ClusterFuzz has detected this issue as fixed in range 34586:34587.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5537476300505088

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  index2 <= length in src/compiler/x64/code-generator-x64.cc
  
Regressed: V8: r34344:34345
Fixed: V8: r34586:34587

Minimized Testcase (0.32 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv954checBo1ReKzMtJ4vOH-F9q-7omPqHgi4v1FLSR9zHgJxs_swDUPKaypAs8_Z3xfDmxXge5WWEOup331xP1KUkavZ_1nzOXgWMCQ-_hFG6nVIAy3BXzIbXiAPbQ0PxPOfKyXtB8KEYbFJzNNEr2qsxs3_kA
function __f_92(stdlib, buffer) {
  "use asm";
  var __v_53 = new stdlib.Int32Array(buffer);
  function __f_72() {
    var __v_49 = 4;
    __v_53[0] = (__v_49 + 1) | 0;
  }
  return {__f_72: __f_72};
}
  var __v_24 = new ArrayBuffer(2147483648);
  var module = _WASMEXP_.instantiateModuleFromAsm( __f_92.toString(), null, __v_24);


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Looks like this issues is no longer reproduced. Please feel free to raise a new issue or reopen if still persists or reappears.

Thanks.!

This doesn't reproduce anymore because the API changed.

I tried the repro with _WASMEXP_ replaced with Wasm and it did not crash.
I believe I fixed this in:
https://codereview.chromium.org/1858323003/

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot