Based on the code search on 'task.cc':

Suspected change: https://codereview.chromium.org/1866043006

prashant.n@: Could you please take a look at this.

Thank you!

I get not authorized error for the link -

https://cluster-fuzz.appspot.com/download/AMIfv972WmVCMICK3YccoKns1AvTiiK8io9r9mkM7z4hD5IVmDATm8xnhTsSvnUsTSNjMUqyaGs8Hp3HL7VB7bIs-O4li3axuuepQ262F0167M-JUuRgQ2dTU3U-ad6jKJ5xyhR6xLuNd8ajZPnTl07QNo7o1mC2Qw

and looks like similar to 615340.

Can I know how can I reproduce this locally on my computer? (I'm new to cluster-fuzz.)

I understood problem, but for reproducing I'll need assistance. I'll provide the patch soon.

Please refer to http://dev.chromium.org/developers/testing/threadsanitizer-tsan-v2 for the instructions on building and running tests with TSan.

I've submitted the patch for fixing the issue at https://codereview.chromium.org/2018353005/. Once the linux tsan bot is happy, I'll commit the patch.

Thank you glider@.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/535763c29025109f45c9230ca57e35e535a1175a

commit 535763c29025109f45c9230ca57e35e535a1175a
Author: prashant.n <prashant.n@samsung.com>
Date: Mon May 30 17:39:00 2016

cc: Fix data race in cc::TaskState::IsFinished.

The https://codereview.chromium.org/1866043006/ caused data race, as
the worker and origin threads try to access the Task::state() at the
same time. The member to be accessed on origin thread is now kept
different as it was previously. Now Task::state() is used in worker
thread. It also used in origin thread, when it is safe to be used.
e.g. Task has been processed completely by task graph runner.

BUG= 615809 ,  615340 
CQ_INCLUDE_TRYBOTS=tryserver.blink:linux_blink_rel

Review-Url: https://codereview.chromium.org/2018353005
Cr-Commit-Position: refs/heads/master@{#396741}

[modify] https://crrev.com/535763c29025109f45c9230ca57e35e535a1175a/cc/raster/raster_buffer_provider_perftest.cc
[modify] https://crrev.com/535763c29025109f45c9230ca57e35e535a1175a/cc/raster/tile_task.cc
[modify] https://crrev.com/535763c29025109f45c9230ca57e35e535a1175a/cc/raster/tile_task.h
[modify] https://crrev.com/535763c29025109f45c9230ca57e35e535a1175a/cc/test/fake_tile_task_manager.cc
[modify] https://crrev.com/535763c29025109f45c9230ca57e35e535a1175a/cc/test/test_tile_task_runner.cc
[modify] https://crrev.com/535763c29025109f45c9230ca57e35e535a1175a/cc/tiles/tile_manager.cc
[modify] https://crrev.com/535763c29025109f45c9230ca57e35e535a1175a/cc/tiles/tile_task_manager.cc

ClusterFuzz has detected this issue as fixed in range 396634:396810.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6538270070800384

Fuzzer: attekett_surku_fuzzer
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race READ 2
Crash Address: 0x7d2c0001aa4c
Crash State:
  cc::TaskState::IsFinished
  cc::TileManager::ScheduleTasks
  cc::TileManager::PrepareTiles
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=396125:396253
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=396634:396810

Minimized Testcase (2.03 Kb): https://cluster-fuzz.appspot.com/download/AMIfv972WmVCMICK3YccoKns1AvTiiK8io9r9mkM7z4hD5IVmDATm8xnhTsSvnUsTSNjMUqyaGs8Hp3HL7VB7bIs-O4li3axuuepQ262F0167M-JUuRgQ2dTU3U-ad6jKJ5xyhR6xLuNd8ajZPnTl07QNo7o1mC2Qw

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot