Predator and CL could not provide any possible suspects.
Using the code search for the file, “InsertTextCommand.cpp” assigning to concern owner from GIT revision log.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/41a8961aaa4a9c58c031b7ad6f11b0b6f86f8be5

@xiaochengh-- Could you please look into this issue, kindly reassign if it has nothing to do with the above changes.

Note: Assigning it to xiaochengh@ as we were unable to assign to akariasai@.

Thank You.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4d2e7fe07ee3434babeed15f4cb8968d898170fb

commit 4d2e7fe07ee3434babeed15f4cb8968d898170fb
Author: Xiaocheng Hu <xiaochengh@chromium.org>
Date: Tue Oct 31 03:51:24 2017

Abort InsertTextCommand if there is no VisibleSelection after deleting selection

InsertTextCommand deletes the content of the current selected range
before inserting new text. In certain cases, there is non-null selection
after the deletion, but the corresponding VisibleSelection is null. This
patch makes InsertTextCommand abort in such cases to avoid crashing.

Bug:  779376 
Change-Id: I84538fe1ccd4200e9505701e7cbe700c48ea101a
Reviewed-on: https://chromium-review.googlesource.com/744388
Commit-Queue: Yoshifumi Inoue <yosin@chromium.org>
Reviewed-by: Yoshifumi Inoue <yosin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#512737}
[modify] https://crrev.com/4d2e7fe07ee3434babeed15f4cb8968d898170fb/third_party/WebKit/Source/core/editing/commands/InsertTextCommand.cpp
[modify] https://crrev.com/4d2e7fe07ee3434babeed15f4cb8968d898170fb/third_party/WebKit/Source/core/editing/commands/InsertTextCommandTest.cpp

ClusterFuzz has detected this issue as fixed in range 512724:512739.

Detailed report: https://clusterfuzz.com/testcase?key=4938056229715968

Fuzzer: inferno_layout_test_unmodified
Job Type: windows_asan_chrome_no_sandbox
Platform Id: windows

Crash Type: Null-dereference READ
Crash Address: 0x00000014
Crash State:
  blink::Node::NodeIndex
  blink::PositionTemplate<class blink::EditingAlgorithm<class blink::NodeTraversal
  blink::InsertTextCommand::DoApply
  
Sanitizer: address (ASAN)

Regressed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=495902:496126
Fixed: https://clusterfuzz.com/revisions?job=windows_asan_chrome_no_sandbox&range=512724:512739

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4938056229715968

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4938056229715968 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.