Issue 786830  has been merged into this issue.

This looks like an issue in WebAudio:

var context = new AudioContext();
    var gain = context.createGain();
    var analyser = context.createAnalyser();
    var osc = context.createOscillator();
    gain.connect(analyser);
    var array = new Uint8Array(analyser.frequencyBinCount);
      analyser.getByteTimeDomainData(array);

Unable to provide possible suspect using Predator, CL and Code Search.
Could someone please look into the issue.

Thank You...

 Issue 789131  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6d31045ab9612f7810eff523cdda1ebb919f6a2e

commit 6d31045ab9612f7810eff523cdda1ebb919f6a2e
Author: Raymond Toy <rtoy@chromium.org>
Date: Tue Nov 28 18:46:47 2017

Atomically access RealtimeAnalyser write_index_

The write index for the buffer that holds the time domain data is read
from the main thread and written by the audio thread.  Atomically
access these and also read (and write) them exactly once in each
routine so that they don't get out of sync within each routine.

Can't add a trylock to protect access in WriteInput because if the
audio thread can't get the lock, there will be strange gaps in the
saved data.  It's ok if the main thread reads a slightly old value of
the index; the data is just a bit stale, which is fine for the
AnalyserNode.

Bug:  786829 
Test: test case from bug passes
Change-Id: Id8d5658b9610beb0d78c2c16d9eac579406e4c2b
Reviewed-on: https://chromium-review.googlesource.com/790945
Reviewed-by: Hongchan Choi <hongchan@chromium.org>
Commit-Queue: Raymond Toy <rtoy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#519767}
[modify] https://crrev.com/6d31045ab9612f7810eff523cdda1ebb919f6a2e/third_party/WebKit/Source/modules/webaudio/RealtimeAnalyser.cpp
[modify] https://crrev.com/6d31045ab9612f7810eff523cdda1ebb919f6a2e/third_party/WebKit/Source/modules/webaudio/RealtimeAnalyser.h

ClusterFuzz testcase 6394573382483968 is verified as fixed, so closing issue as verified.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

ClusterFuzz has detected this issue as fixed in range 519666:519669.

Detailed report: https://clusterfuzz.com/testcase?key=6402602857398272

Fuzzer: inferno_layout_test_unmodified
Job Type: linux_tsan_chrome_mp
Platform Id: linux

Crash Type: Data race READ 8
Crash Address: 0x7f1a30157810
Crash State:
  blink::RealtimeAnalyser::GetByteTimeDomainData
  blink::AnalyserNode::getByteTimeDomainData
  blink::V8AnalyserNode::getByteTimeDomainDataMethodCallback
  
Sanitizer: thread (TSAN)

Fixed: https://clusterfuzz.com/revisions?job=linux_tsan_chrome_mp&range=519666:519669

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6402602857398272

See https://github.com/google/clusterfuzz-tools for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.