CF sheriff, PTAL

Still reproduces when going through AstGraphBuilder (i.e. before the Ignition shipping CL that is). Regression range points to 09410621f98bcf9fd022c4f183457ada6342c7fa. No longer reproduces via BytecodeGraphBuilder though. Feel free to close if this is no longer actionable.

ClusterFuzz has detected this issue as fixed in range 40662:40663.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5032787917930496

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm64_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  OpParameter<FrameStateInfo>(dummy_state).bailout_id().IsNone() in js-typed-lower
  
Regressed: V8: r40426:40427
Fixed: V8: r40662:40663

Minimized Testcase (1.13 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97CiFBPus5-1Dwa-rq5QHkdfbM5cTvBxBHwi7YibV2vnfGDQrp8S5qtad2gi8AKtTTJeRNP9RqQpFcgXJB9AzfhFX3Was_KTySQDmlFTz3L31OdGjSk6QjiYvnaQ2ppAaCg1O1VuR6LU9lU_fKQ2p1vFdJLSQ?testcase_id=5032787917930496

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot