Predator and CL did not find any possible suspects.
Using Code Search for the file, "DynamicsCompressorNode.cpp" assigning to the concern owner.
Suspecting Commit#
https://chromium.googlesource.com/chromium/src/+/ef006156fd62853a893617ca104f4ac2045e19c1

@rtoy -- Could you please look into the issue, kindly re-assign if this is not related to your changes.
Thank You.

@hongchan PTAL.

Looks like DynamicsCompressor::Process is running while DisableOutputsIfNecessary is also running on the main thread.  I'm guessing the stopped node is disconnecting itself on the main thread.  Not exactly sure how to fix this.

Process may also be missing a process lock because the parameters could be modified in the main thread while we're running?

rtoy@ and I locally confirmed that the proper tail time processing will resolve this issue by removing ClearInternalStateWhenDisabled() method.

Hopefully the tail time processing implementation will land soon.

We still have a data race in getter/setter of .reduction value. Address it after the tail time processing is landed.

 Issue 731518  has been merged into this issue.

ClusterFuzz has detected this issue as fixed in range 491089:491177.

Detailed report: https://clusterfuzz.com/testcase?key=6423698969198592

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race WRITE 4
Crash Address: 0x7b2c000067b8
Crash State:
  blink::DynamicsCompressorHandler::Process
  blink::AudioHandler::ProcessIfNecessary
  blink::AudioNodeOutput::Pull
  
Sanitizer: thread (TSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=479570:479572
Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=491089:491177

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6423698969198592


See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

ClusterFuzz testcase 6423698969198592 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

CF verification is incorrect. This is still available.

This should have been fixed in https://chromium-review.googlesource.com/c/chromium/src/+/661165 which removed the method
blink::DynamicsCompressorHandler::ClearInternalStateWhenDisabled()

See  issue 733552 , which clusterfuzz says has been fixed.

The clusterfuzz testcase number for this issue and  issue 733552  is the same.

Closing as verified since  issue 733552  is verified.

ClusterFuzz has detected this issue as fixed in range 543877:543884.

Detailed report: https://clusterfuzz.com/testcase?key=6423698969198592

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race WRITE 4
Crash Address: 0x7b2c000067b8
Crash State:
  blink::DynamicsCompressorHandler::Process
  blink::AudioHandler::ProcessIfNecessary
  blink::AudioNodeOutput::Pull
  
Sanitizer: thread (TSAN)

Regressed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=479570:479572
Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=543877:543884

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6423698969198592

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

jbroman@

I thought you'd want to know. The fixed range seems incorrect, but I believe this is fixed by a series of your CLs. Thanks again!