Crash caused by illegal instruction in wasm::handle_unreachable #2902
Comments
|
asm2wasm no longer exists. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Uh oh!
There was an error while loading. Please reload this page.
Found a crash which causes aborted (core dump) by running:
./asm2wasm @@
in binaryen-0c58de1
Crash can be found here: https://github.com/natalie13m/crashes/blob/master/binaryen-0c58de1/id:000437%2Csig:06%2Csrc:001585%2Cop:flip1%2Cpos:70
Address Sanitizer output:
unexpected asm type
UNREACHABLE executed at /home/natalie/Research/Bug/binaryen-0c58de1/binaryen-master/src/asm2wasm.h:2067!
#0 0x7f94d9c2702f in __sanitizer_print_stack_trace (/lib/x86_64-linux-gnu/libasan.so.5+0x11b02f)
#1 0x55ad3fe7cb17 in wasm::handle_unreachable(char const*, char const*, unsigned int) /home/natalie/Research/Bug/binaryen-0c58de1/binaryen-master/src/support/utilities.cpp:40
#2 0x55ad3ecbe282 in operator() /home/natalie/Research/Bug/binaryen-0c58de1/binaryen-master/src/asm2wasm.h:2067
#3 0x55ad3ecb0cfd in std::function<wasm::Expression* (cashew::Ref)>::operator()(cashew::Ref) const /usr/include/c++/9/bits/std_function.h:690
#4 0x55ad3ecb0cfd in operator() /home/natalie/Research/Bug/binaryen-0c58de1/binaryen-master/src/asm2wasm.h:2025
#5 0x55ad3ecb0cfd in std::function<wasm::Expression* (cashew::Ref)>::operator()(cashew::Ref) const /usr/include/c++/9/bits/std_function.h:690
#6 0x55ad3ecb0cfd in operator() /home/natalie/Research/Bug/binaryen-0c58de1/binaryen-master/src/asm2wasm.h:2025
#7 0x55ad3ecb0cfd in std::function<wasm::Expression* (cashew::Ref)>::operator()(cashew::Ref) const /usr/include/c++/9/bits/std_function.h:690
#8 0x55ad3ecb0cfd in operator() /home/natalie/Research/Bug/binaryen-0c58de1/binaryen-master/src/asm2wasm.h:2025
#9 0x55ad3ecb0cfd in std::function<wasm::Expression* (cashew::Ref)>::operator()(cashew::Ref) const /usr/include/c++/9/bits/std_function.h:690
#10 0x55ad3ecb0cfd in operator() /home/natalie/Research/Bug/binaryen-0c58de1/binaryen-master/src/asm2wasm.h:2025
#11 0x55ad3ecb0cfd in std::function<wasm::Expression* (cashew::Ref)>::operator()(cashew::Ref) const /usr/include/c++/9/bits/std_function.h:690
#12 0x55ad3ecb0cfd in operator() /home/natalie/Research/Bug/binaryen-0c58de1/binaryen-master/src/asm2wasm.h:2025
#13 0x55ad3ecabb46 in std::function<wasm::Expression* (cashew::Ref)>::operator()(cashew::Ref) const /usr/include/c++/9/bits/std_function.h:690
#14 0x55ad3ecabb46 in operator() /home/natalie/Research/Bug/binaryen-0c58de1/binaryen-master/src/asm2wasm.h:1979
#15 0x55ad3ecaba76 in std::function<wasm::Expression* (cashew::Ref)>::operator()(cashew::Ref) const /usr/include/c++/9/bits/std_function.h:690
#16 0x55ad3ecaba76 in operator() /home/natalie/Research/Bug/binaryen-0c58de1/binaryen-master/src/asm2wasm.h:1978
#17 0x55ad3ecaba76 in std::function<wasm::Expression* (cashew::Ref)>::operator()(cashew::Ref) const /usr/include/c++/9/bits/std_function.h:690
#18 0x55ad3ecaba76 in operator() /home/natalie/Research/Bug/binaryen-0c58de1/binaryen-master/src/asm2wasm.h:1978
#19 0x55ad3ec79ffc in std::function<wasm::Expression* (cashew::Ref)>::operator()(cashew::Ref) const /usr/include/c++/9/bits/std_function.h:690
#20 0x55ad3ec79ffc in operator() /home/natalie/Research/Bug/binaryen-0c58de1/binaryen-master/src/asm2wasm.h:3271
#21 0x55ad3ec79ffc in _M_invoke /usr/include/c++/9/bits/std_function.h:285
#22 0x55ad3ec93e0a in std::function<wasm::Expression* (cashew::Ref, unsigned int)>::operator()(cashew::Ref, unsigned int) const /usr/include/c++/9/bits/std_function.h:690
#23 0x55ad3ec93e0a in wasm::Asm2WasmBuilder::processFunction(cashew::Ref) /home/natalie/Research/Bug/binaryen-0c58de1/binaryen-master/src/asm2wasm.h:3281
#24 0x55ad3ec9f388 in wasm::Asm2WasmBuilder::processAsm(cashew::Ref) /home/natalie/Research/Bug/binaryen-0c58de1/binaryen-master/src/asm2wasm.h:1352
#25 0x55ad3ec5f47c in main /home/natalie/Research/Bug/binaryen-0c58de1/binaryen-master/src/tools/asm2wasm.cpp:250
#26 0x7f94d95c81e2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x271e2)
#27 0x55ad3ec6ad8d in _start (/home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm-asan+0x371d8d)
Illegal instruction (core dumped)
Crashwalk output:
(1 of 1) - Hash: 2f9a1aab83eca1142534912c25115222.6c47d8dfc597b88e98fb911293eb94d7
---CRASH SUMMARY---
Filename: crash/id:000437,sig:06,src:001585,op:flip1,pos:70
SHA1: 139de79e8a32049f39cdeed467add360c4d40c17
Classification: UNKNOWN
Hash: 2f9a1aab83eca1142534912c25115222.6c47d8dfc597b88e98fb911293eb94d7
Command: ./asm2wasm crash/id:000437,sig:06,src:001585,op:flip1,pos:70
Faulting Frame:
wasm::handle_unreachable @ 0x00005555566c0b0f: in /home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm
Disassembly:
0x00007ffff7a7d3da: xor edx,edx
0x00007ffff7a7d3dc: mov rsi,r9
0x00007ffff7a7d3df: mov edi,0x2
0x00007ffff7a7d3e4: mov eax,0xe
0x00007ffff7a7d3e9: syscall
=> 0x00007ffff7a7d3eb: mov rax,QWORD PTR [rsp+0x108]
0x00007ffff7a7d3f3: xor rax,QWORD PTR fs:0x28
0x00007ffff7a7d3fc: jne 0x7ffff7a7d424 <__GI_raise+260>
0x00007ffff7a7d3fe: mov eax,r8d
0x00007ffff7a7d401: add rsp,0x118
Stack Head (36 entries):
__GI_raise @ 0x00007ffff7a7d3eb: in (BL)
__GI_abort @ 0x00007ffff7a5c899: in (BL)
wasm::handle_unreachable @ 0x00005555566c0b0f: in /home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm
wasm::Asm2WasmBuilder::<l @ 0x00005555560c462d: in /home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm
std::_Function_handler<wa @ 0x00005555560d328c: in /home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm
std::function<wasm::Expre @ 0x00005555560fe129: in /home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm
wasm::Asm2WasmBuilder::<l @ 0x00005555560c40f6: in /home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm
std::_Function_handler<wa @ 0x00005555560d328c: in /home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm
std::function<wasm::Expre @ 0x00005555560fe129: in /home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm
wasm::Asm2WasmBuilder::<l @ 0x00005555560c40f6: in /home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm
std::_Function_handler<wa @ 0x00005555560d328c: in /home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm
std::function<wasm::Expre @ 0x00005555560fe129: in /home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm
wasm::Asm2WasmBuilder::<l @ 0x00005555560c40f6: in /home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm
std::_Function_handler<wa @ 0x00005555560d328c: in /home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm
std::function<wasm::Expre @ 0x00005555560fe129: in /home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm
wasm::Asm2WasmBuilder::<l @ 0x00005555560c40f6: in /home/natalie/Research/Bug/binaryen-0c58de1/asm2wasm
Registers:
rax=0x0000000000000000 rbx=0x00007ffff7a32780 rcx=0x00007ffff7a7d3eb rdx=0x0000000000000000
rsi=0x00007fffffff85a0 rdi=0x0000000000000002 rbp=0x00007fffffff8810 rsp=0x00007fffffff85a0
r8=0x0000000000000000 r9=0x00007fffffff85a0 r10=0x0000000000000008 r11=0x0000000000000246
r12=0x00007fffffffc760 r13=0x0000000000000000 r14=0x0000000000000000 r15=0x0000000000000000
rip=0x00007ffff7a7d3eb efl=0x0000000000000246 cs=0x0000000000000033 ss=0x000000000000002b
ds=0x0000000000000000 es=0x0000000000000000 fs=0x0000000000000000 gs=0x0000000000000000
Extra Data:
Description: Abort signal
Short description: AbortSignal (20/22)
Explanation: The target is stopped on a SIGABRT. SIGABRTs are often generated by libc and compiled check-code to indicate potentially exploitable conditions. Unfortunately this command does not yet further analyze these crashes.
---END SUMMARY---
The text was updated successfully, but these errors were encountered: