Fatal crash in `ProgramBuilder.WasmFunction.generateRandomWasmVar` – missing type definition link for .wasmRef(null Index 4 Struct[...])

[saqibwahab026-sys]

Crash Summary
Fuzzilli hit a fatal Swift error during Wasm code generation and crashed with an "Illegal instruction".

Fatal Error:

Fuzzilli/JSTyper.swift:498: Fatal error: missing type definition link for type .wasmRef(null Index 4 Struct[immutable .wasmRef(.Abstract(null WasmNoFunc))]), desc UnownedWasmTypeDescription(description: Optional(4 Struct[immutable .wasmRef(.Abstract(null WasmNoFunc))]))

Platform: x86_64 Linux (Ubuntu 22.04.5 LTS)

Pre-crash Warnings

Several Wasm-related and private property generators have extremely low success rates:

• PrivatePropertyRetrievalGenerator: 0.15% (1306 invocations)
• PrivatePropertyAssignmentGenerator: 0.00% (994 invocations)
• PrivatePropertyUpdateGenerator: 0.23% (1281 invocations)
• PrivateMethodCallGenerator: 8.47% (248 invocations)
• WasmReturnCallDirectGenerator: 0.33% (2743 invocations)
• WasmReturnCallIndirectGenerator: 2.27% (661 invocations)

Stack Trace (key frames)

Thread 54 crashed:
  0  _assertionFailure in libswiftCore.so
  1  ProgramBuilder.WasmFunction.generateRandomWasmVar(ofType:) + 1041
     → ProgramBuilder.swift:5103
       return self.wasmRefNull(typeDef: b.jsTyper.getWasmTypeDef(for: type))

  2  ProgramBuilder.WasmFunction.findOrGenerateWasmVar(ofType:)
  3  WasmCodeGenerators (struct field initialization)
     → WasmCodeGenerators.swift:241
  4  GeneratorAdapter1Arg → GeneratorStub → ProgramBuilder.run / complete
  5  CodeGenMutator.mutate → BaseInstructionMutator → MutationEngine.fuzzOne

Hardware

Proxmox PVE Ubuntu 22.04 VM
58 cores
64 GB Ram
150gb nvme

Commit ID

cbade79

Command Used

swift run -c release FuzzilliCli --profile=v8Dumpling --jobs=60 --storagePath=/home/saqib/Desktop/dump --wasm --swarmTesting --forDifferentialFuzzing /home/{$USER}/Desktop/v8/out/fuzzbuild/d8