This crash looks like the standard response to attempting to load a Mojo module that doesn't exist. We should really make mojo.define() resilient to that to prevent false positives when constructing fuzz test cases against layout tests.

What revision of Chromium did you see this crash with?

Has this CL already fixed the problem?
https://chromium.googlesource.com/chromium/src/+/2eb97bdbc5ebc7fec94c53010b064c677e4cab8f

From the report it looks like the crash happened at r379959 so yes, that patch has likely fixed the issue.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4830767162589184

Fuzzer: ochang_domfuzzer
Job Type: windows_asan_content_shell
Platform Id: windows

Crash Type: UNKNOWN READ
Crash Address: 0x00000004
Crash State:
  blink::WebURLResponse::url
  content::MojoContextState::OnFetchModuleComplete
  base::internal::Invoker<base::IndexSequence<0,1>,base::internal::BindState<base:
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=windows_asan_content_shell&range=379564:379959

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv964GKBamSoD8rWMM0hTxIVr-U_I4VLUszubW5b4GIqQnd5BbJnnkpqfDwkhFVQVUyldujlHaXz902Zb1w0emSfD8JUxPv_V97A54XREvaBl3i8q3srH5RyGbnPNhvTMZzIKQE5sZQxsSQPdYX3TI755AsIjDXGlBOiiLGth-TG4e8v6n-0


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot