Reproduces on TOT as follows:

out.gn/x64.debug/v8_simple_wasm_asmjs_fuzzer ~/Downloads/clusterfuzz-testcase-6500305819926528

Please triage.

ClusterFuzz has detected this issue as fixed in range 455109:455254.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6500305819926528

Fuzzer: libfuzzer_v8_wasm_asmjs_fuzzer
Job Type: libfuzzer_chrome_asan
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x000001a2fe08
Crash State:
  v8::internal::NumberToSize
  DetachArrayBuffer
  v8::internal::wasm::GrowWebAssemblyMemory
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=449266:449285
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan&range=455109:455254

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94_WNrfZlT03x6gLuHc19nYOSqYSyepqS5NCiYi7ffs0iaVgOaiFuHjsgxgf8lp6WzmHUS8s2XxbAXdq0fbPdxvUNKsD8pgaYfzraSR9lhQoqw4XTEUuzAx6YTELHPEpzVXBz512l-adR9Tp09CnGTdFPmyLbFPqm7kkx1dsG3eIeVH4aFkHpQGPnAVaaWdhN1WE_2zFPGPUlq421TRt_vMW-H4VV0X2XAzO8adoDMBBgCWXKV_TePRoPQgg6rNvKkbigOJ8ljf22OygBszVAqx-NLDa3l-YH5w7uyScocZ7Lpe2hVf64QeKMDfM-4G3ioQuLjTYEqg4oPiwQjm4uzVdjezW2RQfFr29XhuV_LGLvxRINpfQerWcu5ly2VuWHGXNgH6rUcvn17L2rDYuD3RtAaVqg?testcase_id=6500305819926528


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6500305819926528 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.