Find it and CL did not provide any possible suspects.
Using Code Search for the file, "wasm-objects.cc" assigning to the concern owner.

@titzer -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Repro: out/x64.debug/d8 --predictable --ignition-staging test.js --stack-size=100

==== test.js =====

function Module(stdlib) {
  "use asm";

  var fround = stdlib.Math.fround;

  // f: double -> float
  function f(a) {
    a = +a;
    return fround(a);
  }

  return { f: f };
}

var f = Module({ Math: Math }).f;

function runNearStackLimit(  )  {
  function g() { try { g(); } catch(e) { f(); } };
  g();
}

(function () {
  "use asm";

  function g(Array) {}

  runNearStackLimit(g);
})();

The check fails because we have no source position for the stack check. Working on a fix.

CL to fix this: http://crrev.com/2609363004
Waiting for rest of the team to return from vacation for review (either tomorrow or early next week).

 Issue 676654  has been merged into this issue.

Adding labels from merged-in duplicate.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/fc327e23087a88f6581d4bb2dc026b915b926589

commit fc327e23087a88f6581d4bb2dc026b915b926589
Author: clemensh <clemensh@chromium.org>
Date: Mon Jan 09 09:43:04 2017

[asm.js] [wasm] Store function start position for stack check

We did not associate any position to the stack check in the wasm
function prologue, hence a check failed later when trying to map the
non-existent position to the asm.js source position.

With this CL, we add a mapping to the source position table, mapping
the stack check call to byte offset 0 (which is distinct from any valid
instruction position). Also, we add another entry to the asm.js source
position sidetable, mapping byte offset 0 to the start source position
of the function body.

R=titzer@chromium.org, ahaas@chromium.org
BUG= chromium:677685 

Review-Url: https://codereview.chromium.org/2609363004
Cr-Commit-Position: refs/heads/master@{#42130}

[modify] https://crrev.com/fc327e23087a88f6581d4bb2dc026b915b926589/src/asmjs/asm-wasm-builder.cc
[modify] https://crrev.com/fc327e23087a88f6581d4bb2dc026b915b926589/src/compiler/wasm-compiler.cc
[modify] https://crrev.com/fc327e23087a88f6581d4bb2dc026b915b926589/src/runtime/runtime-test.cc
[modify] https://crrev.com/fc327e23087a88f6581d4bb2dc026b915b926589/src/runtime/runtime.h
[modify] https://crrev.com/fc327e23087a88f6581d4bb2dc026b915b926589/src/wasm/function-body-decoder.cc
[modify] https://crrev.com/fc327e23087a88f6581d4bb2dc026b915b926589/src/wasm/module-decoder.cc
[modify] https://crrev.com/fc327e23087a88f6581d4bb2dc026b915b926589/src/wasm/wasm-module-builder.cc
[modify] https://crrev.com/fc327e23087a88f6581d4bb2dc026b915b926589/src/wasm/wasm-module-builder.h
[add] https://crrev.com/fc327e23087a88f6581d4bb2dc026b915b926589/test/mjsunit/regress/regress-677685.js
[modify] https://crrev.com/fc327e23087a88f6581d4bb2dc026b915b926589/test/mjsunit/wasm/asm-wasm-stack.js
[modify] https://crrev.com/fc327e23087a88f6581d4bb2dc026b915b926589/test/mjsunit/wasm/stack.js

ClusterFuzz has detected this issue as fixed in range 42129:42130.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6301932760334336

Fuzzer: decoder_langfuzz
Job Type: linux_asan_d8_ignition_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  left < right in wasm-objects.cc
  
Sanitizer: address (ASAN)

Regressed: V8: r41908:41909
Fixed: V8: r42129:42130

Minimized Testcase (7.55 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95AdaC76ywimFDHfuEh-3NdmAbGPkBz5epdIEtwg_ngGf19sKZON1nJVXyb8Tui5wEAkWMy1GoLUjvhyNLmwkJCqIB8pnA9GFw5zjWZFc7U_CpKYclHzCoP_knAzOXEYgCmRswQutPF9vWIOmEHL-vPRXzKfDA1G7VbapumkEqzdNkx4H3sZutTX4LdHz4KT76qWeOgRttAe_zTf3PtD-OQLytSmkKA_hozIT-Zez6JMdHGIsC9YxKIwMHI4RqeOE4VQSXb_JB8gFT-1vuVmXhRy8AFCw1MCEvprn72C7R3siT7Td47inDWl4O-h6ht9lTKlA01nHqFoNrdl2rugs8oICTCp_Y5JKqdzXWibT-kP4vpM3iSRKVXP9wOavG80842GUpcVsrOA9BIpw8oxcGiPYJalw?testcase_id=6301932760334336

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot