yzshen@: This looks like a security bug in mojo bindings while a renderer is being torn down. Can you please take a look or else help find a different owner?

ClusterFuzz has detected this issue as fixed in range 427006:427199.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6367129144393728

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_asan_chrome_mp
Platform Id: linux

Crash Type: UNKNOWN READ
Crash Address: 0x7ecdffb45248
Crash State:
  blink::Permissions::serviceConnectionError
  mojo::InterfaceEndpointClient::NotifyError
  mojo::internal::MultiplexRouter::ProcessNotifyErrorTask
  
Recommended Security Severity: Low

Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=420372:420502
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_asan_chrome_mp&range=427006:427199

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94OsMRYmrjkD5X4Y8YF3LVeEH_jc2kYjXTbQbWOUWRHsNtDVwgoHADRZlB0Egxe-dkIG8uimHD6iUPcBJPGRBDLZYvue1rAfHB4rHiPiM6LiNokfxOgDkYYfJP72UZsvhiX5xjaPHPyZRMCY5UZe_9pGSdObA?testcase_id=6367129144393728


Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot