Regression range points to be9b820c4405e3feb1bcc60f5bf257c574da76c9.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/94e8417bb451ab83404f340550f4a25dfae627b3

commit 94e8417bb451ab83404f340550f4a25dfae627b3
Author: rmcilroy <rmcilroy@chromium.org>
Date: Wed Nov 16 13:45:49 2016

[Turbofan] Fix missing break on AstGraphBuilder VisitCall.

Fixes a bug in ast-graph-builder added in r40965

BUG= chromium:665680 

Review-Url: https://codereview.chromium.org/2509643002
Cr-Commit-Position: refs/heads/master@{#41034}

[modify] https://crrev.com/94e8417bb451ab83404f340550f4a25dfae627b3/src/compiler/ast-graph-builder.cc
[add] https://crrev.com/94e8417bb451ab83404f340550f4a25dfae627b3/test/mjsunit/compiler/regress-665680.js

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/94e8417bb451ab83404f340550f4a25dfae627b3

commit 94e8417bb451ab83404f340550f4a25dfae627b3
Author: rmcilroy <rmcilroy@chromium.org>
Date: Wed Nov 16 13:45:49 2016

[Turbofan] Fix missing break on AstGraphBuilder VisitCall.

Fixes a bug in ast-graph-builder added in r40965

BUG= chromium:665680 

Review-Url: https://codereview.chromium.org/2509643002
Cr-Commit-Position: refs/heads/master@{#41034}

[modify] https://crrev.com/94e8417bb451ab83404f340550f4a25dfae627b3/src/compiler/ast-graph-builder.cc
[add] https://crrev.com/94e8417bb451ab83404f340550f4a25dfae627b3/test/mjsunit/compiler/regress-665680.js

ClusterFuzz has detected this issue as fixed in range 41033:41034.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5692740328488960

Fuzzer: decoder_langfuzz
Job Type: linux_asan_d8_ignition_dbg
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000000000c
Crash State:
  v8::internal::compiler::AstGraphBuilder::VisitCall
  v8::internal::compiler::AstGraphBuilderWithPositions::VisitCall
  v8::internal::compiler::AstGraphBuilder::VisitForEffect
  
Regressed: V8: r40964:40965
Fixed: V8: r41033:41034

Minimized Testcase (5.15 Kb): https://cluster-fuzz.appspot.com/download/AMIfv975LRtCQeE6ou1zeL3nSsgEyrbrL0nBWtnQp9PhJxvJneHCyPHB0EaouNJGe2tlKBruALZ8kqkbTRqG_0I44eVYxEx9A81F_ZM6am9AFepyjebRSdzy-Mi2sOsRz8pRuVy1orf6UnwvWUYNgbYsX6Jz8W9aMA?testcase_id=5692740328488960

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This needs merged into 5.6

[Automated comment] Commit may have occurred before M56 branch point (11/17/2016), needs manual review.

Hablich@ could you approve this for merge?

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

M56 Beta promotion is scheduled on Dec 6 & RC cut on Monday, Dec 5 @ 4.00 PM PST.
Please merge your change ASAP so that we could take it for next Release.

Now merged in V8's 5.6 branch.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/e8cc41c169ac724aff7b74d0e9603699de39a504

commit e8cc41c169ac724aff7b74d0e9603699de39a504
Author: Ross McIlroy <rmcilroy@chromium.org>
Date: Mon Dec 05 18:49:46 2016

Merged: [Turbofan] Fix missing break on AstGraphBuilder VisitCall.

Revision: 94e8417bb451ab83404f340550f4a25dfae627b3

BUG= chromium:665680 
LOG=N
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=mstarzinger@chromium.org

Review URL: https://codereview.chromium.org/2550993003 .

Cr-Commit-Position: refs/branch-heads/5.6@{#36}
Cr-Branched-From: bdd3886218dfe76e8560eb8a18401942452ae859-refs/heads/5.6.326@{#1}
Cr-Branched-From: 879f6599eee6e1dfcbe9a24bf688b261c03e9558-refs/heads/master@{#41014}

[modify] https://crrev.com/e8cc41c169ac724aff7b74d0e9603699de39a504/src/compiler/ast-graph-builder.cc
[add] https://crrev.com/e8cc41c169ac724aff7b74d0e9603699de39a504/test/mjsunit/compiler/regress-665680.js