Unable to find actual suspect through code search and also observing no CL's under regression range, hence adding appropriate label and requesting someone from dev team to look in to this issue.

Thanks!

drott@, just wondering do you have any inputs here?

I am assuming this might be fixed in HarfBuzz already (CC behdad@). We're working on a larger HarfBuzz roll in https://chromium-review.googlesource.com/c/chromium/src/+/1275945

ClusterFuzz has detected this issue as fixed in range 609675:609676.

Detailed report: https://clusterfuzz.com/testcase?key=4512694943875072

Fuzzer: puzzor
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race WRITE 8
Crash Address: 0x5586c7d08750
Crash State:
  hb_set_t::page_for_insert
  bool OT::Coverage::add_coverage<hb_set_t>
  OT::SingleSubstFormat2::collect_glyphs
  
Sanitizer: thread (TSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=608500:608501
Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=609675:609676

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=4512694943875072

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 4512694943875072 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Yep: https://github.com/harfbuzz/harfbuzz/commit/94e421abbfc7ede9aaf3c8d86bb0ff9992ea3123