Assigning to the concern owner from Predator results --
The result is a list of CLs that change the crashed files. 

Author: Andreas Haas
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/a8424d592feff907c3f9a47310765c81321abe7b
Time: Wed May 17 12:02:49 2017
Lines 783-792, 1233 of file module-decoder.cc which potentially caused crash are changed in this cl (frame #3, "DecodeModule"; frame #4, "v8::internal::wasm::"). 

File wasm-module.cc is changed in this cl (and is part of stack frame #6, "v8::internal::wasm::SyncCompile"; frame #7, "v8::internal::wasm::SyncCompileAndInstantiate")
Minimum distance from crash line to modified line: 0. (file: module-decoder.cc, crashed on: 780, modified: 780).

@ahaas -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/b2133cd6155fd643add72641624240b1f42e70a3

commit b2133cd6155fd643add72641624240b1f42e70a3
Author: Andreas Haas <ahaas@chromium.org>
Date: Mon Jul 10 10:08:42 2017

[wasm] Handle invalid function index in the elements section correctly

An invalid I32V value as index could be used to get a valid
WasmFunction.

R=clemensh@chromium.org

Bug:  chromium:735887 
Change-Id: I5fbfa01fc3300d86a4a2ba9bcbb86fc02f231ef9
Reviewed-on: https://chromium-review.googlesource.com/561536
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46504}
[modify] https://crrev.com/b2133cd6155fd643add72641624240b1f42e70a3/src/wasm/module-decoder.cc
[modify] https://crrev.com/b2133cd6155fd643add72641624240b1f42e70a3/test/unittests/wasm/module-decoder-unittest.cc

This bug requires manual review: We are only 13 days from stable.
Please contact the milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), josafat@(ChromeOS), bustamante@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 485233:485271.

Detailed report: https://clusterfuzz.com/testcase?key=6580119127982080

Fuzzer: libFuzzer_v8_wasm_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  func != nullptr == ok() in module-decoder.cc
  v8::internal::wasm::ModuleDecoder::DecodeSection
  DecodeModule
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=472682:472738
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=485233:485271

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6580119127982080


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6580119127982080 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Approving merge to M60. 

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/3c37d3b3863dd6604b391687cf6fdeaba223ebec

commit 3c37d3b3863dd6604b391687cf6fdeaba223ebec
Author: Andreas Haas <ahaas@google.com>
Date: Wed Jul 12 08:30:48 2017

Merged: [wasm] Handle invalid function index in the elements section correctly

Revision: b2133cd6155fd643add72641624240b1f42e70a3

BUG= chromium:735887 
LOG=N
NOTRY=true
NOPRESUBMIT=true
NOTREECHECKS=true
R=clemensh@chromium.org

Change-Id: I3cb8cdd8c684b09df8abfb5f1e5d7effb487ab09
Reviewed-on: https://chromium-review.googlesource.com/567920
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/branch-heads/6.0@{#65}
Cr-Branched-From: 97dbf624a5eeffb3a8df36d24cdb2a883137385f-refs/heads/6.0.286@{#1}
Cr-Branched-From: 12e6f1cb5cd9616da7b9d4a7655c088778a6d415-refs/heads/master@{#45439}
[modify] https://crrev.com/3c37d3b3863dd6604b391687cf6fdeaba223ebec/src/wasm/module-decoder.cc
[modify] https://crrev.com/3c37d3b3863dd6604b391687cf6fdeaba223ebec/test/unittests/wasm/module-decoder-unittest.cc