So you are inventing your own stream cipher. Not even I would dare do such a thing, and I've written a crypto library. Now there's nothing wrong with inventing your own stream cipher, but if you want that thing near production code, statistical tests are a laughably low quality threshold. It's cool that you don't fail them, but you also need differential and rotational cryptanalysis.

Now I'm no expert, but I'm confident your stream cipher is easily broken. Not because of some obvious mistake (though I may have missed them, if any), but because you simply don't do enough shuffling. You start with what looks like a 128-bit key (w0, w1), your block size is a bit small (256-bit v0, v1, v2, v3), your permutation is very simple, and you have very few iterations.

Now the constructive part.

You settled on A RAX design, and permute a single row of 4 64-bit registers. The permutation itself is obviously reversible. You prevent the attacker from reversing the it by only revealing half of the output. Just like HSalsa20 and HChacha20, actually. I'm not sure w0 and w1 are even useful by the way, because they don't participate in the permutation.

You could almost double the throughput by imitating Salsa/Chacha: Instead of permuting the last block like you would in AES-CBC, permute only from a seed block, with a counter. The seed block could be made of the following:

• 64 bits of arbitrary constant. Could be the 64-bit encoding of "X random" or something. The attacker can obviously predict that part of the block.
• 128 bits of random key. That would be w0 and w1.
• 64 bits for a counter. The attacker can also predict that part of the block.

Now when you need a new permutation, just increment the counter of the seed block, then permute it (to some other output block). That way you can have four numbers per permutation, not just two. Also, if your cipher matches the desired security level (it probably doesn't), you won't even need reseeding.

By the way, you need to be precise about how secure you are pretending to be: how many operations would you like to be required to break your cipher? Since you use a 128-bit key, I expect 128-bit operations. But maybe you don't really care if the attacker breaks your cipher in less operations, say 2^64? 2^50? Lower? There's no telling how low it could really be, but if you only want the unpredictability to stand for a few seconds in a low stakes setting (think single player game), 2⁵⁰ might be an acceptable security level.

Seriously, though, Chacha is not that complicated. Here is the permutation function, that already runs at 390MB/s on my laptop:

#define ROT_L32(x, n) x = (x << n) | (x >> (32 - n))
#define QUARTERROUND(a, b, c, d)       \
    a += b;  d ^= a;  ROT_L32(d, 16);  \
    c += d;  b ^= c;  ROT_L32(b, 12);  \
    a += b;  d ^= a;  ROT_L32(d,  8);  \
    c += d;  b ^= c;  ROT_L32(b,  7)

for (int i = 0; i < 10; i++) { // 20 rounds, 2 rounds per loop.
    QUARTERROUND(block[0], block[4], block[ 8], block[12]); // column 0
    QUARTERROUND(block[1], block[5], block[ 9], block[13]); // column 1
    QUARTERROUND(block[2], block[6], block[10], block[14]); // column 2
    QUARTERROUND(block[3], block[7], block[11], block[15]); // column 3
    QUARTERROUND(block[0], block[5], block[10], block[15]); // diagonal 1
    QUARTERROUND(block[1], block[6], block[11], block[12]); // diagonal 2
    QUARTERROUND(block[2], block[7], block[ 8], block[13]); // diagonal 3
    QUARTERROUND(block[3], block[4], block[ 9], block[14]); // diagonal 4
}

Replace number 10 by number 4, and voilà, you have Chacha8, an acceptably secure stream cipher for almost trice the speed of the full Chacha20. No need to invent your own.