Detailed report: https://clusterfuzz.com/testcase?key=6468254943150080

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  Unknown or unimplemented opcode #204:f64.mod in wasm-interpreter.cc
  v8::internal::wasm::ThreadImpl::Execute
  v8::internal::wasm::ThreadImpl::Run
  
Sanitizer: address (ASAN)

Regressed: V8: 43772:43773

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6468254943150080


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

The --wasm-interpret-all flag also tries to interpret asm.js modules, but the interpreter does not implement all asm.js specific opcodes.
Lowering priority, since --wasm-interpret-all needs to be enabled explicitly to trigger this crash.

Fix in preparation.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/a68b75d05929b159ae8bbcdfecdcc3f32404a7da

commit a68b75d05929b159ae8bbcdfecdcc3f32404a7da
Author: Clemens Hammacher <clemensh@chromium.org>
Date: Wed May 17 09:38:06 2017

[wasm] Don't try to interpret asm.js modules

The interpreter does not implement all asm.js specific opcodes. Thus
the combination of --validate-asm and --wasm-interpret-all might crash.
The interpreter does not need to execute asm.js  modules, as they are
debugged by executing them in turbofan instead of the wasm interpreter.
This CL thus excludes asm.js modules from --wasm-interpret-all.

R=ahaas@chromium.org
BUG= chromium:719175 

Change-Id: I14228ea11ee3ea8a229cfa6e4179338a442b6cca
Reviewed-on: https://chromium-review.googlesource.com/506160
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#45364}
[modify] https://crrev.com/a68b75d05929b159ae8bbcdfecdcc3f32404a7da/src/wasm/wasm-module.cc
[add] https://crrev.com/a68b75d05929b159ae8bbcdfecdcc3f32404a7da/test/mjsunit/regress/wasm/regression-719175.js

ClusterFuzz has detected this issue as fixed in range 45363:45364.

Detailed report: https://clusterfuzz.com/testcase?key=6468254943150080

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  Unknown or unimplemented opcode #204:f64.mod in wasm-interpreter.cc
  v8::internal::wasm::ThreadImpl::Execute
  v8::internal::wasm::ThreadImpl::Run
  
Sanitizer: address (ASAN)

Regressed: V8: 43772:43773
Fixed: V8: 45363:45364

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6468254943150080


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 472684:472755.

Detailed report: https://clusterfuzz.com/testcase?key=6338620784115712

Fuzzer: mbarbella_js_mutation
Job Type: linux_cfi_d8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  Unknown or unimplemented opcode #204:f64.mod in wasm-interpreter.cc
  
Sanitizer: cfi (CFI)

Regressed: https://clusterfuzz.com/revisions?job=linux_cfi_d8&range=456721:456818
Fixed: https://clusterfuzz.com/revisions?job=linux_cfi_d8&range=472684:472755

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6338620784115712


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.