, v7: i8, v8: i8, v9: i8, v10: i8, v11: i8, v12: i8, v13: i8, v14: i8): v15 = iconst.i8 0 v16 = iconst.i16 0 v17 = iconst.i32 0 v18 = iconst.i64 0 v19 = uextend.i128 v18 ; v18 = 0 return v0, v0, v0, v0, v0, v0, v0, v0, v0, v0, v0, v0, v0, v0, v0 } ; Note: the results in the below test cases are simply a placeholder and probably will be wrong ; run: u1:0(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) == [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]cc @cfallin
Last updated: Feb 24 2026 at 04:36 UTC