The CL in question was already reverted. Just FYI in case the repro helps investigation.

ClusterFuzz has detected this issue as fixed in range 36142:36143.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5340913852743680

Fuzzer: decoder_langfuzz
Job Type: linux_asan_d8_ignition_dbg
Platform Id: linux

Crash Type: Heap-use-after-free READ 8
Crash Address: 0x61500000cd80
Crash State:
  v8::internal::__RT_impl_Runtime_GenerateRandomNumbers
  v8::internal::Runtime_GenerateRandomNumbers
  v8::internal::Invoke
  
Recommended Security Severity: High

Regressed: V8: r36139:36140
Fixed: V8: r36142:36143

Minimized Testcase (8.34 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95Dw-KAhTg0bJAOh_WeLp8qdF6wERw2b_01d7afmDfFxem0GhSDaHt2O5jqiS2sB6vPLkfZvIuRIJ2otVj7AvvEc2CGzg8CHXwpKqt051VU2tu9VLV5lTICCMFWeTFYiG86CyTQeIQ4hsvyQKx1l43pGwaOLg

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Is the feature being tested by this build enabled by default? I'm trying to figure out which milestones, if any, would be affected.

I'm assuming ignition isn't enabled anywhere yet, so setting Security_Impact-None. Please correct me if I'm wrong about this.

The CL has been reverted on the same day. The only reason this was open is to have another test to check against.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot