Reproduces on TOT:

  out/x64.debug/d8 --validate-asm ~/Downloads/FUZZ-0-1.JS

Reaching UNREACHABLE in AsmWasmBuilderImpl::VisitCallExpression, because call_type is CALL::GLOBAL_CALL.

Assigning to Brad.

Maybe this is related:
https://uberchromegw.corp.google.com/i/internal.client.v8/builders/v8_linux32_perf_2/builds/17241/steps/Compile-asm_wasm/logs/stdio

ClusterFuzz has detected this issue as fixed in range 441510:441524.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6440520953102336

Fuzzer: mbarbella_js_mutation
Job Type: windows_asan_d8
Platform Id: windows

Crash Type: Fatal error
Crash Address: 
Crash State:
  
  v8::internal::wasm::AsmWasmBuilderImpl::VisitCallExpression
  v8::internal::wasm::AsmWasmBuilderImpl::VisitForEffect
  v8::internal::wasm::AsmWasmBuilderImpl::VisitNoStackOverflowCheck
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=440953:440957
Fixed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=441510:441524

Minimized Testcase (0.14 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv953fk3F3KKeuymxukpflZvAQdjR63osXMbnDmWy4e_-_du4JRKa9ZG6l7WOnJRh0ySOr6_QkPyEu4gFHxMaRebywt1Rv_ChirjwSjjVT1RLjvOsN4nvUx7zMW-KjQPpZ_KacKbqO8JnwwnJmmPebBdKEg-IszRD1JNd8YiLUeSPh-FqEvbL1AhIZBNe0JbNuOMp6xQXeTJzww2sOi6Vi1jP71lptffHWfoq2inW66XABbZRb9Smx20ofs79Pso8xxJ8oVrZpEvQcrTbDRU6macbWFlXEJPlTUzhNENNb7_v92b7jB3dMWtG8dClqYm2zF1LdQbnVIyJ-cE29G5-LF4EgefO3Vf2fe_1yXi3VA35VytGxo0?testcase_id=6440520953102336
function __f_23(asmfunc) {
  var __v_27 = asmfunc();
}
function __f_38() {
  "use asm";
  function __f_43() {
    gc();
  }
}
__f_23(__f_38, {
});


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.