Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/5f56641b41ede6967cb1e2053df7bb338d55f275 (Reland "[wasm] Introduce jump table").

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

https://crrev.com/c/1127671

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/4174a68e84c51d6bdec78d05be938d69da4d8b18

commit 4174a68e84c51d6bdec78d05be938d69da4d8b18
Author: Clemens Hammacher <clemensh@chromium.org>
Date: Fri Jul 06 11:22:01 2018

[wasm] Fix importing exported function in interpreter

When calling an import which is an exported wasm function, the
interpreter needs to look through the jump table to find the
actual code object.
We already had that logic for indirect calls, but it was missing for
imported calls.

R=ahaas@chromium.org

Bug:  chromium:860392 
Change-Id: I6b5a0192f79c23cb1de55407fe93f6df9a17235a
Reviewed-on: https://chromium-review.googlesource.com/1127671
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54291}
[modify] https://crrev.com/4174a68e84c51d6bdec78d05be938d69da4d8b18/src/wasm/wasm-interpreter.cc
[modify] https://crrev.com/4174a68e84c51d6bdec78d05be938d69da4d8b18/test/mjsunit/wasm/interpreter.js

ClusterFuzz has detected this issue as fixed in range 54290:54291.

Detailed report: https://clusterfuzz.com/testcase?key=6739159914643456

Fuzzer: ochang_js_fuzzer
Job Type: linux_d8_dbg
Platform Id: linux

Crash Type: DCHECK failure
Crash Address: 
Crash State:
  pc == code->instruction_start() in wasm-code-manager.cc
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_d8_dbg&range=53828:53829
Fixed: https://clusterfuzz.com/revisions?job=linux_d8_dbg&range=54290:54291

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6739159914643456

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6739159914643456 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot