Fuzzer crash on first run with many fuzzing tests

[NicoElbers]

Zig Version

0.15.0-dev.382+6a7ca4b8b

Steps to Reproduce and Observed Behavior

do zig init

modify src/main.zig to be:

pub fn main() !void {}

test "fuzz example1" {
    const Context = struct {
        fn testOne(context: @This(), input: []const u8) anyerror!void {
            _ = context;
            // Try passing `--fuzz` to `zig build test` and see if it manages to fail this test case!
            try std.testing.expect(!std.mem.eql(u8, to_find, input));
        }
    };
    try std.testing.fuzz(Context{}, Context.testOne, .{});
}
test "fuzz example2" {
    const Context = struct {
        fn testOne(context: @This(), input: []const u8) anyerror!void {
            _ = context;
            // Try passing `--fuzz` to `zig build test` and see if it manages to fail this test case!
            try std.testing.expect(!std.mem.eql(u8, to_find, input));
        }
    };
    try std.testing.fuzz(Context{}, Context.testOne, .{});
}
test "fuzz example3" {
    const Context = struct {
        fn testOne(context: @This(), input: []const u8) anyerror!void {
            _ = context;
            // Try passing `--fuzz` to `zig build test` and see if it manages to fail this test case!
            try std.testing.expect(!std.mem.eql(u8, to_find, input));
        }
    };
    try std.testing.fuzz(Context{}, Context.testOne, .{});
}
test "fuzz example4" {
    const Context = struct {
        fn testOne(context: @This(), input: []const u8) anyerror!void {
            _ = context;
            // Try passing `--fuzz` to `zig build test` and see if it manages to fail this test case!
            try std.testing.expect(!std.mem.eql(u8, to_find, input));
        }
    };
    try std.testing.fuzz(Context{}, Context.testOne, .{});
}
test "fuzz example5" {
    const Context = struct {
        fn testOne(context: @This(), input: []const u8) anyerror!void {
            _ = context;
            // Try passing `--fuzz` to `zig build test` and see if it manages to fail this test case!
            try std.testing.expect(!std.mem.eql(u8, to_find, input));
        }
    };
    try std.testing.fuzz(Context{}, Context.testOne, .{});
}
test "fuzz example6" {
    const Context = struct {
        fn testOne(context: @This(), input: []const u8) anyerror!void {
            _ = context;
            // Try passing `--fuzz` to `zig build test` and see if it manages to fail this test case!
            try std.testing.expect(!std.mem.eql(u8, to_find, input));
        }
    };
    try std.testing.fuzz(Context{}, Context.testOne, .{});
}
test "fuzz example7" {
    const Context = struct {
        fn testOne(context: @This(), input: []const u8) anyerror!void {
            _ = context;
            // Try passing `--fuzz` to `zig build test` and see if it manages to fail this test case!
            try std.testing.expect(!std.mem.eql(u8, to_find, input));
        }
    };
    try std.testing.fuzz(Context{}, Context.testOne, .{});
}

const std = @import("std");

// Some long string. Interestingly `"abcdef" ** 10` did not repro this bug.
const to_find = "asdfasd;fkja;sdklfjasdf asd fasdfa;sd as asdfa d erjjwhasdnfasd fasd fljkhasd;fas;df asdf asd fas dfasd fas dfa sdf asdf asdfhalsjkdhflkajshdfl jasd flas dflkjahs dlkjfhas dfals dfljah sdlfkjha sldjkfh alsdjkfh laksjdh fklajsdh flkjahs dlfkjah sdlkfjh asldjkfh alsjkdh l";

run zig build test --fuzz

Observe:

