Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/49f23ce6425252a589f0e756be70d2d1224b70c2 ([foozzie] Add Liftoff testing).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

This is not Liftoff related. It's different messages being generated for proxy accesses:

# Difference:
- Caught: TypeError: 'get' on proxy: property 'bla' is a read-only and non-configurable data property on the proxy target but the proxy did not return its actual value (expected '-1073741824' but got '0')
+ Caught: TypeError: 'set' on proxy: trap returned truish for property 'bla' which exists in the proxy target as a non-configurable and non-writable data property with a different value

Maya, can you take a look please?

Easy to reproduce as follows:

$ out/ia32.release/d8 --expose-gc  ~/Downloads/clusterfuzz-testcase-minimized-4991534077050880.js  
v8-foozzie source: /v8/test/mjsunit/es6/proxies-set.js
Caught: TypeError: 'set' on proxy: trap returned truish for property 'bla' which exists in the proxy target as a non-configurable and non-writable data property with a different value
[...]

$ out/x64.release/d8 --expose-gc  ~/Downloads/clusterfuzz-testcase-minimized-4991534077050880.js  
v8-foozzie source: /v8/test/mjsunit/es6/proxies-set.js
Caught: TypeError: 'get' on proxy: property 'bla' is a read-only and non-configurable data property on the proxy target but the proxy did not return its actual value (expected '-1073741824' but got '0')
[...]

Bisected to:

commit a9f517e2348e4dbeb74a4f2ceab98e5d254f1caa
Author: Maya Lekova <mslekova@google.com>
Date:   Fri Sep 1 10:46:16 2017 +0200

    [builtins] Port Proxy set trap to CSA
    
    Bug: v8:6560, v8:6557
    Change-Id: I329794607e8de324fc696652555aaaeafcf519ec
    Reviewed-on: https://chromium-review.googlesource.com/625940
    Reviewed-by: Igor Sheludko <ishell@chromium.org>
    Commit-Queue: Maya Lekova <mslekova@google.com>
    Cr-Commit-Position: refs/heads/master@{#47760}

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/17875b01ca9bbfc8eef4e36d6561729a55b0540e

commit 17875b01ca9bbfc8eef4e36d6561729a55b0540e
Author: Maya Lekova <mslekova@chromium.org>
Date: Mon May 14 16:37:20 2018

[builtins] Fix error message in Proxy set trap

Bug:  chromium:842101 

R=neis@chromium.org

Change-Id: I4a142b28682ba73cbf3398e74c15614fa491ad40
Reviewed-on: https://chromium-review.googlesource.com/1057627
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53164}
[modify] https://crrev.com/17875b01ca9bbfc8eef4e36d6561729a55b0540e/src/builtins/builtins-proxy-gen.cc
[add] https://crrev.com/17875b01ca9bbfc8eef4e36d6561729a55b0540e/test/message/regress/fail/regress-crbug-842101.js
[add] https://crrev.com/17875b01ca9bbfc8eef4e36d6561729a55b0540e/test/message/regress/fail/regress-crbug-842101.out

Should be fixed in https://chromium.googlesource.com/v8/v8/+/17875b01ca9bbfc8eef4e36d6561729a55b0540e

ClusterFuzz has detected this issue as fixed in range 53163:53164.

Detailed report: https://clusterfuzz.com/testcase?key=4991534077050880

Fuzzer: foozzie_js_mutation
Job Type: v8_foozzie
Platform Id: linux

Crash Type: V8 correctness failure
Crash Address: 
Crash State:
  configs: x64,liftoff:ia32,liftoff
  sources: 64d
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=52110:52111
Fixed: https://clusterfuzz.com/revisions?job=v8_foozzie&range=53163:53164

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4991534077050880

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4991534077050880 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.