Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4870291699793920

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_mipsel_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  edge.to() == NodeProperties::GetControlInput(use) in src/compiler/scheduler.cc
  
Regressed: V8: r34586:34587

Minimized Testcase (0.27 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97dGcYoBTedA9pUTkhV4YkONaF1nyY-6_OiwlrDGgfiTTEXfGTickGB1yKygOsZbbFn_Urq1--Q3NcfEoec-W6g0TwMrUl2Qb6KGvsNEU7jArl6C5FjZZE3dr7O2dykPWyebur7X5KSdPisuZtDY0cCMlQCgg
(function __f_1() {
  function __f_0(){
    'use asm';
    function __f_2() {
      var __v_10 = 1, __v_9 = 0, __v_11 = 0;
      do {
__v_9 | 0 % 2 | 0;
      } while(0);
    }
    return { __f_2: __f_2 };
  }
  var __v_8 = Wasm.instantiateModuleFromAsm(__f_0.toString());
})();


Filer: hablich

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

ClusterFuzz has detected this issue as fixed in range 35244:35245.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4870291699793920

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_mipsel_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  edge.to() == NodeProperties::GetControlInput(use) in src/compiler/scheduler.cc
  
Regressed: V8: r34586:34587
Fixed: V8: r35244:35245

Minimized Testcase (0.27 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97dGcYoBTedA9pUTkhV4YkONaF1nyY-6_OiwlrDGgfiTTEXfGTickGB1yKygOsZbbFn_Urq1--Q3NcfEoec-W6g0TwMrUl2Qb6KGvsNEU7jArl6C5FjZZE3dr7O2dykPWyebur7X5KSdPisuZtDY0cCMlQCgg
(function __f_1() {
  function __f_0(){
    'use asm';
    function __f_2() {
      var __v_10 = 1, __v_9 = 0, __v_11 = 0;
      do {
__v_9 | 0 % 2 | 0;
      } while(0);
    }
    return { __f_2: __f_2 };
  }
  var __v_8 = Wasm.instantiateModuleFromAsm(__f_0.toString());
})();


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 35973:35974.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4651362050113536

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !v8::internal::FLAG_enable_slow_asserts || (static_cast<unsigned>(i) < static_ca
  
Regressed: V8: r34586:34587
Fixed: V8: r35973:35974

Minimized Testcase (0.10 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv96yrLA-TmIAsC2TzswErgq9Byays8LBqrYvFH1y5Q1aWezQBbbnSbh8CJEjL-38p05oKqEBCZkyYrBt5do6bJQRTb1oNBJt58_lNlWTS3V8oSSVIYsZu8vMpOzobDrBTpQafXMrdnSif-8GDwsOUsp4kyMuOQ
var __v_38 = "";
    __v_2 = __v_38;
    var module = Wasm.instantiateModuleFromAsm(__v_2);
( {
})();


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

 Issue 594500  has been merged into this issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot