diff --git a/src/compiler/js-call-reducer.cc b/src/compiler/js-call-reducer.cc
index 5e1a4db2f2..91020c3f96 100644
--- a/src/compiler/js-call-reducer.cc
+++ b/src/compiler/js-call-reducer.cc
@@ -2557,8 +2557,20 @@ Reduction JSCallReducer::ReduceArrayIndexOfIncludes(
   Node* new_from_index = jsgraph()->ZeroConstant();
   if (node->op()->ValueInputCount() >= 4) {
     Node* from_index = NodeProperties::GetValueInput(node, 3);
-    new_from_index = effect = graph()->NewNode(
-        simplified()->CheckSmi(p.feedback()), from_index, effect, control);
+    from_index = effect = graph()->NewNode(simplified()->CheckSmi(p.feedback()),
+                                           from_index, effect, control);
+    // If the index is negative, it means the offset from the end and therefore
+    // needs to be added to the length. If the result is still negative, it
+    // needs to be clamped to 0.
+    new_from_index = graph()->NewNode(
+        common()->Select(MachineRepresentation::kTagged, BranchHint::kFalse),
+        graph()->NewNode(simplified()->NumberLessThan(), from_index,
+                         jsgraph()->ZeroConstant()),
+        graph()->NewNode(
+            simplified()->NumberMax(),
+            graph()->NewNode(simplified()->NumberAdd(), length, from_index),
+            jsgraph()->ZeroConstant()),
+        from_index);
   }
 
   Node* context = NodeProperties::GetContextInput(node);
diff --git a/test/mjsunit/regress/regress-842612.js b/test/mjsunit/regress/regress-842612.js
new file mode 100644
index 0000000000..d489f969c5
--- /dev/null
+++ b/test/mjsunit/regress/regress-842612.js
@@ -0,0 +1,16 @@
+// Copyright 2018 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+var arr = [undefined];
+
+function f() {
+  assertEquals(0, arr.indexOf(undefined, -1));
+}
+
+f();
+f();
+%OptimizeFunctionOnNextCall(f);
+f();