Unable to find the exact suspect,seen some recent changes to the file "MediaQueryEvaluator.cpp" through code search.

Possible suspect::
https://chromium.googlesource.com/chromium/src/+/7cb1e690280683811b7ca034d5ac9090927a9398%5E%21/

dgozman @ Could you please look into this issue if it is related to your change,else please route this to an appropriate dev person.

thanks,

I think yoav@ is a better owner here.

Can you attach the test case here? I don't have permissions to download it from clusterfuzz

Here is the attached test case.

Deleted: fuzz-171.html 107 bytes

fuzz-171.html 107 bytes View Download

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4507623759544320

Fuzzer: attekett_dom_fuzzer
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race READ 8
Crash Address: 0x7fcadaa53060
Crash State:
  blink::MediaQueryEvaluator::eval
  blink::MediaQueryEvaluator::eval
  blink::MediaQueryEvaluator::eval
  

Minimized Testcase (0.10 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97YXRtuKNZwh-jj05ORkWaHPkJ6ZtCTVXoWHq7YIk13A5bldPrzf0LHYVBavOoNbw8h3vr58jYGV7X2a-nhWaTIDUiOKXL9bqP5ha58nlnacDv5mx8015o477w1AaYcFl96yBo9b1f5v4FfzUqeRMFGyRx-Ug

Additional requirements: Requires Gestures

Filer: manoranjanr

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4507623759544320

Fuzzer: attekett_dom_fuzzer
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race READ 8
Crash Address: 0x7fcadaa53060
Crash State:
  blink::MediaQueryEvaluator::eval
  blink::MediaQueryEvaluator::eval
  blink::MediaQueryEvaluator::eval
  

Minimized Testcase (0.10 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97YXRtuKNZwh-jj05ORkWaHPkJ6ZtCTVXoWHq7YIk13A5bldPrzf0LHYVBavOoNbw8h3vr58jYGV7X2a-nhWaTIDUiOKXL9bqP5ha58nlnacDv5mx8015o477w1AaYcFl96yBo9b1f5v4FfzUqeRMFGyRx-Ug

Additional requirements: Requires Gestures

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5904175275180032

Fuzzer: attekett_dom_fuzzer
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race READ 8
Crash Address: 0x7f1e3563feb0
Crash State:
  blink::MediaQueryEvaluator::eval
  blink::MediaQueryEvaluator::eval
  blink::MediaQueryEvaluator::eval
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95o1mC1b7Je-Bj-Kzdj2fe6GZvB40lcHhI628iKBWKKItc8KJiC_einNdhGMWY_8Koxp2-AYM7QqONcjT39laJKW52a8TioWkd-K3QNtI4iNLoYTVqE-LAPE-yW5ymeWUiKfhQAMrkBddoJ8qWPRemp1FSGz3Yh6x1n12evXcyZGVIvyaQ


Filer: ranjitkan

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

ClusterFuzz has detected this issue as fixed in range 393907:394251.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5904175275180032

Fuzzer: attekett_dom_fuzzer
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race READ 8
Crash Address: 0x7f1e3563feb0
Crash State:
  blink::MediaQueryEvaluator::eval
  blink::MediaQueryEvaluator::eval
  blink::MediaQueryEvaluator::eval
  
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=393907:394251

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv95o1mC1b7Je-Bj-Kzdj2fe6GZvB40lcHhI628iKBWKKItc8KJiC_einNdhGMWY_8Koxp2-AYM7QqONcjT39laJKW52a8TioWkd-K3QNtI4iNLoYTVqE-LAPE-yW5ymeWUiKfhQAMrkBddoJ8qWPRemp1FSGz3Yh6x1n12evXcyZGVIvyaQ


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Marking 'Fixed' as per c#9.

Thank you!

Marking 'Fixed' as per c#9.

Thank you!

ClusterFuzz has detected this testcase as flaky and is unable to reproduce it in the original crash revision. Skipping fixed testing check and marking it as potentially fixed.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6407944530296832

Fuzzer: attekett_surku_fuzzer
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race READ 8
Crash Address: 0x7fe402cdae58
Crash State:
  blink::MediaQueryEvaluator::eval
  blink::MediaQueryEvaluator::eval
  blink::MediaQueryEvaluator::eval
  

Unminimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv97fXeVf_aOCZEkiwHUNPVrMS0d-GlphTQx_8IYB5RPQTFQCv02QvHtFwfhsxrxEYDmNOw4DOFMMTXNWRfPiP1N3x6iL8g-Zfurk1aLAtN9Oo91C7CSEKglO2g3ophicXz_YyNLdHqNxDcdpU9i3lqrYm0Xj_dhHYHXv9AJ_PUHukYxiquY


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot