--turbo-escape

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5417302805970944

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  TypeError: node #97:CheckBounds(input @1 = HeapConstant:HeapConstant) type Const
  
Regressed: V8: r38391:38392

Minimized Testcase (13.28 Kb): https://cluster-fuzz.appspot.com/download/AMIfv941rphgYF2uZkj_Qa5rrDqJA46lyXlO5azgXsseX98et1lsZ8BYuM44FHs1Qcfj1vS0LKU7lUvl9fy0AoVBGsoCLjxuka2iWdWQIxlYYs_X_FphDDjmmIvEk4ydA7KmHasXf-HhdWpeD_cu8zUB0eveW9Ts7Q?testcase_id=5417302805970944

Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4679388434268160

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  TypeError: node #145:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons
  
Regressed: V8: r38391:38392

Minimized Testcase (2.37 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95BpwcU-Vk6y8aXdVDXlMw_uwg7EXuInMhBnKaDumJgzSbXt5w0gROz4WZvQEjwyU7_3KZFEWHgSHE_ZosVXGYrii88yCazM9f3K13_oxxnr5utJeufBw5hOijJquO9gKeoBshvEp1VJl1UXKpbq9aNCoz2tw?testcase_id=4679388434268160

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5159182737342464

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  TypeError: node #113:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons
  
Regressed: V8: r38165:38166

Minimized Testcase (1.91 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96tyPtOtqqnVY1jgvI_EzCMbMsNqlzT1-KXxmWtMPe0R-_H8CDd_N-_1lJA4BlsUg3t5MNHAo7gY6pQppdFX9l2YFBI4t-B_qy2Jp0rjdxVvkBvCOLoKvrCay-CqcMBHumhzOOy5jlFzuJeywG-2MDmJgUb8g?testcase_id=5159182737342464

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6609055835750400

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  TypeError: node #96:CheckBounds(input @1 = HeapConstant:HeapConstant) type Const
  
Regressed: V8: r38391:38392

Minimized Testcase (0.34 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97dZQly0f-YLLty8noR0NDFMAmqGJ2BjVAE2y7OlvL6amSQq0vwtxBNRBr9LadWB0Ow03yjOG0hc08dQ3-1kAs7zUAdCFJP5kz3vAh3tWMpzkEUj9e41Abmua9gXbcdSZL61uBKcxhgxj6mXb9Mxv2by8Jv3A?testcase_id=6609055835750400
var assertFalse;
try {
;
(function __f_3() {
"main", kSig_i
})();
(function __f_0() {
})();
} catch(e) {"Caught: " + e; }
try {
var __v_6 = [0, ""];
} catch(e) { print(); }
function __f_6(array) {
  array[1] = undefined;
}
function __f_7() {
  __f_6(function() {});
  __f_6(__v_6);
}

__f_7();
%OptimizeFunctionOnNextCall(__f_7);
__f_7();
 {

  
}



See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4582164836646912

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  TypeError: node #143:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons
  
Regressed: V8: r38165:38166

Minimized Testcase (0.53 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95KKVE8NaaUAwdM4eifsFnIUvFwk1gU9LYJSwelEwB5JK6GGMcWoqQFlvSQ8rOmMQxbKdTEpoBka8ttL2A5UzWJVQRc-GijSkBm8LK3Vefwj047bHESSt8pSdZZTz1AzccLGe73rrWgy49zR2Fx8Xcf8Jk9cg?testcase_id=4582164836646912

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6075528086028288

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_ignition_v8_arm_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  TypeError: node #146:MaybeGrowFastElements[ArrayObject](input @3 = HeapConstant:
  
Regressed: V8: r38417:38418

Minimized Testcase (2.25 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97CZ4hik-7cQ_evVbesQoBGjd1s1_BE_mLpNfJzRO6VGFW5DgPha5L-uTg2AqAH-pHvTbZa53ruWhVcThuzZ9kGncdJ8TYmqqD69Y5LhpIKiaqXmEvn871_XlZnABGZiFQZ5Jl1w4uGOQNWi5fzyju5JszYbg?testcase_id=6075528086028288

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6284106361208832

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm64_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  TypeError: node #183:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons
  
Regressed: V8: r36946:36947

Minimized Testcase (12.77 Kb): https://cluster-fuzz.appspot.com/download/AMIfv962VQj7HJRfT2Q0E4El_LMI3U09o2SaxFXHToC8iBEmIVbTJWXctK6bJacnCZAKgjOgsN7VFz-BOVWUg_9PqreeIzdy0-sMprUiNjT1HbJiqSNenh71outqcK4o0FhSDm2dRf5xsTReDMK3-I6h2EvDzpEzZA?testcase_id=6284106361208832

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

 Issue 648954  has been merged into this issue.

 Issue 643593  has been merged into this issue.

 Issue 641692  has been merged into this issue.

ClusterFuzz has detected this issue as fixed in range 39655:39656.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5159182737342464

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  TypeError: node #113:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons
  
Regressed: V8: r38165:38166
Fixed: V8: r39655:39656

Minimized Testcase (1.91 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96tyPtOtqqnVY1jgvI_EzCMbMsNqlzT1-KXxmWtMPe0R-_H8CDd_N-_1lJA4BlsUg3t5MNHAo7gY6pQppdFX9l2YFBI4t-B_qy2Jp0rjdxVvkBvCOLoKvrCay-CqcMBHumhzOOy5jlFzuJeywG-2MDmJgUb8g?testcase_id=5159182737342464

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 39655:39656.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4679388434268160

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  TypeError: node #145:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons
  
Regressed: V8: r38391:38392
Fixed: V8: r39655:39656

Minimized Testcase (2.37 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95BpwcU-Vk6y8aXdVDXlMw_uwg7EXuInMhBnKaDumJgzSbXt5w0gROz4WZvQEjwyU7_3KZFEWHgSHE_ZosVXGYrii88yCazM9f3K13_oxxnr5utJeufBw5hOijJquO9gKeoBshvEp1VJl1UXKpbq9aNCoz2tw?testcase_id=4679388434268160

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 39655:39656.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5417302805970944

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  TypeError: node #97:CheckBounds(input @1 = HeapConstant:HeapConstant) type Const
  
Regressed: V8: r38391:38392
Fixed: V8: r39655:39656

Minimized Testcase (13.28 Kb): https://cluster-fuzz.appspot.com/download/AMIfv941rphgYF2uZkj_Qa5rrDqJA46lyXlO5azgXsseX98et1lsZ8BYuM44FHs1Qcfj1vS0LKU7lUvl9fy0AoVBGsoCLjxuka2iWdWQIxlYYs_X_FphDDjmmIvEk4ydA7KmHasXf-HhdWpeD_cu8zUB0eveW9Ts7Q?testcase_id=5417302805970944

Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 39655:39656.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5777291038949376

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  TypeError: node #117:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons
  
Regressed: V8: r38165:38166
Fixed: V8: r39655:39656

Minimized Testcase (8.61 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95c9fX8XztXX-0G6n-F04QnPyqQxN35oiki9hd_P4LpV_ncv4bBFrxlHfwkcIXLLfYmo56qe7IIQRkMlIf-vnQQMugQZRLwlG_8mDIdWwdOLQJXZ4LJbH1Fza4_LEttCBbdf7HEuXqLVPdvvTI1VRsn77pH_g?testcase_id=5777291038949376

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 39655:39656.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6609055835750400

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  TypeError: node #96:CheckBounds(input @1 = HeapConstant:HeapConstant) type Const
  
Regressed: V8: r38391:38392
Fixed: V8: r39655:39656

Minimized Testcase (0.34 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97dZQly0f-YLLty8noR0NDFMAmqGJ2BjVAE2y7OlvL6amSQq0vwtxBNRBr9LadWB0Ow03yjOG0hc08dQ3-1kAs7zUAdCFJP5kz3vAh3tWMpzkEUj9e41Abmua9gXbcdSZL61uBKcxhgxj6mXb9Mxv2by8Jv3A?testcase_id=6609055835750400
var assertFalse;
try {
;
(function __f_3() {
"main", kSig_i
})();
(function __f_0() {
})();
} catch(e) {"Caught: " + e; }
try {
var __v_6 = [0, ""];
} catch(e) { print(); }
function __f_6(array) {
  array[1] = undefined;
}
function __f_7() {
  __f_6(function() {});
  __f_6(__v_6);
}

__f_7();
%OptimizeFunctionOnNextCall(__f_7);
__f_7();
 {

  
}



See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 39655:39656.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6075528086028288

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_ignition_v8_arm_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  TypeError: node #146:MaybeGrowFastElements[ArrayObject](input @3 = HeapConstant:
  
Regressed: V8: r38417:38418
Fixed: V8: r39655:39656

Minimized Testcase (2.25 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97CZ4hik-7cQ_evVbesQoBGjd1s1_BE_mLpNfJzRO6VGFW5DgPha5L-uTg2AqAH-pHvTbZa53ruWhVcThuzZ9kGncdJ8TYmqqD69Y5LhpIKiaqXmEvn871_XlZnABGZiFQZ5Jl1w4uGOQNWi5fzyju5JszYbg?testcase_id=6075528086028288

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 39655:39656.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6284106361208832

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm64_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  TypeError: node #183:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons
  
Regressed: V8: r36946:36947
Fixed: V8: r39655:39656

Minimized Testcase (12.77 Kb): https://cluster-fuzz.appspot.com/download/AMIfv962VQj7HJRfT2Q0E4El_LMI3U09o2SaxFXHToC8iBEmIVbTJWXctK6bJacnCZAKgjOgsN7VFz-BOVWUg_9PqreeIzdy0-sMprUiNjT1HbJiqSNenh71outqcK4o0FhSDm2dRf5xsTReDMK3-I6h2EvDzpEzZA?testcase_id=6284106361208832

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 39655:39656.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4582164836646912

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  TypeError: node #143:CheckBounds(input @1 = HeapConstant:HeapConstant) type Cons
  
Regressed: V8: r38165:38166
Fixed: V8: r39655:39656

Minimized Testcase (0.53 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95KKVE8NaaUAwdM4eifsFnIUvFwk1gU9LYJSwelEwB5JK6GGMcWoqQFlvSQ8rOmMQxbKdTEpoBka8ttL2A5UzWJVQRc-GijSkBm8LK3Vefwj047bHESSt8pSdZZTz1AzccLGe73rrWgy49zR2Fx8Xcf8Jk9cg?testcase_id=4582164836646912

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot