Predator did not provide any possible suspects.
Using Code Search for the file, "LocalWindowProxy.cpp" and from the CL assigning to the concern owner.
CL --
https://chromium.googlesource.com/chromium/src/+log/b077d802dd71ab917f22c2be4afe07a3564d150b..51fe5d22f29d3ef433197965ca69384c31c7804b?pretty=fuller

@yukishiino -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

This is a kind of OOM.  The repro case is consuming all JavaScript call stack or heap, and trying to create a new context.  This is an expected crash.

ClusterFuzz has detected this issue as fixed in range 476474:476520.

Detailed report: https://clusterfuzz.com/testcase?key=4702639515500544

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_ubsan_vptr_chrome
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !context.IsEmpty() in LocalWindowProxy.cpp
  blink::LocalWindowProxy::CreateContext
  blink::LocalWindowProxy::Initialize
  
Sanitizer: undefined (UBSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=435209:435314
Fixed: https://clusterfuzz.com/revisions?job=linux_ubsan_vptr_chrome&range=476474:476520

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4702639515500544


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.