Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically adding ccs based on suspected regression changelists:

[Liftoff] Implement i32.rol and i32.ror by clemensh@chromium.org - https://chromium.googlesource.com/v8/v8/+/6ce09628d65cc9a59bf506a7b30b97276c1dcd56

[Liftoff] Also disassemble code on the native heap by clemensh@chromium.org - https://chromium.googlesource.com/v8/v8/+/8cf7223fb15d41bb40de3acdb6fb358ca469cb41

If this is incorrect, please apply the Test-Predator-Wrong-CLs label.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Problem identified, CL on it's way: https://crrev.com/c/868022

Liftoff is off by default, so no security implications.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/cb903d803eba1c539e180037ecb642a650ebc219

commit cb903d803eba1c539e180037ecb642a650ebc219
Author: Clemens Hammacher <clemensh@chromium.org>
Date: Wed Jan 17 09:41:04 2018

[Liftoff] Fix registers spilling

The method {SpillAllRegisters} should really just spill registers, and
not also constants. Also, since more code is inlined into that method
now, we can optimize it to update register use counters only once in
the end, since no used register should be left after executing this
method.

R=titzer@chromium.org

Bug: v8:6600,  chromium:802244 
Change-Id: I737a1a87f8e912151062224952c4f5dffd43f802
Reviewed-on: https://chromium-review.googlesource.com/868022
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50644}
[modify] https://crrev.com/cb903d803eba1c539e180037ecb642a650ebc219/src/wasm/baseline/liftoff-assembler.cc
[modify] https://crrev.com/cb903d803eba1c539e180037ecb642a650ebc219/src/wasm/baseline/liftoff-assembler.h
[add] https://crrev.com/cb903d803eba1c539e180037ecb642a650ebc219/test/mjsunit/regress/wasm/regress-802244.js

ClusterFuzz has detected this issue as fixed in range 529739:529747.

Detailed report: https://clusterfuzz.com/testcase?key=6165942894854144

Fuzzer: libFuzzer_v8_wasm_code_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: DCHECK failure
Crash Address: 
Crash State:
  dst == src in liftoff-assembler.cc
  v8::internal::wasm::StackTransferRecipe::TransferStackSlot
  v8::internal::wasm::LiftoffAssembler::MergeStackWith
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=529156:529160
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_asan_debug&range=529739:529747

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6165942894854144

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6165942894854144 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.