...
Segmentation fault at address 0x0
/nix/store/r2nhic5aza37vcq5x332nam503y28fnq-zig-0.15.0-dev.382+6a7ca4b8b/lib/fuzzer.zig:589:35: 0x1194190 in start (fuzzer)
        @memcpy(l.items[old_len..][0..items.len], items);
                                  ^
/nix/store/r2nhic5aza37vcq5x332nam503y28fnq-zig-0.15.0-dev.382+6a7ca4b8b/lib/fuzzer.zig:460:17: 0x119684f in fuzzer_start (fuzzer)
    fuzzer.start() catch |err| oom(err);
                ^
/nix/store/r2nhic5aza37vcq5x332nam503y28fnq-zig-0.15.0-dev.382+6a7ca4b8b/lib/compiler/test_runner.zig:414:21: 0x105fcc8 in fuzz__anon_435 (test)
        fuzzer_start(&global.fuzzer_one);
                    ^
/nix/store/r2nhic5aza37vcq5x332nam503y28fnq-zig-0.15.0-dev.382+6a7ca4b8b/lib/std/testing.zig:1176:32: 0x105fb34 in test.fuzz example1 (test)
    return @import("root").fuzz(context, testOne, options);
                               ^
/nix/store/r2nhic5aza37vcq5x332nam503y28fnq-zig-0.15.0-dev.382+6a7ca4b8b/lib/compiler/test_runner.zig:159:29: 0x114d55b in mainServer (test)
                test_fn.func() catch |err| switch (err) {
                            ^
/nix/store/r2nhic5aza37vcq5x332nam503y28fnq-zig-0.15.0-dev.382+6a7ca4b8b/lib/compiler/test_runner.zig:60:26: 0x1146c95 in main (test)
        return mainServer() catch @panic("internal test runner failure");
                         ^
/nix/store/r2nhic5aza37vcq5x332nam503y28fnq-zig-0.15.0-dev.382+6a7ca4b8b/lib/std/start.zig:662:22: 0x1145e10 in posixCallMainAndExit (test)
            root.main();
                     ^
/nix/store/r2nhic5aza37vcq5x332nam503y28fnq-zig-0.15.0-dev.382+6a7ca4b8b/lib/std/start.zig:282:5: 0x11459dd in _start (test)
    asm volatile (switch (native_arch) {
    ^
???:?:?: 0x0 in ??? (???)
error: the following command terminated unexpectedly:
/tmp/huh/.zig-cache/o/990eaf467b0343a37d3be58898e2faeb/test --seed=0x4908bb1c --cache-dir=/tmp/huh/.zig-cache --listen=-
error: the following command terminated unexpectedly:
/tmp/huh/.zig-cache/o/990eaf467b0343a37d3be58898e2faeb/test --seed=0x4908bb1c --cache-dir=/tmp/huh/.zig-cache --listen=-
error: the following command terminated unexpectedly:
/tmp/huh/.zig-cache/o/990eaf467b0343a37d3be58898e2faeb/test --seed=0x4908bb1c --cache-dir=/tmp/huh/.zig-cache --listen=-
error: the following command terminated unexpectedly:
/tmp/huh/.zig-cache/o/990eaf467b0343a37d3be58898e2faeb/test --seed=0x4908bb1c --cache-dir=/tmp/huh/.zig-cache --listen=-
error: the following command terminated unexpectedly:
/tmp/huh/.zig-cache/o/990eaf467b0343a37d3be58898e2faeb/test --seed=0x4908bb1c --cache-dir=/tmp/huh/.zig-cache --listen=-
error: the following command terminated unexpectedly:
/tmp/huh/.zig-cache/o/990eaf467b0343a37d3be58898e2faeb/test --seed=0x4908bb1c --cache-dir=/tmp/huh/.zig-cache --listen=-
error: the following command terminated unexpectedly:
/tmp/huh/.zig-cache/o/990eaf467b0343a37d3be58898e2faeb/test --seed=0x4908bb1c --cache-dir=/tmp/huh/.zig-cache --listen=-
error: all fuzz workers crashed

To reproduce again, remove cache.

Expected Behavior

No segfault

[ivanstepanovftw]

Details

(.venv) ➜  imdu git:(main) ✗ mkdir hueta
(.venv) ➜  imdu git:(main) ✗ cd hueta
(.venv) ➜  hueta git:(main) ✗ ~/.night.zig/latest/zig init -s
info: created build.zig
info: created build.zig.zon
info: created src/main.zig
info: created src/root.zig
info: see `zig build --help` for a menu of options
(.venv) ➜  hueta git:(main) ✗ ~/.night.zig/latest/zig build test --fuzz
info: web interface listening at http://127.0.0.1:37683/
info: hint: pass --port 37683 to use this same port next time
thread 78583 panic: start index 1 is larger than end index 0
/home/i/.night.zig/zig-x86_64-linux-0.15.0-dev.1160+e43617e68/lib/std/Build/Fuzz/WebServer.zig:685:17: 0x13d900f in addEntryPoint (std.zig)
        for (pcs[1..], 1..) |elem_addr, i| {
                ^
/home/i/.night.zig/zig-x86_64-linux-0.15.0-dev.1160+e43617e68/lib/std/Build/Fuzz/WebServer.zig:566:56: 0x134d3ad in coverageRun (std.zig)
            .entry_point => |entry_point| addEntryPoint(ws, entry_point.coverage_id, entry_point.addr) catch |err| switch (err) {
                                                       ^
/home/i/.night.zig/zig-x86_64-linux-0.15.0-dev.1160+e43617e68/lib/std/Thread.zig:510:13: 0x12ca892 in callFn__anon_74448 (std.zig)
            @call(.auto, f, args);
            ^
/home/i/.night.zig/zig-x86_64-linux-0.15.0-dev.1160+e43617e68/lib/std/Thread.zig:1391:30: 0x1265cc5 in entryFn (std.zig)
                return callFn(f, self.fn_args);
                             ^
/home/i/.night.zig/zig-x86_64-linux-0.15.0-dev.1160+e43617e68/lib/std/os/linux/x86_64.zig:119:5: 0x122c141 in clone (std.zig)
    asm volatile (
    ^
???:?:?: 0x0 in ??? (???)
test
└─ run test failure
Segmentation fault at address 0x0
/home/i/.night.zig/zig-x86_64-linux-0.15.0-dev.1160+e43617e68/lib/fuzzer.zig:607:35: 0x11e60f0 in start (fuzzer)
        @memcpy(l.items[old_len..][0..items.len], items);
                                  ^
/home/i/.night.zig/zig-x86_64-linux-0.15.0-dev.1160+e43617e68/lib/fuzzer.zig:463:17: 0x11e87ff in fuzzer_start (fuzzer)
    fuzzer.start() catch |err| oom(err);
                ^
/home/i/.night.zig/zig-x86_64-linux-0.15.0-dev.1160+e43617e68/lib/compiler/test_runner.zig:417:21: 0x1147eda in fuzz__anon_21302 (test_runner.zig)
        fuzzer_start(&global.fuzzer_one);
                    ^
/home/i/.night.zig/zig-x86_64-linux-0.15.0-dev.1160+e43617e68/lib/std/testing.zig:1207:32: 0x1147bf3 in test.fuzz example (main.zig)
    return @import("root").fuzz(context, testOne, options);
                               ^
/home/i/.night.zig/zig-x86_64-linux-0.15.0-dev.1160+e43617e68/lib/compiler/test_runner.zig:161:29: 0x117842a in mainServer (test_runner.zig)
                test_fn.func() catch |err| switch (err) {
                            ^
/home/i/.night.zig/zig-x86_64-linux-0.15.0-dev.1160+e43617e68/lib/compiler/test_runner.zig:62:26: 0x1179955 in main (test_runner.zig)
        return mainServer() catch @panic("internal test runner failure");
                         ^
/home/i/.night.zig/zig-x86_64-linux-0.15.0-dev.1160+e43617e68/lib/std/start.zig:668:22: 0x1171fc2 in posixCallMainAndExit (std.zig)
            root.main();
                     ^
/home/i/.night.zig/zig-x86_64-linux-0.15.0-dev.1160+e43617e68/lib/std/start.zig:282:5: 0x117185c in _start (std.zig)
    asm volatile (switch (native_arch) {
    ^
???:?:?: 0x0 in ??? (???)error: the following build command crashed:
.zig-cache/o/4c6c5b60ddf4bdfbe05896c1682eb7a7/build /home/i/.night.zig/zig-x86_64-linux-0.15.0-dev.1160+e43617e68/zig /home/i/.night.zig/zig-x86_64-linux-0.15.0-dev.1160+e43617e68/lib /home/i/p/imdu/hueta .zig-cache /home/i/.cache/zig --seed 0x6a631b78 -Z0217db33338b28b8 test --fuzz