================================================================= ==4==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000441518 at pc 0x00000b7181d2 bp 0x7fd99d9f42b0 sp 0x7fd99d9f42a8 READ of size 8 at 0x611000441518 thread T58 (Media) #0 0xb7181d1 in ~DecryptingDemuxerStream media/filters/decrypting_demuxer_stream.cc:178:17 #1 0xb71827d in ?? media/filters/decrypting_demuxer_stream.cc:170:53 #2 0xb6fd430 in operator() buildtools/third_party/libc++/trunk/include/memory:2529:13 #3 0xb6fd430 in reset buildtools/third_party/libc++/trunk/include/memory:2735:0 #4 0xb6fd430 in ~DecoderStream media/filters/decoder_stream.cc:88:0 #5 0xb6fdcdd in ?? media/filters/decoder_stream.cc:69:45 #6 0xb6c4609 in operator() buildtools/third_party/libc++/trunk/include/memory:2529:13 #7 0xb6c4609 in reset buildtools/third_party/libc++/trunk/include/memory:2735:0 #8 0xb6c4609 in ~unique_ptr buildtools/third_party/libc++/trunk/include/memory:2703:0 #9 0xb6c4609 in ~VideoRendererImpl media/renderers/video_renderer_impl.cc:82:0 #10 0xb6c480d in ?? media/renderers/video_renderer_impl.cc:71:41 #11 0xb6b5592 in operator() buildtools/third_party/libc++/trunk/include/memory:2529:13 #12 0xb6b5592 in reset buildtools/third_party/libc++/trunk/include/memory:2735:0 #13 0xb6b5592 in ~RendererImpl media/renderers/renderer_impl.cc:116:0 #14 0xb6b5ced in ?? media/renderers/renderer_impl.cc:110:31 #15 0x5da9c59 in operator() buildtools/third_party/libc++/trunk/include/memory:2529:13 #16 0x5da9c59 in reset buildtools/third_party/libc++/trunk/include/memory:2735:0 #17 0x5da9c59 in ~unique_ptr buildtools/third_party/libc++/trunk/include/memory:2703:0 #18 0x5da9c59 in DestroyRenderer media/base/pipeline_impl.cc:849:0 #19 0x5da9c59 in Stop media/base/pipeline_impl.cc:274:0 #20 0x413b176 in Run base/callback.h:64:12 #21 0x413b176 in RunTask base/debug/task_annotator.cc:54:0 #22 0x400d9c8 in RunTask base/message_loop/message_loop.cc:405:19 #23 0x400e4f5 in DeferOrRunPendingTask base/message_loop/message_loop.cc:414:5 #24 0x400f58e in DoWork base/message_loop/message_loop.cc:513:13 #25 0x4016480 in Run base/message_loop/message_pump_default.cc:35:31 #26 0x4060786 in Run base/run_loop.cc:35:10 #27 0x40b8002 in ThreadMain base/threading/thread.cc:333:3 #28 0x40ab224 in ThreadFunc base/threading/platform_thread_posix.cc:71:13 #29 0x7fd9d7d69e99 in start_thread /build/eglibc-rrybNj/eglibc-2.15/nptl/pthread_create.c:308:0 0x611000441518 is located 24 bytes inside of 216-byte region [0x611000441500,0x6110004415d8) freed by thread T0 (content_shell) here: #0 0x514a2b in operator delete(void*) ??:0 #1 0xa4dde91 in Release base/memory/ref_counted.h:137:7 #2 0xa4dde91 in Release base/memory/ref_counted.h:407:0 #3 0xa4dde91 in ~scoped_refptr base/memory/ref_counted.h:311:0 #4 0xa4dde91 in ~WebContentDecryptionModuleSessionImpl media/blink/webcontentdecryptionmodulesession_impl.cc:238:0 #5 0xa4ddefd in ?? media/blink/webcontentdecryptionmodulesession_impl.cc:234:46 #6 0x9e2d7fb in operator() buildtools/third_party/libc++/trunk/include/memory:2529:13 #7 0x9e2d7fb in reset buildtools/third_party/libc++/trunk/include/memory:2735:0 #8 0x9e2d7fb in contextDestroyed third_party/WebKit/Source/modules/encryptedmedia/MediaKeySession.cpp:947:0 #9 0x3d96662 in notifyContextDestroyed third_party/WebKit/Source/platform/LifecycleNotifier.h:95:15 #10 0x7f9ef85 in notifyContextDestroyed third_party/WebKit/Source/core/dom/ExecutionContext.cpp:88:29 #11 0x7ef0a92 in shutdown third_party/WebKit/Source/core/dom/Document.cpp:2394:21 #12 0x912d5ad in prepareForCommit third_party/WebKit/Source/core/loader/FrameLoader.cpp:1262:26 #13 0x912dac1 in commitProvisionalLoad third_party/WebKit/Source/core/loader/FrameLoader.cpp:1281:8 #14 0x90ea64c in commitIfReady third_party/WebKit/Source/core/loader/DocumentLoader.cpp:254:20 #15 0x90ea64c in processData third_party/WebKit/Source/core/loader/DocumentLoader.cpp:563:0 #16 0x90ea1df in