Reproduces on TOT. 
Seems to be a --turbo-escape issue which is off in production.

 Issue 622669  has been merged into this issue.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6743363122626560

Fuzzer: mbarbella_js_mutation
Job Type: windows_asan_d8
Platform Id: windows

Crash Type: UNKNOWN WRITE
Crash Address: 0x00000017
Crash State:
  v8::internal::Execution::Call
  v8::internal::Execution::Call
  v8::Script::Run
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_d8&range=400530:400549

Minimized Testcase (0.18 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv97ROBH0KVcdKdJXLsQrtmAnJ8uVdQ1MHNfg2zXwdcDXkOV8mv-_0KTo78vxET-nEZsJzOxx2cn0egE7sIKfrLouHz56FCWCE7KhFiIzc_ldDmJHgzmoveXl5dOrCbzptPxQ8EPbglvIzKQj_6aJt_I44-mAvQ?testcase_id=6743363122626560
function __f_6() {
  function __f_2() {
    function __f_1() {
      function __f_4() {
        eval();
      }
      __f_4();
    }
    __f_1();
  }
  __f_2();
}
__f_6();
__f_6();


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot