Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/b123ee34111f643fec6f7b662912deafd1165e3e (Allow global prototype to be a Proxy).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

@marja: Is this an expected problem with eager vs. lazy?

Hmm, no, as far as I can tell. The error (which only occurs with --no-lazy) is "__v_6 is not defined", so it's not some lazy parsing vs eager parsing stuff.

The most minimal case I could come up with:

let weird = 0;

__v_2 = this;
(function () {
  var __v_9 = new Proxy({}, { get() {}});
  Object.setPrototypeOf(__v_2, __v_9);
})();

eval();
function __f_7() {
  __v_6;
 eval();
}
__f_7();

ClusterFuzz has detected this issue as fixed in range 48714:48715.

Detailed report: https://clusterfuzz.com/testcase?key=5285966398095360

Fuzzer: foozzie_js_mutation
Job Type: v8_foozzie
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  configs: x64,ignition:x64,ignition_eager
  sources: d15
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=44077:44078
Fixed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=48714:48715

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5285966398095360

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Ignore comment 5.

Removing v8-foozzie-failure label, because eager-lazy testing has been removed from correctness-fuzzer experiments.