Predator and CL did not find any possible suspects.
Using Code Search for the file, "EditingUtilities.cpp", assigning to the concern owner.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/07359e3b41086b15af2bf433a28f1a4d8b31ff9b

@chongz -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

Narrow bisect points to https://chromium.googlesource.com/chromium/src/+/92c26eed9fd8834e1da3283e8bd45952aa4f0d6b

xiaochengh@ Can you check if this is related to your change? Thanks!

--
BTW msrchandra@ here is a good guide on how to use narrow bisect, hope that helps:
https://sites.google.com/a/google.com/chrome-te/home/tools/bisect-builds?pli=1

Lowering to P2 due to low usage of document.execCommand('justifyFull').

This is an existing bug revealed by r448225. CompositeEditCommand::moveParagraphs seems to have something wrong when processing mixed editability, as it hits the following DCHECK. Prior to r448225, Blink used to tear off contenteditable=false incorrectly, and hence, didn't need to processed mixed editability.

[1:1:0217/093125.615347:241335867558:FATAL:EphemeralRange.cpp(31)] Check failed: m_startPosition.isConnected(). 
#0 0x7fd79101684b base::debug::StackTrace::StackTrace()
#1 0x7fd791014e8c base::debug::StackTrace::StackTrace()
#2 0x7fd791082fcf logging::LogMessage::~LogMessage()
#3 0x7fd7877d350d blink::EphemeralRangeTemplate<>::EphemeralRangeTemplate()
#4 0x7fd78780ea3f blink::VisibleSelectionTemplate<>::toNormalizedEphemeralRange()
#5 0x7fd7878e5325 blink::SpellChecker::markMisspellingsInternal()
#6 0x7fd7878e699c blink::SpellChecker::markMisspellingsForMovingParagraphs()
#7 0x7fd78785563f blink::CompositeEditCommand::moveParagraphs()
#8 0x7fd78785729d blink::CompositeEditCommand::moveParagraph()
#9 0x7fd7878638e6 blink::DeleteSelectionCommand::mergeParagraphs()
#10 0x7fd787864a32 blink::DeleteSelectionCommand::doApply()
#11 0x7fd78784f328 blink::CompositeEditCommand::applyCommandToComposite()
#12 0x7fd787851e35 blink::CompositeEditCommand::deleteSelection()
#13 0x7fd787895352 blink::TypingCommand::deleteKeyPressed()
#14 0x7fd78789799d blink::TypingCommand::doApply()
#15 0x7fd78784f06c blink::CompositeEditCommand::apply()
#16 0x7fd787894787 blink::TypingCommand::deleteKeyPressed()
#17 0x7fd7878692c6 blink::executeDelete()

ClusterFuzz has detected this issue as fixed in range 471041:471079.

Detailed report: https://clusterfuzz.com/testcase?key=5447205659082752

Fuzzer: ifratric-browserfuzzer-v3
Job Type: mac_asan_chrome
Platform Id: mac

Crash Type: UNKNOWN READ
Crash Address: 0x000000000020
Crash State:
  blink::hasEditableStyle
  blink::rootEditableElement
  blink::DeleteSelectionCommand::removeRedundantBlocks
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=448221:448225
Fixed: https://clusterfuzz.com/revisions?job=mac_asan_chrome&range=471041:471079

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=5447205659082752


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5447205659082752 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.