Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/7c79a9fd1e35d5272b5dbe57af92c7e0d2120ca3 ([bigint] Stage BigInts).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Looks like a dupe of  https://crbug.com/823130 , which is hard to repro. Feel free to mark as duplicate. Dunno, why clusterfuzz bisects it to this CL. Probably a bit flaky on clusterfuzz too.

Thanks for the analysis! Marking as dupe.

The reason this particular repro bisects to the "Stage BigInt" CL is because it contains an (unused and irrelevant) load early on in the test:

    BigIntPrototypeValueOf = BigInt.prototype.valueOf;

which isn't wrapped in a try..catch, so before the BigInt CL that would prevent it from doing anything interesting.

ClusterFuzz has detected this issue as fixed in range 52973:52974.

Detailed report: https://clusterfuzz.com/testcase?key=6666687756369920

Fuzzer: foozzie_js_mutation
Job Type: v8_foozzie
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  configs: x64,ignition:x64,ignition_turbo
  sources: b2b
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=51672:51673
Fixed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=52973:52974

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6666687756369920

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.