dataReceived third_party/WebKit/Source/core/loader/DocumentLoader.cpp:542:3 #17 0xca6962e in appendData third_party/WebKit/Source/core/fetch/RawResource.cpp:129:8 #18 0x83efc52 in didReceiveData third_party/WebKit/Source/core/fetch/ResourceLoader.cpp:183:15 #19 0x65ddaec in OnReceivedData content/child/web_url_loader_impl.cc:792:14 #20 0x65dee93 in OnReceivedData content/child/web_url_loader_impl.cc:969:13 #21 0x65b5803 in OnReceivedData content/child/resource_dispatcher.cc:343:25 #22 0x65bb304 in DispatchToMethodImpl &, 0, 1, 2, 3, 4> base/tuple.h:144:3 #23 0x65bb304 in DispatchToMethod &> base/tuple.h:151:0 #24 0x65bb304 in DispatchToMethod > ipc/ipc_message_templates.h:26:0 #25 0x65bb304 in Dispatch ipc/ipc_message_templates.h:121:0 #26 0x65b1aad in DispatchMessage content/child/resource_dispatcher.cc:567:5 #27 0x65b09cb in OnMessageReceived content/child/resource_dispatcher.cc:182:3 #28 0x413b176 in Run base/callback.h:64:12 #29 0x413b176 in RunTask base/debug/task_annotator.cc:54:0 #30 0x6f4c1b9 in ProcessTaskFromWorkQueue third_party/WebKit/Source/platform/scheduler/base/task_queue_manager.cc:344:19 #31 0x6f484b9 in DoWork third_party/WebKit/Source/platform/scheduler/base/task_queue_manager.cc:240:13 #32 0x413b176 in Run base/callback.h:64:12 #33 0x413b176 in RunTask base/debug/task_annotator.cc:54:0 #34 0x400d9c8 in RunTask base/message_loop/message_loop.cc:405:19 #35 0x400e4f5 in DeferOrRunPendingTask base/message_loop/message_loop.cc:414:5 #36 0x400f58e in DoWork base/message_loop/message_loop.cc:513:13 #37 0x4016480 in Run base/message_loop/message_pump_default.cc:35:31 #38 0x4060786 in Run base/run_loop.cc:35:10 #39 0x67bb23f in RendererMain content/renderer/renderer_main.cc:198:23 #40 0x2e4e7ac in RunZygote content/app/content_main_runner.cc:343:14 previously allocated by thread T0 (content_shell) here: #0 0x513deb in operator new(unsigned long) ??:0 #1 0x6a7032f in Create content/renderer/media/cdm/render_cdm_factory.cc:59:9 #2 0xa4d890c in CreateCdm media/blink/cdm_session_adapter.cc:55:16 #3 0xa4d070e in Create media/blink/webcontentdecryptionmodule_impl.cc:74:12 #4 0xa486dd1 in CreateCdm media/blink/webencryptedmediaclient_impl.cc:130:3 #5 0xa4d1dc4 in CreateCdm media/blink/webcontentdecryptionmoduleaccess_impl.cc:34:11 #6 0xa4d2061 in Invoke &, const blink::WebString &, const blink::WebSecurityOrigin &, const media::CdmConfig &, std::__1::unique_ptr > > base/bind_internal.h:164:12 #7 0xa4d2061 in MakeItSo &, const blink::WebString &, const blink::WebSecurityOrigin &, const media::CdmConfig &, std::__1::unique_ptr >), const base::WeakPtr &, const blink::WebString &, const blink::WebSecurityOrigin &, const media::CdmConfig &, std::__1::unique_ptr > > base/bind_internal.h:285:0 #8 0xa4d2061 in RunImpl &, const blink::WebString &, const blink::WebSecurityOrigin &, const media::CdmConfig &, std::__1::unique_ptr >), const std::__1::tuple, blink::WebString, blink::WebSecurityOrigin, media::CdmConfig, base::internal::PassedWrapper > > > &, 0, 1, 2, 3, 4> base/bind_internal.h:361:0 #9 0xa4d2061 in Run base/bind_internal.h:339:0 #10 0x413b176 in Run base/callback.h:64:12 #11 0x413b176 in RunTask base/debug/task_annotator.cc:54:0 #12 0x6f4c1b9 in ProcessTaskFromWorkQueue third_party/WebKit/Source/platform/scheduler/base/task_queue_manager.cc:344:19 #13 0x6f484b9 in DoWork third_party/WebKit/Source/platform/scheduler/base/task_queue_manager.cc:240:13 #14 0x413b176 in Run base/callback.h:64:12 #15 0x413b176 in RunTask base/debug/task_annotator.cc:54:0 #16 0x400d9c8 in RunTask base/message_loop/message_loop.cc:405:19 #17 0x400e4f5 in DeferOrRunPendingTask base/message_loop/message_loop.cc:414:5 #18 0x400f58e in DoWork base/message_loop/message_loop.cc:513:13 #19 0x4016480 in Run base/message_loop/message_pump_default.cc:35:31 #20 0x4060786 in Run base/run_loop.cc:35:10 #21 0x67bb23f in RendererMain content/renderer/renderer_main.cc:198:23 #22 0x2e4e7ac in RunZygote content/app/content_main_runner.cc:343:14 #23 0x2e5160c in Run content/app/content_main_runner.cc:786:12 #24 0x2e3d7aa in ContentMain content/app/content_main.cc:20:28 #25 0x51707d in main content/shell/app/shell_main.cc:48:10 #26 0x7fd9d757676c in __libc_start_main /build/eglibc-rrybNj/eglibc-2.15/csu/libc-start.c:226:0 Thread T58 (Media) created by T0 (content_shell) here: #0 0x4d3806 in pthread_create ??:0 #1 0x40aa8a9 in CreateThread base/threading/platform_thread_posix.cc:110:13 #2 0x40b74af in StartWithOptions base/threading/thread.cc:112:15 #3 0x40b7188 in Start base/threading/thread.cc:75:10 #4 0x672c731 in GetMediaThreadTaskRunner content/renderer/render_thread_impl.cc:2169:20 #5 0x66ccb00 in createMediaPlayer content/renderer/render_frame_impl.cc:2665:54 #6 0x66ce06c in ?? content/renderer/render_frame_impl.cc:2621:41 #7 0x7205269 in createWebMediaPlayer third_party/WebKit/Source/web/FrameLoaderClientImpl.cpp:790:41 #8 0x869e558 in startPlayerLoad third_party/WebKit/Source/core/html/HTMLMediaElement.cpp:1129:33 #9 0x869ae22 in loadResource third_party/WebKit/Source/core/html/HTMLMediaElement.cpp:1075:7 #10 0x8699f19 in loadSourceFromAttribute third_party/WebKit/Source/core/html/HTMLMediaElement.cpp:988:3 #11 0x8696ec7 in loadInternal third_party/WebKit/Source/core/html/HTMLMediaElement.cpp:889:3 #12 0x8690b81 in ?? third_party/WebKit/Source/core/html/HTMLMediaElement.cpp:676:7 #13 0x6c3263e in ?? third_party/WebKit/Source/platform/Timer.cpp:146:3 #14 0x413b176 in Run base/callback.h:64:12 #15 0x413b176 in RunTask base/debug/task_annotator.cc:54:0 #16 0x6f4c1b9 in ProcessTaskFromWorkQueue third_party/WebKit/Source/platform/scheduler/base/task_queue_manager.cc:344:19 #17 0x6f484b9 in DoWork third_party/WebKit/Source/platform/scheduler/base/task_queue_manager.cc:240:13 #18 0x413b176 in Run base/callback.h:64:12 #19 0x413b176 in RunTask base/debug/task_annotator.cc:54:0 #20 0x400d9c8 in RunTask base/message_loop/message_loop.cc:405:19 #21 0x400e4f5 in DeferOrRunPendingTask base/message_loop/message_loop.cc:414:5 #22 0x400f58e in DoWork base/message_loop/message_loop.cc:513:13 #23 0x4016480 in Run base/message_loop/message_pump_default.cc:35:31 #24 0x4060786 in Run base/run_loop.cc:35:10 #25 0x67bb23f in RendererMain content/renderer/renderer_main.cc:198:23 #26 0x2e4e7ac in RunZygote content/app/content_main_runner.cc:343:14 #27 0x2e5160c in Run content/app/content_main_runner.cc:786:12 #28 0x2e3d7aa in ContentMain content/app/content_main.cc:20:28 #29 0x51707d in main content/shell/app/shell_main.cc:48:10 #30 0x7fd9d757676c in __libc_start_main /build/eglibc-rrybNj/eglibc-2.15/csu/libc-start.c:226:0 SUMMARY: AddressSanitizer: heap-use-after-free (/mnt/data/b/c/b/linux_layout/src/out/Release/content_shell+0xb7181d1) Shadow bytes around the buggy address: 0x0c2280080250: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2280080260: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c2280080270: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c2280080280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c2280080290: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa =>0x0c22800802a0: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd 0x0c22800802b0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa 0x0c22800802c0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c22800802d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c22800802e0: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c22800802f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==4==ABORTING [6479:7625:1004/225906:6253030418:WARNING:audio_sync_reader.cc(166)] AudioSyncReader::Read timed out, audio glitch count=1 [6479:7625:1004/225906:6253050861:WARNING:audio_sync_reader.cc(166)] AudioSyncReader::Read timed out, audio glitch count=2 [6479:7625:1004/225906:6253072716:WARNING:audio_sync_reader.cc(166)] AudioSyncReader::Read timed out, audio glitch count=3 #EOF