ClusterFuzz has detected this issue as fixed in range 50060:50061.

Detailed report: https://clusterfuzz.com/testcase?key=5942598740213760

Fuzzer: mbarbella_js_mutation
Job Type: windows_asan_d8_dbg
Platform Id: windows

Crash Type: CHECK failure
Crash Address: 
Crash State:
  LoadElement of kRepFloat64 (NumberOrHole) cannot be changed to kRepTagged in rep
  v8::platform::PrintStackTrace
  v8::internal::compiler::RepresentationChanger::TypeError
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_d8_dbg&range=49986:49987
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_d8_dbg&range=50060:50061

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5942598740213760

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This looks like it might be related to  crbug.com/694359 . Clusterfuzz says that both were introduced by crrev.com/c/818193 and have been fixed by crrev.com/c/819510.

bmeurer@: Would you be able to check these two failures, or suggest someone who can, and whether there is more work needed to address them? Thanks.

That related bug should be  crbug.com/794359 , sorry.

Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

ClusterFuzz testcase 5089913648447488 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot