Assigning to the concern owner from Predator results --
The result is a list of CLs that change the crashed files. 

Author: jbroman
Project: chromium-v8
Changelist: https://chromium.googlesource.com/v8/v8.git/+/8990399dc7c2f36ba4f566a415a0823d229dff21
Time: Thu Feb 16 13:59:56 2017
File value-serializer.cc is changed in this cl (and is part of stack frame #2, "v8::internal::ValueDeserializer::ReadObjectUsingEntireBufferForLegacyFormat")
Minimum distance from crash line to modified line: 43. (file: value-serializer.cc, crashed on: 1875, modified: 1832).

@jbroman -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/68960eeb763f93dcedb37d5b663b1019192b7f36

commit 68960eeb763f93dcedb37d5b663b1019192b7f36
Author: jbroman <jbroman@chromium.org>
Date: Thu Feb 23 13:23:00 2017

ValueDeserializer: Make sure that an exception is the legacy path.

The entry points to the deserializer are responsible for ensuring that an
exception is pending by the time they return. Some failures throw exceptions
themselves, while others (like errors in the format) are exceptions caused by
the deserializer, not coming from the runtime.

Like the non-legacy path, a default deserialization exception should be thrown
in such cases.

BUG= chromium:693411 

Review-Url: https://codereview.chromium.org/2712713002
Cr-Commit-Position: refs/heads/master@{#43390}

[modify] https://crrev.com/68960eeb763f93dcedb37d5b663b1019192b7f36/src/value-serializer.cc

ClusterFuzz has detected this issue as fixed in range 452783:452803.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5366274650800128

Fuzzer: libfuzzer_v8_serialized_script_value_fuzzer
Job Type: libfuzzer_chrome_asan_debug
Platform Id: linux

Crash Type: UNKNOWN
Crash Address: 0x7f8c40441228
Crash State:
  v8::internal::ValueDeserializer::ReadObjectUsingEntireBufferForLegacyFormat
  v8::ValueDeserializer::ReadValue
  blink::V8ScriptValueDeserializer::deserialize
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=451040:451140
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_asan_debug&range=452783:452803

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97pyMELK7_PL0jF5nMyoU2DpYUv_F32sCBHl3Djp2vuJ-65HwXUQc2iJv6gwVfKsgZTfzLM1akLykb-ypwxaf9giaRYilJTmZbwYdlo7pC2bgGYMkFGZ4j5YHOCdq1dpc5ZnuvV73s0hr3GWKtwZZ1oGzhX-g4mTnl94r1heTQVWHYYVOL3b8hbpHRjTSlH91K7JBBdqVjO9Ns4x9EKMwnjdiZzLg7l74XmbPl1xXdQdn7rIHF0qUNTs0EQE_JH4miapzAERWMyh_Fqr63JFQz8rh6xfI_deeWVk5N7b5gUPm7fn2MHIzVCnLR0qeUnIjxVZYdlVfMiCraBQaydNrSyAoTd82FeEa5Xs8fivkCKhnWksLjGpv1lHLmA4xoXFGx9_tmDgLzEY_MSgeAKNtLm09IplA?testcase_id=5366274650800128


See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5366274650800128 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.