Requires escape analysis in TurboFan, which isn't shipping. Dropping security labels.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5716196192419840

Fuzzer: mbarbella_js_mutation
Job Type: windows_asan_d8
Platform Id: windows

Crash Type: UNKNOWN READ
Crash Address: 0x00000033
Crash State:
  v8::internal::Map::GeneralizeAllFieldRepresentations
  v8::internal::TranslatedState::MaterializeAt
  v8::internal::TranslatedState::MaterializeAt
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=400189:400221

Minimized Testcase (1.38 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96i2fH7n7Y8JOM4Ji9echof1W0effVZ1-oFPJ6K9FRQxhYuBp9kxzX4eGivqPQobfvsW0NVwMiRDr-iwB-PaimFtOw0Ak1aocOCr8t83clSJwnxRUkA-JwvujXeKEeT3jvynsO71d5YHK3i-FuvApAa2nK4TQ?testcase_id=5716196192419840

Filer: mmohammad

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Didn't notice #1.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5716196192419840

Fuzzer: mbarbella_js_mutation
Job Type: windows_asan_d8
Platform Id: windows

Crash Type: UNKNOWN READ
Crash Address: 0x00000033
Crash State:
  v8::internal::Map::GeneralizeAllFieldRepresentations
  v8::internal::TranslatedState::MaterializeAt
  v8::internal::TranslatedState::MaterializeAt
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=400189:400221

Minimized Testcase (1.38 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96i2fH7n7Y8JOM4Ji9echof1W0effVZ1-oFPJ6K9FRQxhYuBp9kxzX4eGivqPQobfvsW0NVwMiRDr-iwB-PaimFtOw0Ak1aocOCr8t83clSJwnxRUkA-JwvujXeKEeT3jvynsO71d5YHK3i-FuvApAa2nK4TQ?testcase_id=5716196192419840

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 37367:37368.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5735247778152448

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x0001ffff8005
Crash State:
  v8::internal::Map::instance_descriptors
  v8::internal::Map::GeneralizeAllFieldRepresentations
  v8::internal::TranslatedState::MaterializeAt
  
Recommended Security Severity: Medium

Regressed: V8: r36435:36436
Fixed: V8: r37367:37368

Minimized Testcase (0.23 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv94Wy5zcfboadNoQnny5kyay27rquEHptVCyokKdZnlqpFai-xHst8onOaVQGOh5fmp9UEBQbSAeQ7_hpcrGhtt1n3MF0LqEDbjPKCVnGPTA3niVZW2jZYPfyWnd_snXiMH4JjQdag6ywBw4YvOyPZ0hFredJA?testcase_id=5735247778152448
"use strict";
try {
} catch(e) {; }
for (var __v_3 = 0; __v_3 < 1000000; __v_3++);
try {
if ("Intl" in this) {
  function __f_3() {
    return __f_3() + 1;
  }
Date.UTC();
}
__v_6 =
    {
      get source() {
      }
    }
} catch(e) {; }


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot