https://chromium.googlesource.com/v8/v8/+log/6475ae2025d552d18e6f2ca10a63854ad729ccca..8974b75bce037555cb93c4d501176986dd0dc935?pretty=fuller&n=10000

Detailed report: https://clusterfuzz.com/testcase?key=5916987124613120

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: DCHECK failure
Crash Address: 
Crash State:
  result_map_->is_dictionary_map() in map-updater.cc
  v8::internal::MapUpdater::FindRootMap
  v8::internal::MapUpdater::ReconfigureElementsKind
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=47580:47581

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5916987124613120

See https://github.com/google/clusterfuzz-tools for more information.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/8a7ce927a685d4007e02298881d85c7d5f273777

commit 8a7ce927a685d4007e02298881d85c7d5f273777
Author: Camillo Bruni <cbruni@chromium.org>
Date: Fri Aug 25 10:44:29 2017

Don't look at abandoned prototype maps when looking for root maps

Bug:  chromium:757199 ,  chromium:758773 , chromium:758821
Change-Id: I70644853770501b13992bd7bf78d168ca2308d64
Reviewed-on: https://chromium-review.googlesource.com/635223
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#47603}
[modify] https://crrev.com/8a7ce927a685d4007e02298881d85c7d5f273777/src/compiler/js-native-context-specialization.cc
[add] https://crrev.com/8a7ce927a685d4007e02298881d85c7d5f273777/test/mjsunit/regress/regress-crbug-757199.js
[add] https://crrev.com/8a7ce927a685d4007e02298881d85c7d5f273777/test/mjsunit/regress/regress-crbug-758773.js

ClusterFuzz has detected this issue as fixed in range 47593:47594.

Detailed report: https://clusterfuzz.com/testcase?key=5694138183057408

Fuzzer: v8_builtins_generator
Job Type: linux_asan_d8_v8_arm64_dbg
Platform Id: linux

Crash Type: DCHECK failure
Crash Address: 
Crash State:
  result_map_->is_dictionary_map() in map-updater.cc
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm64_dbg&range=47580:47581
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm64_dbg&range=47593:47594

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5694138183057408

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 47593:47594.

Detailed report: https://clusterfuzz.com/testcase?key=5916987124613120

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: DCHECK failure
Crash Address: 
Crash State:
  result_map_->is_dictionary_map() in map-updater.cc
  v8::internal::MapUpdater::FindRootMap
  v8::internal::MapUpdater::ReconfigureElementsKind
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=47580:47581
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=47593:47594

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5916987124613120

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot