Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from dev team to look in to this issue.

Thanks!

This is the known issue that our fuzzers eventually run out of memory. When I last tried to find the leak (which is technically not a leak, since LSan does not report it), I gave up after a few hours since I did not have the right tool(s) to track memory allocations of the whole process and see where the memory is going.

The problem is that we do not estimate the size of the stack of the interpreter correctly. The test case is a function which calls itself recursively until it causes a stack overflow. The function has a high number of locals, when I reduce the number of locals it does not run out of memory anymore.

Interestingly, we run out of memory in 40 runs, but not in 30 runs. This suggests that we are indeed quasi-leaking memory somewhere.
I will try to figure out where.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/2d7e221d400c4b2ba1862def0f1ce8fd83017651

commit 2d7e221d400c4b2ba1862def0f1ce8fd83017651
Author: Clemens Hammacher <clemensh@chromium.org>
Date: Wed Sep 12 15:10:36 2018

[wasm] Switch to phantom handles in interpreter

The interpreter stores a weak reference to the WasmInstance it belongs
to. Make this a phantom reference, so the GC can get rid of the
interpreter and its associated memory already on the first GC.

Drive-by: Some renamings/refactorings.

R=ahaas@chromium.org

Bug:  chromium:875647 
Change-Id: Ib49f6d8aa820b904f07fabe7df78ddf6df944264
Reviewed-on: https://chromium-review.googlesource.com/1221806
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55831}
[modify] https://crrev.com/2d7e221d400c4b2ba1862def0f1ce8fd83017651/src/wasm/wasm-interpreter.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/3f794f51c2d6ab3580e1fe7913f51a00046d4022

commit 3f794f51c2d6ab3580e1fe7913f51a00046d4022
Author: Clemens Hammacher <clemensh@chromium.org>
Date: Thu Sep 13 08:46:04 2018

[wasm] Remove instance finalizer

The instance finalizer does nothing useful any more. Freeing the native
allocations is already done in the destructor of the Managed.

R=titzer@chromium.org

Bug:  chromium:875647 
Change-Id: I154b9da74cf377c2803f66dc959edb4837c6b766
Reviewed-on: https://chromium-review.googlesource.com/1221215
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55849}
[modify] https://crrev.com/3f794f51c2d6ab3580e1fe7913f51a00046d4022/src/wasm/module-compiler.cc
[modify] https://crrev.com/3f794f51c2d6ab3580e1fe7913f51a00046d4022/src/wasm/wasm-objects.cc
[modify] https://crrev.com/3f794f51c2d6ab3580e1fe7913f51a00046d4022/src/wasm/wasm-objects.h

ClusterFuzz has detected this issue as fixed in range 591009:591017.

Detailed report: https://clusterfuzz.com/testcase?key=5675049085042688

Fuzzer: libFuzzer_v8_wasm_fuzzer
Job Type: libfuzzer_chrome_msan
Platform Id: linux

Crash Type: Out-of-memory (exceeds 2048 MB)
Crash Address: 
Crash State:
  v8_wasm_fuzzer
  
Sanitizer: memory (MSAN)

Regressed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=539090:539093
Fixed: https://clusterfuzz.com/revisions?job=libfuzzer_chrome_msan&range=591009:591017

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5675049085042688

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reference.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5675049085042688 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.