Daniel, this seems related to your CL.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5368686267596800

Fuzzer: decoder_langfuzz
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  owner()->HasStackOverflow() || owner()->current_block() == __null || (owner()->e
  
Regressed: V8: r40152:40153

Minimized Testcase (6.10 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95byVCq7UjKuBxkTeAen4YrbRrtP4kRjbN426ldYZVCZr9DCrY-kLlZNyhJFQW-FI8lmvNVHq1ZMC68ScTP8GXu8SeA6AtnRwOq69d4GCD1I-zNHyP9ZdEfFr7hVSFnwiZMKvhVOc4hAvjt_N_Gn3ZPn746Iw?testcase_id=5368686267596800

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

ClusterFuzz has detected this issue as fixed in range 40170:40171.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5021629019324416

Fuzzer: decoder_langfuzz
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  values_.length() == other->values_.length() in hydrogen.cc
  
Regressed: V8: r40152:40153
Fixed: V8: r40170:40171

Minimized Testcase (8.02 Kb): https://cluster-fuzz.appspot.com/download/AMIfv94B4vPfB7nLsQM27K_tEezh_2w-8kv8NCdcs6t5oStes3C_BkIBmFBTORgq0OyTkWTqz2S84m9W8SR0CHcogBiDtrvg8Y2uRkS1ywIHZeAAHoCcE5Te3l7fhniTfV00ZAJ062mGaNIiMFCTKui1LqygnQZ7qA?testcase_id=5021629019324416

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 40170:40171.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5368686267596800

Fuzzer: decoder_langfuzz
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  owner()->HasStackOverflow() || owner()->current_block() == __null || (owner()->e
  
Regressed: V8: r40152:40153
Fixed: V8: r40170:40171

Minimized Testcase (6.10 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95byVCq7UjKuBxkTeAen4YrbRrtP4kRjbN426ldYZVCZr9DCrY-kLlZNyhJFQW-FI8lmvNVHq1ZMC68ScTP8GXu8SeA6AtnRwOq69d4GCD1I-zNHyP9ZdEfFr7hVSFnwiZMKvhVOc4hAvjt_N_Gn3ZPn746Iw?testcase_id=5368686267596800

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase is verified as fixed, closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/041314524952a3c1bc71bd3beafbbb37319f1d22

commit 041314524952a3c1bc71bd3beafbbb37319f1d22
Author: vogelheim <vogelheim@chromium.org>
Date: Mon Oct 17 13:36:10 2016

Speedup access to global_proxy.* attributes/accessors.

Using a global proxy (e.g. 'window.f', 'w.f' or 'this.f') is considerably slower than evaluating just 'f'. This CL aims to perform the necessary checks at compile time and inline the accesses.

This is a follow-on CL to crrev.com/2369933005:
- The initial upload is crrev.com/2369933005 + a rebase.
- The remaining issues are the fixes requested by the reviewers on that CL.

BUG=chromium:634276,  chromium:654716 

Committed: https://crrev.com/8f43d748272536117008aa6a1b53ea52126261c1
Review-Url: https://codereview.chromium.org/2403003002
Cr-Original-Commit-Position: refs/heads/master@{#40153}
Cr-Commit-Position: refs/heads/master@{#40365}

[modify] https://crrev.com/041314524952a3c1bc71bd3beafbbb37319f1d22/src/crankshaft/hydrogen.cc
[modify] https://crrev.com/041314524952a3c1bc71bd3beafbbb37319f1d22/src/crankshaft/hydrogen.h

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/36f3f90907bea457591c6c484fb554b737bbaeac

commit 36f3f90907bea457591c6c484fb554b737bbaeac
Author: vogelheim <vogelheim@chromium.org>
Date: Mon Oct 31 14:28:05 2016

Speedup access to global_proxy.* attributes/accessors.

Using a global proxy (e.g. 'window.f', 'w.f' or 'this.f') is considerably slower than evaluating just 'f'. This CL aims to perform the necessary checks at compile time and inline the accesses.

This is a follow-on CL to crrev.com/2369933005:
- The initial upload is crrev.com/2369933005 + a rebase.
- The remaining issues are the fixes requested by the reviewers on that CL.

BUG=chromium:634276,  chromium:654716 , chromium:656959

Committed: https://crrev.com/8f43d748272536117008aa6a1b53ea52126261c1
Committed: https://crrev.com/041314524952a3c1bc71bd3beafbbb37319f1d22
Review-Url: https://codereview.chromium.org/2403003002
Cr-Original-Original-Commit-Position: refs/heads/master@{#40153}
Cr-Original-Commit-Position: refs/heads/master@{#40365}
Cr-Commit-Position: refs/heads/master@{#40671}

[modify] https://crrev.com/36f3f90907bea457591c6c484fb554b737bbaeac/src/crankshaft/hydrogen.cc
[modify] https://crrev.com/36f3f90907bea457591c6c484fb554b737bbaeac/src/crankshaft/hydrogen.h

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot