ishell @ could you please look into this.please feel free to re-assigned back if needed. thanks in advance !

Bisection points to https://codereview.chromium.org/2423883003.

Reproduces on ToT:

out/x64.debug/v8_simple_wasm_code_fuzzer fuzz-0-v8_wasm_code_fuzzer

Deleted: fuzz-0-v8_wasm_code_fuzzer 21 bytes

fuzz-0-v8_wasm_code_fuzzer 21 bytes View Download

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The problem here is that with this input a NaN with non-deterministic sign bit is produced (+ with the interpreter, - with the compiled code). The CopySign instruction then takes the sign bit of the NaN and eventually the WebAssembly program produces different outputs. I guess the solution has to be to mark the input as non-deterministic in the interpreter (see the possible_nondeterminism flag there) so that the result of the interpreter is not compared with the result of the compiled code.
See https://docs.google.com/a/chromium.org/document/d/1yMe4RYZUArf_oELSioA6zWH7OkfAuP77MLOQl4wH3H0/edit?usp=sharing on how to debug WebAssembly fuzzer test cases.

Yes, the solution sounds OK to me.

ClusterFuzz has detected this issue as fixed in range 443821:443836.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6645170516000768

Fuzzer: afl_v8_wasm_code_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x00000233bba1
Crash State:
  NULL
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=427847:428110
Fixed: https://cluster-fuzz.appspot.com/revisions?job=afl_chrome_asan&range=443821:443836

Minimized Testcase (0.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97VelGR3d6Kl19ES2rhQMx2qEPo1woHa1wJm5DR1QkpyC5cy4qQgl4ysO5vz_P58L4ByDxEKiyOz2LFnvcdReBuSH12qRxI92e8Q2J6O45CVm4l-dj0qPmoWcH5nCCNrkOKtAMntglxoAHeVHRm_zCXZTAUPw?testcase_id=6645170516000768

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6645170516000768 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 446938:453069.

Detailed report: https://clusterfuzz.com/testcase?key=6645170516000768

Fuzzer: afl_v8_wasm_code_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  WasmCodeFuzzerHash=15323c3a in wasm-code.cc
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=427453:428167
Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=446938:453069

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6645170516000768

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.