Regression range points to 695026d411edcc222e514aa7090a42554237cb2a. Some operator not handled by escape analysis. Tobias, this might be related to the crashes you are seeing in the wild.

ClusterFuzz has detected this issue as fixed in range 42629:42630.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6236642357805056

Fuzzer: decoder_langfuzz
Job Type: linux_asan_d8_ignition_turbo_dbg
Platform Id: linux

Crash Type: Unreachable code
Crash Address: 
Crash State:
  escape-analysis.cc
  
Sanitizer: address (ASAN)

Regressed: V8: 42500:42501
Fixed: V8: 42629:42630

Minimized Testcase (10.95 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96xmHTMAfvkLL-4DeI--63B8f6RLteFm0K_S9NtFyYgJciPHruvhIQb3Ta2jpxkPWVGz18FO0IHPt-K7MB-dujPstz_bgVjZoN6TtYxIXvmav6Wb8SbtDW6I8GVzdBOBgvkLRkOFv_lWVdwkpKHfeZDQjksuM-9T2_apiwY5FI3iEqtLrBDRHwmZ7825uZOYyPQ85M2H-EalljpizVYVnUi6IBNT827eobCcfmhH0QKcB5sjV5WKp3PgyeC_PdeyDmQ0ZC8mecnUhvUS6lZ3uHKSSGY7GMRhkwnpmPFaJHg6MBMKyBkm8RP3_lTv0cKmSRoQWtNisD4rL_JXylIlxdXWjV-a3W0RFpoNpTBpxItOQN4sbk?testcase_id=6236642357805056

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.