ClusterFuzz is analyzing your testcase. Developers can follow the progress at https://clusterfuzz.com/testcase?key=4586657792917504.

Detailed report: https://clusterfuzz.com/testcase?key=4586657792917504

Job Type: linux_asan_d8_dbg
Crash Type: DCHECK failure
Crash Address: 
Crash State:
  kMaxUInt32 != index_ in lookup.h
  v8::internal::LookupIterator::LookupIterator
  LookupIterator
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=48130:48131

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4586657792917504

See https://github.com/google/clusterfuzz-tools for more information.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

1 SUSPECTED CHANGELISTS
[turbofan] Constant-fold keyed loads of sealed properties. by bmeurer@chromium.org
The suspect is the only cl in the regression range.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/adfaf74d33b88dfd69a7c7f7a210dc62cf78d525

commit adfaf74d33b88dfd69a7c7f7a210dc62cf78d525
Author: Benedikt Meurer <bmeurer@chromium.org>
Date: Wed Sep 27 05:43:25 2017

[turbofan] Fix off-by-one in constant-folding of frozen elements.

Bug:  chromium:768367 ,  v8:6819 ,  v8:6820 , v8:6831
Change-Id: I90538217f794c91a83ae5cfb12e0d0347d5f8574
Reviewed-on: https://chromium-review.googlesource.com/685240
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48175}
[modify] https://crrev.com/adfaf74d33b88dfd69a7c7f7a210dc62cf78d525/src/compiler/js-native-context-specialization.cc
[add] https://crrev.com/adfaf74d33b88dfd69a7c7f7a210dc62cf78d525/test/mjsunit/regress/regress-crbug-768367.js

ClusterFuzz has detected this issue as fixed in range 48174:48175.

Detailed report: https://clusterfuzz.com/testcase?key=4586657792917504

Job Type: linux_asan_d8_dbg
Crash Type: DCHECK failure
Crash Address: 
Crash State:
  kMaxUInt32 != index_ in lookup.h
  v8::internal::LookupIterator::LookupIterator
  LookupIterator
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=48130:48131
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=48174:48175

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4586657792917504

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 48174:48175.

Detailed report: https://clusterfuzz.com/testcase?key=6561710013153280

Fuzzer: inferno_js_fuzzer
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: DCHECK failure
Crash Address: 
Crash State:
  kMaxUInt32 != index_ in lookup.h
  v8::internal::LookupIterator::LookupIterator
  LookupIterator
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=48130:48131
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=48174:48175

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6561710013153280

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4586657792917504 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot