Assigning it to V8 stability sheriff as i am unable to find the latest changes in the code search.

@jkummerov, can you please take a look at this issue ?

This is an OOM crash (as noted by the stack trace): just an array that grows forever. Nothing unexpected about this behavior (though I'm not sure what we're supposed to do about the fuzzer generating such a test case).

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4538583911759872

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00009f7537dd
Crash State:
  blink::reportFatalErrorInMainThread
  v8::Utils::ApiCheck
  v8::internal::V8::FatalProcessOutOfMemory
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=172836:173286

Minimized Testcase (0.14 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97JWZ_0-a4PvPYVNQnPMEFVEicWRylnN9ThtbM-nZGkepCgM5E4tWlrSBQrA95H6nFH5TWyJ6FBfa5XQB1IdLQCJOlO7x66UbGQUT-FPO1Akqj8fcs7AEzITlNOhZDPA0EpFQLOB-Tmq1BOwedbT8r6zUy3FQ
<script>
var __v_160 = 0;
    var array = [];
    for (var __v_145 = 0; __v_145 < 1000; ++__v_160)
        array.push(__v_145 + 0.5);
</script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot