I have verified that this reproduces on ToT debug builds with --expose-gc. Bisecting...

Turns out that this is a problem with extensions and exceptions which is triggered because --expose-gc is an extension. The test case tries to create new realms as part of handling a stackoverflow.

ClusterFuzz has detected this issue as fixed in range 43461:43462.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6147985810653184

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_mipsel_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  try_catch.HasCaught() in d8.cc
  
Sanitizer: address (ASAN)

Regressed: V8: 43417:43418
Fixed: V8: 43461:43462

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94ViYDgCfPf4dYvmZP-N7q594slg1W4yIx3K7l4u9jYGAUR019XeTZgBJ2dqDo6dCAnNRVm0Qwf9xWv_cvucvZJQxbmWDU5-yZ-ZLrWHWsNvuMkByZ4Qe7LIRZWJ7t1G3FVFVGdDv25tdA3foh3t7xpHQAEaDygR48OZ5YXH41HIftS1TeYWlJHTxm6zkHdlrshUvEQ5dzKVvzVGCpCwD_5AmrkpRllF0UMZ14fI5l-HopasgdYZPxv08XMEg6y9FWhU3BU2RQoPGmqIlaYuzY1VnRKU24RXkvRoT4q8bfwe4aDme48xRl3Hq_1TK4Zj3ow9lD9Fiy9IriV1jsLafW4MVY-iFqU1UWlpQghZ-F8K8ZSzBA?testcase_id=6147985810653184


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 43461:43462.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6147985810653184

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_mipsel_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  try_catch.HasCaught() in d8.cc
  
Sanitizer: address (ASAN)

Regressed: V8: 43417:43418
Fixed: V8: 43461:43462

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94ViYDgCfPf4dYvmZP-N7q594slg1W4yIx3K7l4u9jYGAUR019XeTZgBJ2dqDo6dCAnNRVm0Qwf9xWv_cvucvZJQxbmWDU5-yZ-ZLrWHWsNvuMkByZ4Qe7LIRZWJ7t1G3FVFVGdDv25tdA3foh3t7xpHQAEaDygR48OZ5YXH41HIftS1TeYWlJHTxm6zkHdlrshUvEQ5dzKVvzVGCpCwD_5AmrkpRllF0UMZ14fI5l-HopasgdYZPxv08XMEg6y9FWhU3BU2RQoPGmqIlaYuzY1VnRKU24RXkvRoT4q8bfwe4aDme48xRl3Hq_1TK4Zj3ow9lD9Fiy9IriV1jsLafW4MVY-iFqU1UWlpQghZ-F8K8ZSzBA?testcase_id=6147985810653184


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 43461:43462.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6147985810653184

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_mipsel_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  try_catch.HasCaught() in d8.cc
  
Sanitizer: address (ASAN)

Regressed: V8: 43417:43418
Fixed: V8: 43461:43462

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94ViYDgCfPf4dYvmZP-N7q594slg1W4yIx3K7l4u9jYGAUR019XeTZgBJ2dqDo6dCAnNRVm0Qwf9xWv_cvucvZJQxbmWDU5-yZ-ZLrWHWsNvuMkByZ4Qe7LIRZWJ7t1G3FVFVGdDv25tdA3foh3t7xpHQAEaDygR48OZ5YXH41HIftS1TeYWlJHTxm6zkHdlrshUvEQ5dzKVvzVGCpCwD_5AmrkpRllF0UMZ14fI5l-HopasgdYZPxv08XMEg6y9FWhU3BU2RQoPGmqIlaYuzY1VnRKU24RXkvRoT4q8bfwe4aDme48xRl3Hq_1TK4Zj3ow9lD9Fiy9IriV1jsLafW4MVY-iFqU1UWlpQghZ-F8K8ZSzBA?testcase_id=6147985810653184


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz has detected this issue as fixed in range 43461:43462.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6147985810653184

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_mipsel_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  try_catch.HasCaught() in d8.cc
  
Sanitizer: address (ASAN)

Regressed: V8: 43417:43418
Fixed: V8: 43461:43462

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94ViYDgCfPf4dYvmZP-N7q594slg1W4yIx3K7l4u9jYGAUR019XeTZgBJ2dqDo6dCAnNRVm0Qwf9xWv_cvucvZJQxbmWDU5-yZ-ZLrWHWsNvuMkByZ4Qe7LIRZWJ7t1G3FVFVGdDv25tdA3foh3t7xpHQAEaDygR48OZ5YXH41HIftS1TeYWlJHTxm6zkHdlrshUvEQ5dzKVvzVGCpCwD_5AmrkpRllF0UMZ14fI5l-HopasgdYZPxv08XMEg6y9FWhU3BU2RQoPGmqIlaYuzY1VnRKU24RXkvRoT4q8bfwe4aDme48xRl3Hq_1TK4Zj3ow9lD9Fiy9IriV1jsLafW4MVY-iFqU1UWlpQghZ-F8K8ZSzBA?testcase_id=6147985810653184


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6147985810653184 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/dee757f43b0d2bf89381c5cdef515ef57d900f33

commit dee757f43b0d2bf89381c5cdef515ef57d900f33
Author: Jochen Eisinger <jochen@chromium.org>
Date: Wed Mar 08 12:03:15 2017

Remove incorrect assumption that a failed context creation throws

BUG= chromium:696464 
R=yangguo@chromium.org

Change-Id: Ie873e8af6af4dd95897f5f85e0eac5a350f59b32
Reviewed-on: https://chromium-review.googlesource.com/449714
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43668}
[modify] https://crrev.com/dee757f43b0d2bf89381c5cdef515ef57d900f33/src/api.cc
[modify] https://crrev.com/dee757f43b0d2bf89381c5cdef515ef57d900f33/src/d8.cc