Suspected CLs: Unable to determine culprit CLs without crash revision and regression information

Suspected Component: chromium

Findit did not find any Suspects, could anyone from the V8-sheriffs take a look into this and assign it appropriately.

ClusterFuzz has detected this issue as fixed in range 35153:35154.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6152625321410560

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_dbg
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x000000000007
Crash State:
  v8::internal::Context::native_context
  v8::internal::Isolate::native_context
  v8::internal::Map::IsMapInArrayPrototypeChain
  
Regressed: V8: r35136:35137
Fixed: V8: r35153:35154

Minimized Testcase (0.13 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95kkYGA05CfIDxtutusXAgPxZuWJLGBPsO974YbSr6S-zqo9NVCwACvDh4wRojJhOaNFVqhJUYNGMk2eh0nR-U31owL21Yuv0WKq4_-NrlgF4RqbX7Q2uInKLHpYrKTCIspu9GlV1DbsJlOE038ZT15Giu6hA
__v_2 = [];
__v_2[Math.pow(2,31)-1] = 0;
  for (let __v_5 = 0; __v_2.push(function () { return __v_5; }), __v_5 < 5; ++__v_5) { }


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

 Issue 599715  has been merged into this issue.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot