Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/db7bdf48297af25a7ebd55b09e604829be2f3213 (Revert "[platform] Remove {PageAllocator::kReadWriteExecute}.").

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

 Issue 808110  has been merged into this issue.

Reproduces nicely. But the suspected changelist is off (reproduces with the revision before as well). I'll run a local bisect.

Goes all the way back to ...

commit 633b70b126d6a6093a790f9177d41e260dbc241a (HEAD)
Author: jgruber <jgruber@chromium.org>
Date:   Thu Jan 18 11:27:08 2018 +0100

    [regexp] Initial go at a builtins fuzzer
    
    This fuzzer randomly generates calls to regexp builtins, runs each on
    the slow and fast path, and verifies that their result is the same.
    
    Change-Id: Ia91b0c8afcdaf64835a9bb7b9a470610fbb75fc8
    Reviewed-on: https://chromium-review.googlesource.com/833922
    Commit-Queue: Jakob Gruber <jgruber@chromium.org>
    Reviewed-by: Yang Guo <yangguo@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#50670}

Hmm, I thought there was an auto-cc set up for myself on regexp-builtin-fuzzer issues (https://crbug.com/807603). 

+inferno@, any ideas?

Fix in-flight: https://crrev.com/c/905667

My bad, i added for libFuzzer_v8_regexp_builtins_fuzzer, but forgot the afl one, now added you to afl_v8_regexp_builtins_fuzzer as well.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/945baa11ff0f8950178248d264024980f787fc08

commit 945baa11ff0f8950178248d264024980f787fc08
Author: jgruber <jgruber@chromium.org>
Date: Fri Feb 09 11:15:31 2018

[fuzzers] Ensure pattern is not interpreted as comment

Since we naively build the JS source code through concatenation,
we need to ensure the regexp literal does not end up being interpreted
as a multiline comment:

  const re = /*/;

Bug: v8:6741, chromium:808418 
Change-Id: Id52fbd2d62c14fc634d05fa1b0192ab86cc9e4fc
Reviewed-on: https://chromium-review.googlesource.com/905667
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51206}
[modify] https://crrev.com/945baa11ff0f8950178248d264024980f787fc08/test/fuzzer/regexp-builtins.cc

ClusterFuzz has detected this issue as fixed in range 535787:535810.

Detailed report: https://clusterfuzz.com/testcase?key=5358885389729792

Fuzzer: afl_v8_regexp_builtins_fuzzer
Job Type: afl_chrome_asan
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !ResultAreIdentical(args); RegExpBuiltinsFuzzerHash=5d3e752e in regexp-builtins.
  v8::internal::CompileRunAndVerify
  v8::internal::TestRegExpPrototypeTest
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=531461:531790
Fixed: https://clusterfuzz.com/revisions?job=afl_chrome_asan&range=535787:535810

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5358885389729792

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5358885389729792 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.