Automatically applying components based on crash stacktrace and information from OWNERS files.

If this is incorrect, please apply the Test-Predator-Wrong-Components label.

Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/1bd483222a8bbc53c1a7428181be904b1c4c15d5 ([cleanup] Fix uses of V8_DEPRECATE_SOON methods in v8).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Smaller repro:

async_hooks.createHook({
  init() {
  }
}).enable();

async function f() {
}

function t() {
  try {
    return t();
  } catch (e) {
    return f();
  }
}
t();

Looks like it exhausts the stack then calls an async function which triggers the hook which then throws another exception (due to still exhausted stack) and that causes ToLocalChecked to be called on an empty MaybeLocal.

I will rollback the part of the patch that did that. Not sure how to write a test for this since when this code actually works it will throw an exception for the stack exhaustion. Any attempt to catch that at the top-level seems to make the original problem go away. Possibly it needs a cctest rather than mjsunit.

 Issue 865844  has been merged into this issue.
 Issue 865850  has been merged into this issue.
 Issue 865857  has been merged into this issue.

Please confirm if this commit fixes it: https://chromium.googlesource.com/v8/v8.git/+/4a28271feeff2dc95ac08c01dc0879facefd58f9

The following revision should also fix this bug:
  https://chromium.googlesource.com/v8/v8.git/+/4a28271feeff2dc95ac08c01dc0879facefd58f9

commit 4a28271feeff2dc95ac08c01dc0879facefd58f9
Author: Maya Lekova <mslekova@chromium.org>
Date: Mon Jul 23 13:34:50 2018

[async] Improve error handling when running async hooks

If an exception is thrown in instrumented async code, for instance
  await import('non-existing-module')
it should be correctly reported by the hooks that run around this code.
Also calling ToLocalChecked() on the hook result is wrong if the hook
has thrown an exception.

Bug:   chromium:865892  
Change-Id: I5712376fe4426a3e49223d821e4647150887a258
Reviewed-on: https://chromium-review.googlesource.com/1146561
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54610}
[modify] https://crrev.com/4a28271feeff2dc95ac08c01dc0879facefd58f9/src/async-hooks-wrapper.cc
[modify] https://crrev.com/4a28271feeff2dc95ac08c01dc0879facefd58f9/src/isolate.h
[add] https://crrev.com/4a28271feeff2dc95ac08c01dc0879facefd58f9/test/mjsunit/regress/regress-crbug-865892.js

ClusterFuzz testcase 5375861193441280 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 54609:54610.

Detailed report: https://clusterfuzz.com/testcase?key=6363995460861952

Fuzzer: ochang_js_fuzzer
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: Ill
Crash Address: 0x7f7a2ff15508
Crash State:
  v8::Utils::ReportApiFailure
  ToLocalChecked
  v8::AsyncHooks::PromiseHookDispatch
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=54549:54550
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=54609:54610

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6363995460861952

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.