Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/cdcc39e7f929cdc28020f006a7b2d657eb52eb94 (Stage --branch-load-poisoning behind --future.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Michael, what is the status of the mips port? Would it be possible to pretend the poisoning can be enabled there? (Without actually doing it.)

Hi Jaro,
I have a short meeting at 11:30 today with Ivica about the conditional move section of the CL.

The CL could be checked in "as is" and she can then land the conditional move afterwards. It is here: https://chromium-review.googlesource.com/c/v8/v8/+/951382

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

ClusterFuzz has detected this issue as fixed in range 52122:52123.

Detailed report: https://clusterfuzz.com/testcase?key=5351986447515648

Fuzzer: ochang_js_fuzzer
Job Type: linux_asan_d8_v8_mipsel_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  InstructionSelector::SupportsSpeculationPoisoning() in pipeline.cc
  v8::internal::compiler::PipelineImpl::SelectInstructions
  v8::internal::compiler::PipelineImpl::OptimizeGraph
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_mipsel_dbg&range=51877:51878
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_mipsel_dbg&range=52122:52123

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5351986447515648

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5351986447515648 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot