Automatically adding ccs based on suspected regression changelists:

Reland^2 "Added External Strings to external memory accounting". by rfbpb@google.com - https://chromium.googlesource.com/v8/v8/+/82632ed5e47e08036365cb568ed3f9db79a567d1

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label.

Tentatively assigning to mlippautz since the CL author isn't a project member.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This is a regression in a verifier that checks a path that is not yet fully enabled on ToT. The check just makes sure that counters are in a consistent state.

The object model is not affected by this.

Sounds good, removing the rest of the security labels in that case.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/0640fd58dd848471264960f2e952f5c82e0e9202

commit 0640fd58dd848471264960f2e952f5c82e0e9202
Author: Rodrigo Bruno <rfbpb@google.com>
Date: Mon Jul 30 19:08:57 2018

[heap] Fix ThinString promotion counters.

From the promotion code point of view, a ThinString being forwarded to
an ExternalString is exactly the same as an actual ExternalString being
forwarded to its promoted copy. These changes provide a way to disambiguate
both scenarios since they are different for external memory accounting.

Bug:  chromium:867902 
Change-Id: I6fd56ee5e0f8900318466108273ab26e936eb439
Reviewed-on: https://chromium-review.googlesource.com/1152975
Commit-Queue: Rodrigo Bruno <rfbpb@google.com>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54790}
[modify] https://crrev.com/0640fd58dd848471264960f2e952f5c82e0e9202/src/heap/heap.cc
[modify] https://crrev.com/0640fd58dd848471264960f2e952f5c82e0e9202/src/heap/scavenger-inl.h
[modify] https://crrev.com/0640fd58dd848471264960f2e952f5c82e0e9202/test/cctest/heap/test-external-string-tracker.cc

ClusterFuzz has detected this issue as fixed in range 54789:54790.

Detailed report: https://clusterfuzz.com/testcase?key=4595570392694784

Fuzzer: ochang_js_fuzzer
Job Type: linux_d8_dbg
Platform Id: linux

Crash Type: DCHECK failure
Crash Address: 
Crash State:
  external_backing_store_bytes_[type] >= amount in spaces.cc
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_d8_dbg&range=54711:54712
Fixed: https://clusterfuzz.com/revisions?job=linux_d8_dbg&range=54789:54790

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4595570392694784

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4595570392694784 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

 Issue 869312  has been merged into this issue.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.