Automatically assigning owner based on suspected regression changelist https://chromium.googlesource.com/v8/v8/+/096db4f06b83f3c40dee9662b9e870b402516b00 ([typedarray] Port the TypedArray constructor dispatcher to CSA.).

If this is incorrect, please let us know why and apply the Test-Predator-Wrong-CLs label. If you aren't the correct owner for this issue, please unassign yourself as soon as possible so it can be re-triaged.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/2cfacb743d2f489e484e50c4d947b66d87abf4c1

commit 2cfacb743d2f489e484e50c4d947b66d87abf4c1
Author: Peter Marshall <petermarshall@chromium.org>
Date: Mon Jan 22 14:27:22 2018

[typedarray] Use native context in elements accessor.

A check will fail if the context passed in is not a native context.
Change the code to get the native context from the passed context.

Bug:  chromium:804288 
Change-Id: Iad314a3dd170355cf524b9230a692a6329564f8a
Reviewed-on: https://chromium-review.googlesource.com/878324
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50761}
[modify] https://crrev.com/2cfacb743d2f489e484e50c4d947b66d87abf4c1/src/elements.cc
[add] https://crrev.com/2cfacb743d2f489e484e50c4d947b66d87abf4c1/test/mjsunit/regress/regress-804288.js

ClusterFuzz has detected this issue as fixed in range 50760:50761.

Detailed report: https://clusterfuzz.com/testcase?key=5350534159794176

Fuzzer: ochang_js_fuzzer
Job Type: linux_asan_d8_v8_arm_dbg
Platform Id: linux

Crash Type: DCHECK failure
Crash Address: 
Crash State:
  IsNativeContext() in contexts-inl.h
  V8_Dcheck
  v8::internal::Context::is_initial_array_prototype
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm_dbg&range=50743:50744
Fixed: https://clusterfuzz.com/revisions?job=linux_asan_d8_v8_arm_dbg&range=50760:50761

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5350534159794176

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5350534159794176 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot