Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/ba5409a6fd1f9e6a95b740e2eb28bdaf57ed3747 ([wasm] Make multi-return tests wasm-specific).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

*** Bulk Edit ***
M67 Stable promotion is coming soon. Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and request a merge into the release branch ASAP. 

If fix is already merged to M67 and nothing else is pending, pls mark the bug as fixed. Thank you.

This fuzzer tests a feature which is at the moment turned off by default. This is not a release blocker.

Kicking down the road ...

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/a2a3817594a2652980c9b1eec094d8c0896c990e

commit a2a3817594a2652980c9b1eec094d8c0896c990e
Author: Andreas Haas <ahaas@chromium.org>
Date: Thu Jul 26 11:04:04 2018

[wasm][multi-return][arm64] Pad parameter slots

Stack parameters on arm64 require padding. Since the stack areas for
parameters and returns should not overlap, we have to pad the parameters
already during the construction of the CallDescriptor so that we can set
the correct stack offset for returns.

R=mstarzinger@chromium.org

Bug:  chromium:838098 
Change-Id: I23389dc35037054b750e61ea6b1bfdfc4c5bc868
Reviewed-on: https://chromium-review.googlesource.com/1150178
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54716}
[modify] https://crrev.com/a2a3817594a2652980c9b1eec094d8c0896c990e/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/a2a3817594a2652980c9b1eec094d8c0896c990e/test/cctest/compiler/test-multiple-return.cc
[modify] https://crrev.com/a2a3817594a2652980c9b1eec094d8c0896c990e/test/fuzzer/multi-return.cc

ClusterFuzz testcase 6558253044203520 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 578357:578370.

Detailed report: https://clusterfuzz.com/testcase?key=5350708854128640

Fuzzer: libFuzzer_v8_multi_return_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Use-of-uninitialized-value
Crash Address: 
Crash State:
  v8::internal::Simulator::FPRoundInt
  v8::internal::Simulator::FPToInt32
  v8::internal::Simulator::VisitFPIntegerConvert
  
Sanitizer: memory (MSAN)

Recommended Security Severity: Medium

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=544717:544729
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=578357:578370

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5350708854128640

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot