Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/916e35d72f4cdc6aaf39174e4f4a1a6b4297e393 (Reland ^3 "[async] Expose async hooks to d8").

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

Setting impact and OS labels. A quick look at the stacktrace and the code that triggered the CHECK makes it look like this affects all V8 platforms, so setting accordingly but please update if that is incorrect.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Removing the ReleaseBlock-Stable label, as this crash only happens in d8 and it's not related to security, and it's behind a flag.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/4a28271feeff2dc95ac08c01dc0879facefd58f9

commit 4a28271feeff2dc95ac08c01dc0879facefd58f9
Author: Maya Lekova <mslekova@chromium.org>
Date: Mon Jul 23 13:34:50 2018

[async] Improve error handling when running async hooks

If an exception is thrown in instrumented async code, for instance
  await import('non-existing-module')
it should be correctly reported by the hooks that run around this code.
Also calling ToLocalChecked() on the hook result is wrong if the hook
has thrown an exception.

Bug:  chromium:865892 
Change-Id: I5712376fe4426a3e49223d821e4647150887a258
Reviewed-on: https://chromium-review.googlesource.com/1146561
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54610}
[modify] https://crrev.com/4a28271feeff2dc95ac08c01dc0879facefd58f9/src/async-hooks-wrapper.cc
[modify] https://crrev.com/4a28271feeff2dc95ac08c01dc0879facefd58f9/src/isolate.h
[add] https://crrev.com/4a28271feeff2dc95ac08c01dc0879facefd58f9/test/mjsunit/regress/regress-crbug-865892.js

ClusterFuzz has detected this issue as fixed in range 54609:54610.

Detailed report: https://clusterfuzz.com/testcase?key=4531783459405824

Fuzzer: mbarbella_js_mutation
Job Type: windows_asan_d8_dbg
Platform Id: windows

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !isolate->has_scheduled_exception() in builtins-console.cc
  v8::platform::PrintStackTrace
  v8::internal::ConsoleCall
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_d8_dbg&range=54217:54218
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_d8_dbg&range=54609:54610

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4531783459405824

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4531783459405824 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.