Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/0cd7468b86d0958fdc6ae1d7f69da1569e05b5f8 ([wasm] Always enable guard regions on 64-bit platforms).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

The test case that Clusterfuzz came up with just allocates memory and appends it to an array in a loop. There's really no other reasonable option here than running out of memory. Is there a way we can tell the fuzzer this is expected?

Usually we crash on OOM. If one of the two correctness-fuzzing runs crashes, it's disregarded. A bunch of situations where we don't crash, but expose differences between architectures are handled with the --abort_on_stack_or_string_length_overflow flag, which is passed for correctness fuzzing. Could you maybe insert an artificial "abort" in the situation you run into (behind this flag)?

ClusterFuzz has detected this issue as fixed in range 52333:52334.

Detailed report: https://clusterfuzz.com/testcase?key=4867123554549760

Fuzzer: foozzie_js_mutation
Job Type: v8_foozzie
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  configs: x64,ignition_turbo:ia32,ignition_turbo
  sources: 55f
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=52309:52310
Fixed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=52333:52334

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4867123554549760

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4867123554549760 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Guess a reland will let this buble up again and it still might require a different fix/suppression.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/e90a052ef3ffd3dd44c4a751d49564bb0aac7a7a

commit e90a052ef3ffd3dd44c4a751d49564bb0aac7a7a
Author: Eric Holk <eholk@chromium.org>
Date: Thu Apr 05 17:00:03 2018

[wasm] Crash on out of memory under correctness fuzzer

Bug:  chromium:828293 
Change-Id: I37002c308738eef1366d82a90b7b29d6e44d6c48
Reviewed-on: https://chromium-review.googlesource.com/996585
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52405}
[modify] https://crrev.com/e90a052ef3ffd3dd44c4a751d49564bb0aac7a7a/src/wasm/wasm-memory.cc