Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/88a4cf736ef10b213d2e29a841ac73934b8eccc7 ([esnext] ship --harmony-async-iteration).

If this is incorrect, please remove the owner and apply the Test-Predator-Wrong-CLs label.

caitp@igalia.com -- can you please take a look at this high severity security bug and fix it soon? thanks.

I'm taking a look... But looking at the reproduction, it looks like %RunMicrotasks is being called recursively from within one of the microtask handlers, which is an error and has always crashed, afaik.

The only thing this test really has to do with async iteration is that it would have failed with a SyntaxError before shipping.

And that's exactly what's happening. Since %RunMicrotasks is a test API, it's probably better to crash than throw an exception when it's invoked recursively, otherwise it will be very easy to write tests which seem to pass when they shouldn't.

Is there a way to prevent this pattern from occurring in future clusterfuzz tests?

I'm going to mark this as WontFix for now, but lets re-open if there's something I can do to get this pattern out of clusterfuzz

ClusterFuzz testcase 6696870234816512 is still reproducing on tip-of-tree build (trunk).

If this testcase was not reproducible locally or unworkable, ignore this notification and we will file another bug soon with hopefully a better and workable testcase.

Otherwise, if this is not intended to be fixed (e.g. this is an intentional crash), please add ClusterFuzz-Ignore label to prevent future bug filing with similar crash stacktrace.

ClusterFuzz has detected this issue as fixed in range 49841:49842.

Detailed report: https://clusterfuzz.com/testcase?key=6696870234816512

Fuzzer: ochang_js_fuzzer
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: DCHECK failure
Crash Address: 
Crash State:
  !microtask_context_ in api.h
  EnterMicrotaskContext
  v8::internal::Isolate::RunMicrotasksInternal
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=48067:48068
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_dbg&range=49841:49842

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6696870234816512

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot