Regression range points to 1191e6f6ef03df5775fd881223fe32499d3eb199. Reproduces with the following set of flags (ASAN _not_ required):

$ ./out/x64.debug/d8 --expose-gc --no-turbo --gc-interval=152 --preparser-scope-analysis ~/Downloads/clusterfuzz-testcase-4776648177352704.js

Apparently what happened is that clusterfuzz discovered my experimental --preparser-scope-analysis flag and now it's finding all kinds of errors. This is as expected - but I had forgotten that clusterfuzz discovers flags like that. Sorry for the noise!

The regressing commit is the one that makes the feature use the data it produces (instead of producing and ignoring it).

ClusterFuzz has detected this issue as fixed in range 44692:44693.

Detailed report: https://clusterfuzz.com/testcase?key=4776648177352704

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm64_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  success in preparsed-scope-data.cc
  
Sanitizer: address (ASAN)

Regressed: V8: 43907:43908
Fixed: V8: 44692:44693

Reproducer Testcase: https://clusterfuzz.com/download/AMIfv97pULI4y9wWw6U06l32xNwgMF73zwbK0rXWwW2yQUVGX0Uhzv03KEr8PYUU9IhLEQ6dAM9lnNgIt3FKqC-LgqHJ5FnRloMGsMvfvi7hE6niZsPZqAgFaZ1KIK4UM2Os_7HKYQMl7OkHAZ6eOOqAXxZFzLt0fg07pWIXTqPeMD4F5ZQe_HgQRb_y85qj9Gqf6U3GJoBTlolw17Mo3suOo433A8uqDcBErK6Vs5bTyDJV5QnXgULFcmMojHLAUpumECjpqq0RsQDty2k5Qii9LrJGDtX50i5XzG-gsTVNpybYCNRG0rXndx3km_i8hqSqA-kiEFFYdf1jCfHQz6TzE3fbsZCBokjZb22N6CLy6b64YOG_pLs?testcase_id=4776648177352704


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4776648177352704 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.