rmcilroy @ as per recent change assigned this to you ,could you please look into this and please feel free to re assigned back if needed ,thanks in advance 

I don't think any of my changes could have caused this. Marja, would you mind taking a look? Feel free to assign back if it's something I can help with.

Investigating; this reproes with plain d8.

In debug mode, there's this failure:

mutant7218_regress-670808.js

#
# Fatal error in ../../src/ast/ast.h, line 1212
# Check failed: IsPropertyName().
#

==== C stack trace ===============================

And in release mode, it's the one in the report. That failing DCHECK is guarding it:

  const AstRawString* AsRawPropertyName() {
    DCHECK(IsPropertyName());
    return value_->AsString();
  }

However, the bug report afaics doesn't contain the V8 bisect info so I'll need to bisect this manually.

The culprit is this commit:

commit f6929084821d4f021b2c2768c9856472ffa42623
Author: bradnelson <bradnelson@chromium.org>
Date:   Thu Jan 12 18:26:07 2017 -0800

    [wasm][asm.js] Enable --validate-asm by default.
    
    This directs all asm.js traffic via the Wasm backend.
    Make asm.js console output less noisy.
    
    R=titzer@chromium.org,aseemgarg@chromium.org
    BUG= v8:4203 
    
    Review-Url: https://codereview.chromium.org/2624813002
    Cr-Original-Original-Commit-Position: refs/heads/master@{#42194}
    Committed: https://chromium.googlesource.com/v8/v8/+/946cc371ed4b34d1a9f5cc615b14c41b652562ad
    Review-Url: https://codereview.chromium.org/2624813002
    Cr-Original-Commit-Position: refs/heads/master@{#42244}
    Committed: https://chromium.googlesource.com/v8/v8/+/3169fb94c98953f002908974a606b51a35178046
    Review-Url: https://codereview.chromium.org/2624813002
    Cr-Commit-Position: refs/heads/master@{#42300}

ClusterFuzz has detected this issue as fixed in range 445281:445285.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6661486564081664

Fuzzer: decoder_langfuzz
Job Type: linux_msan_d8
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  (STRING)==(type_) in ast-value-factory.h
  
Sanitizer: memory (MSAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_d8&range=443512:443569
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_msan_d8&range=445281:445285

Minimized Testcase (8.09 Kb): https://cluster-fuzz.appspot.com/download/AMIfv96YOuwor0eGwHZNgva1P70bwncqgz1hybCw9sIcUuP9i4JZ5tpc3JEs5cn2AFEO3KYrTcfFZ7Y0WqKo0w6gzl_AbkfgrgvHxAPBBvEHOzzyzqwMADs9-gA1y-JqnIAvQ00iGVi_d5oHzhtilLcnDr5pZuBq4F6Blfz4YUI73wK5QoiFL_VObE0n2oOtGqVHjKALAPjGPKGGGnAIVpvsN6B_-MAw9i59j1QJBWtDdiqFIJ62siaLZfBhotqA6ZQqzcNTuaXAlRxzVfBjptIriCCaMlJpCwmU2IS86j06i4o5DK-B-vnYQl-Dy0tHHFaGgL_kXiBduAFQ43mPKQ8EIqMUMOPyFv85RDTvpFBQ2lVWRPYLIWQ?testcase_id=6661486564081664

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6661486564081664 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.