Assigning to the concern owner from Predator results --
The result is a list of CLs that change the crashed files. 

Author: chongz
Project: chromium
Changelist: https://chromium.googlesource.com/chromium/src/+/73324e59ad313ca374603b571167e688ca505080
Time: Mon Feb 27 19:55:29 2017
Lines 2075-2080 of file EditingUtilities.cpp which potentially caused crash are changed in this cl (frame #4, "blink::targetRangesForInputEvent"). 

File EditorCommand.cpp is changed in this cl (and is part of stack frame #5, "blink::Editor::Command::getTargetRanges"; frame #6, "blink::Editor::Command::execute")
Minimum distance from crash line to modified line: 0. (file: EditingUtilities.cpp, crashed on: 2080, modified: 2080).

@chongz -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b05824d69f2a8403552ef9e29bebdece24005400

commit b05824d69f2a8403552ef9e29bebdece24005400
Author: chongz <chongz@chromium.org>
Date: Fri Mar 03 17:46:30 2017

[InputEvent] Add null check before converting Range to StaticRange

It's possible for |firstRangeOf()| to return null (see test case), and we shouldn't try to
construct StaticRange in this case.

BUG= 697319 

Review-Url: https://codereview.chromium.org/2727293003
Cr-Commit-Position: refs/heads/master@{#454614}

[add] https://crrev.com/b05824d69f2a8403552ef9e29bebdece24005400/third_party/WebKit/LayoutTests/fast/events/inputevents/inputevent-invalid-selection-crash.html
[modify] https://crrev.com/b05824d69f2a8403552ef9e29bebdece24005400/third_party/WebKit/Source/core/editing/EditingUtilities.cpp

ClusterFuzz has detected this issue as fixed in range 454459:454618.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5984750864171008

Fuzzer: ochang_domfuzzer
Job Type: linux_asan_chrome_v8_arm
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x00000008
Crash State:
  blink::StaticRange::create
  blink::targetRangesForInputEvent
  blink::Editor::Command::getTargetRanges
  
Sanitizer: address (ASAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=453249:453322
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_v8_arm&range=454459:454618

Reproducer Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94fGP5WDp2pAB1hN09Lwia0pX7AXg4heWUf5eZmAitl_oBR0gEOdxYj23b62HSS8uln2qlRdqEfAS6SeMApUevomUpI0nEmpfjtMi4GsU2AclA9W-_iPPb4_QfbOvHIyqimMWwwqTbk7xeHrQ1M1wOAy2Ondma-TjB9PNQcbcpH65NXW1UKo_tXjZ4nAcGxKd4N90QuC6R3sKqCK9d0ykO2oIimUSrqSEfo4PQk_U5K8-zuT75qvpFXptvS4tSuN4gRGfMNv-c1CMEQuPrxrrhcLxV8TXF-D-vFS4OmOV2b9q_N1PWuaibuVc_okl-L81X_BJC6nB45JiLXTBW3C2JQnkkluoe_HzmQrxW5oD_Yt-BjSeQ?testcase_id=5984750864171008


Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 5984750864171008 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Issue 704076 has been merged into this issue.

Your change meets the bar and is auto-approved for M58. Please go ahead and merge the CL to branch 3029 manually. Please contact milestone owner if you have questions.
Owners: amineer@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Merged in patch https://codereview.chromium.org/2763833006 but not sure why it doesn't show up here.