Using code search, following CL's are suspecting:

https://chromium.googlesource.com/chromium/src/+/dcf3826071f4aa88abe1bd2ebe3a71f510a238ed

https://chromium.googlesource.com/chromium/src/+/83aabb0c32bf01f588292dc992b135f7f2dd22ca

dgozman@, Could you please take a look?

Root cause same as  Issue 615795  which is duped into Issue 615712

ClusterFuzz has detected this issue as fixed in range 397130:397162.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=5921662621188096

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race READ 4
Crash Address: 0x7d2000012f00
Crash State:
  blink::SourceLocation::~SourceLocation
  blink::WorkerOrWorkletScriptController::ExecutionState::~ExecutionState
  blink::WorkerOrWorkletScriptController::evaluate
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=396083:396125
Fixed: https://cluster-fuzz.appspot.com/revisions?job=linux_tsan_chrome_mp&range=397130:397162

Minimized Testcase (0.24 Kb):
Download: https://cluster-fuzz.appspot.com/download/AMIfv95QC3dNJcZYRXFLKFdCFf6cqNG9gcj5Ggpk8fKmevTr-_hodidmfZJL1lJO9_MQhM2afxmrL-cIup0hVw_OaN7cxD5CjQaOswyKtptqymG3rvlIePFp3VKzN9WNXo0XVYOec3ukc9jk8gpfz-pmKM2YtBhzBg
<script>
function log()
{
"result".innerHTML += message + "<br>";
}
var testCases = [
];

function runNextTest()
{
    
}
{

}
{
        var worker = new Worker("");
        worker.onerror = function() {
            log();
        }
}
    
</script>


See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot