Possible suspect CL but not 100% sure though
https://chromium.googlesource.com/v8/v8/+/d234118e293d10b980a3c1fde75cd864ff3590b6%5E%21/src/objects-debug.cc

cbruni@, could you please take a look and help us to find correct owner if it is not related your changes.

PTAL this doesn't repro on TOT, neither in normal nor ASAN build.

ClusterFuzz has detected this issue as fixed in range 444813:444856.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4741332385136640

Fuzzer: inferno_twister_custom_bundle
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !field_type->NowStable() || field_type->NowContains(value) || (!FLAG_use_allocat
  
Sanitizer: address (ASAN)

Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_chromeos&range=444813:444856

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv945aD44-b0Zu7U2ji-9_98k_h9d_xuArDNO12tsE8XcUETQxYrYIPaNQYapbve8QcFdt3hXzmiRQlAgK0xmv121gfq0UUwtV0k-znlEUWq-HEDR6oOWBVMQKYrjrxFgxFKDYM7ZVWim5yuJoK0WL6RPGTG4gQSPMoQHzUM3L6h-wvac_3o?testcase_id=4741332385136640


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4741332385136640 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.