Toon, could this be caused by https://chromium.googlesource.com/v8/v8/+log/c7715c2fbee025f69acc539f8620b7d423d5c3e8..813f231896dcd11e96acfa74fc5a6f62b1b500a9
?

Possibly a dupe of  issue 622664 ?

Tentatively assigning impact on tip of tree.

This issue is a security regression. If you are not able to fix this quickly, please revert the change that introduced it.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 37253:37254.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4870397308960768

Fuzzer: decoder_langfuzz
Job Type: linux_asan_d8_ignition_dbg
Platform Id: linux

Crash Type: Stack-use-after-return READ 8
Crash Address: 0x7f9e761cf110
Crash State:
  v8::internal::HandleBase::IsDereferenceAllowed
  v8::internal::__RT_impl_Runtime_KeyedGetProperty
  v8::internal::Runtime_KeyedGetProperty
  
Regressed: V8: r37179:37180
Fixed: V8: r37253:37254

Minimized Testcase (7.31 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94upMsumr2c9IVWqUN03RUfcjOV5CbM6_Oi93eb57d497KsOTaKnSoYrVmvY4_0srQinNwdo9ak84QlwVnmuHl5VJBi0B7TraTFQq1cSZAlVPe2_QsDoeDPez2p-l1hCrNRie6omXwwIfI9kiLeXX7EAbYxRA?testcase_id=4870397308960768

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot