[CABB79DF:JavaScriptLifter] WasmLifting failed with error invalidInput, current failure count: 3 (failure rate: 0.00384%)
Fuzzilli/TypeSystem.swift:745: Fatal error: .wasmFunctionDef([.wasmf64, .wasmi32, .wasmRef(.Abstract(null WasmAny)), .wasmRef(.Abstract(null WasmAny)), .wasmi32, .wasmRef(.Abstract(null WasmAny))] => []) is not a Wasm signature type defintion
💣 Program crashed: Illegal instruction at 0x000075fb452e2628
Platform: x86_64 Linux (Ubuntu 24.04.4 LTS)
Thread 16 crashed:
0 0x000075fb452e2628 assertionFailure(:_:file:line🎏) + 264 in libswiftCore.so
1 ILType.wasmFunctionSignatureDefSignature.getter + 278 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/FuzzIL/TypeSystem.swift:745:13
743│ let desc = (wasmType as? WasmTypeDefinition)?.description
744│ guard let desc = desc as? WasmSignatureTypeDescription else {
745│ fatalError("(self) is not a Wasm signature type defintion")
│ ▲
746│ }
747│ return desc.signature
2 JSTyper.analyze(_:) + 13839 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/FuzzIL/JSTyper.swift:837:66
835│ let fct = instr.input(i)
836│ let definingInstruction = defUseAnalyzer.definition(of: fct)
837│ let signature = type(of: instr.input(i + 1)).wasmFunctionSignatureDefSignature
│ ▲
838│ // TODO(cffsmith): Once we change the way we track signatures, we should also store the JS Signature here if we have one. The table might contain JS functions but we lose that signature in the entries. Which is why we convert back into JS Signatures here.
839│ let jsSignature = ProgramBuilder.convertWasmSignatureToJsSignature(signature)
3 JavaScriptLifter.lift(_:withOptions:) + 3145 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Lifting/JavaScriptLifter.swift:198:20
196│
197│ // Collect type information that we might pass to the WasmLifter.
198│ typer?.analyze(instr)
│ ▲
199│
200│ // Singular operation handling:
4 Fuzzer.execute(_:withTimeout:purpose:) + 115 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:754:29
752│ assert(runner.isInitialized)
753│
754│ let script = lifter.lift(program)
│ ▲
755│
756│ dispatchEvent(events.PreExecute, data: (program, purpose))
5 Fuzzer.importProgram(_:origin:enableDropout:) + 253 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:498:25
496│ }
497│
498│ let execution = execute(program, purpose: .programImport)
│ ▲
499│
500│ var wasImported = false
6 Fuzzer.importProgramWithFixup(_:origin:) + 66 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:628:22
626│ ) {
627│ var program = originalProgram
628│ var result = importProgram(program, origin: origin)
│ ▲
629│
630│ // Only attempt fixup if the program failed to execute successfully. In particular, ignore timeouts and
7 Fuzzer.fuzzOne() + 911 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:1007:43
1005│ }
1006│
1007│ let (result, fixupAttempts) = importProgramWithFixup(
│ ▲
1008│ program, origin: .corpusImport(mode: currentCorpusImportJob.importMode))
1009│ currentCorpusImportJob.notifyImportOutcome(result, fixupAttempts: fixupAttempts)
8 0x00005b905aa86d49 thunk for @escaping @callee_guaranteed () -> () + 24 in FuzzilliCli
...
Backtrace took 9.15s
[CABB79DF:JavaScriptLifter] WasmLifting failed with error invalidInput, current failure count: 3 (failure rate: 0.00384%)
Fuzzilli/TypeSystem.swift:745: Fatal error: .wasmFunctionDef([.wasmf64, .wasmi32, .wasmRef(.Abstract(null WasmAny)), .wasmRef(.Abstract(null WasmAny)), .wasmi32, .wasmRef(.Abstract(null WasmAny))] => []) is not a Wasm signature type defintion
💣 Program crashed: Illegal instruction at 0x000075fb452e2628
Platform: x86_64 Linux (Ubuntu 24.04.4 LTS)
Thread 16 crashed:
0 0x000075fb452e2628 assertionFailure(:_:file:line🎏) + 264 in libswiftCore.so
1 ILType.wasmFunctionSignatureDefSignature.getter + 278 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/FuzzIL/TypeSystem.swift:745:13
743│ let desc = (wasmType as? WasmTypeDefinition)?.description
744│ guard let desc = desc as? WasmSignatureTypeDescription else {
745│ fatalError("(self) is not a Wasm signature type defintion")
│ ▲
746│ }
747│ return desc.signature
2 JSTyper.analyze(_:) + 13839 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/FuzzIL/JSTyper.swift:837:66
835│ let fct = instr.input(i)
836│ let definingInstruction = defUseAnalyzer.definition(of: fct)
837│ let signature = type(of: instr.input(i + 1)).wasmFunctionSignatureDefSignature
│ ▲
838│ // TODO(cffsmith): Once we change the way we track signatures, we should also store the JS Signature here if we have one. The table might contain JS functions but we lose that signature in the entries. Which is why we convert back into JS Signatures here.
839│ let jsSignature = ProgramBuilder.convertWasmSignatureToJsSignature(signature)
3 JavaScriptLifter.lift(_:withOptions:) + 3145 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Lifting/JavaScriptLifter.swift:198:20
196│
197│ // Collect type information that we might pass to the WasmLifter.
198│ typer?.analyze(instr)
│ ▲
199│
200│ // Singular operation handling:
4 Fuzzer.execute(_:withTimeout:purpose:) + 115 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:754:29
752│ assert(runner.isInitialized)
753│
754│ let script = lifter.lift(program)
│ ▲
755│
756│ dispatchEvent(events.PreExecute, data: (program, purpose))
5 Fuzzer.importProgram(_:origin:enableDropout:) + 253 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:498:25
496│ }
497│
498│ let execution = execute(program, purpose: .programImport)
│ ▲
499│
500│ var wasImported = false
6 Fuzzer.importProgramWithFixup(_:origin:) + 66 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:628:22
626│ ) {
627│ var program = originalProgram
628│ var result = importProgram(program, origin: origin)
│ ▲
629│
630│ // Only attempt fixup if the program failed to execute successfully. In particular, ignore timeouts and
7 Fuzzer.fuzzOne() + 911 in FuzzilliCli at /home/turnerhackz1/Desktop/fuzzilli-main05/Sources/Fuzzilli/Fuzzer.swift:1007:43
1005│ }
1006│
1007│ let (result, fixupAttempts) = importProgramWithFixup(
│ ▲
1008│ program, origin: .corpusImport(mode: currentCorpusImportJob.importMode))
1009│ currentCorpusImportJob.notifyImportOutcome(result, fixupAttempts: fixupAttempts)
8 0x00005b905aa86d49 thunk for @escaping @callee_guaranteed () -> () + 24 in FuzzilliCli
...
Backtrace took 9.15s