machenbach: this seems likely to the v8 roll in https://codereview.chromium.org/2878883002. Could you please help triage? Thanks!

I think this is all due to runtime function invoked incorrectly, is there a way to hide these checks and bail out silently.

 Issue 743270  has been merged into this issue.

need to fix the spacing in test, looks like coming from "% WasmNumInterpretedCalls"

Looks like my fuzzer can reach these through this. maybe i need to explicitly disable it somehow so that they dont recurse through this.

This is a serious security regression. If you are not able to fix this quickly, please revert the change that introduced it.

If this doesn't affect a release branch, or has not been properly classified for severity, please update the Security_Impact or Security_Severity labels, and remove the ReleaseBlock label. To disable this altogether, apply ReleaseBlock-NA.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

-> current sheriff

Re #4: I don't see any call to %WasmNumInterpretedCalls in the test. Do you mean %NeverOptimizeFunction?
It might not be detected by the blacklist because it's contained in a string which is later eval'ed.

I meant in dupe bug - https://clusterfuzz.com/v2/testcase-detail/5413514239016960?noredirect=1 which has this. Don't know what is causing this one.

We had this before in  https://crbug.com/724459 . There, the problem was that I uploaded a test case which had "% WasmNumInterpretedCalls" (clang-format ;) ).
This was fixed, so no idea why CF picks up such calls again...

I just delete c#11 testcase, it was detected on 5/22 before your fix went in.

So, the now the issue is testcase in c#0 and why it is showing up. We also should think if we can have a workaround to disable these checks for fuzzing builds, since they can call into runtime functions through this. ? no ?

I'm going to address the "% FooBar()" issue in this CL: https://chromium-review.googlesource.com/c/575053/

URGENT - PTAL.
Your bug is labelled as Stable ReleaseBlock, pls make sure to land the fix and get it merged into the M61 branch #3163 ASAP to have enough baking time in Beta before Stable promotion. Thank you!

Know that this issue shouldn't block the release?  Remove the ReleaseBlock-Stable label.

ClusterFuzz has detected this issue as fixed in range 490630:490712.

Detailed report: https://clusterfuzz.com/testcase?key=5360824679137280

Fuzzer: inferno_js_fuzzer
Job Type: windows_asan_d8
Platform Id: windows

Crash Type: CHECK failure
Crash Address: 
Crash State:
  args[0]->IsJSFunction() in runtime-test.cc
  v8::platform::PrintStackTrace
  v8::internal::Runtime_NeverOptimizeFunction
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_d8&range=471275:471285
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_d8&range=490630:490712

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5360824679137280


See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5360824679137280 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Hi ishell@ - looks like the fix range is in 62, is there anything identified we could merge to 61?

This bug requires manual review: M61 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), ketakid@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

+ awhalley@ (Security TPM) for M61 merge review.

It does not look like there is anything to merge. Neither is this a security issue.
ishell@ is OOO, so I just go ahead and update the classification of this bug.