multiqueue: Do not unref the query we get in pad->query
We do not own any ref to queries when running them.
If we end up processing the query from the streaming thread, it means that it was a serialized query, and the query is being waited to be processed on the sinkpad streaming thread, thread which owns the reference.
This is the asan report we got:
ERROR: AddressSanitizer: heap-use-after-free on address 0x000121b0b970 at pc 0x00010529ad50 bp 0x00017c6718f0 sp 0x00017c6718e8
READ of size 4 at 0x000121b0b970 thread T49
#0 0x10529ad4c in gst_pad_query gstpad.c:4243
#1 0x105294f28 in gst_pad_peer_query gstpad.c:4376
#2 0x105298714 in query_forward_func gstpad.c:3484
#3 0x105296510 in gst_pad_forward gstpad.c:3110
#4 0x105297914 in gst_pad_query_default gstpad.c:3555
#5 0x116f7c758 in gst_parse_pad_query gstparsebin.c:4334
#6 0x105299b1c in gst_pad_query gstpad.c:4239
#7 0x105294f28 in gst_pad_peer_query gstpad.c:4376
#8 0x105298714 in query_forward_func gstpad.c:3484
#9 0x105296510 in gst_pad_forward gstpad.c:3110
#10 0x105297914 in gst_pad_query_default gstpad.c:3555
#11 0x105299b1c in gst_pad_query gstpad.c:4239
#12 0x105294f28 in gst_pad_peer_query gstpad.c:4376
#13 0x105298714 in query_forward_func gstpad.c:3484
#14 0x105296510 in gst_pad_forward gstpad.c:3110
#15 0x105297914 in gst_pad_query_default gstpad.c:3555
#16 0x116f82760 in sink_query_function gstparsebin.c:872
#17 0x105299b1c in gst_pad_query gstpad.c:4239
#18 0x105294f28 in gst_pad_peer_query gstpad.c:4376
#19 0x105298714 in query_forward_func gstpad.c:3484
#20 0x105296510 in gst_pad_forward gstpad.c:3110
#21 0x105297914 in gst_pad_query_default gstpad.c:3555
#22 0x105299b1c in gst_pad_query gstpad.c:4239
#23 0x105294f28 in gst_pad_peer_query gstpad.c:4376
#24 0x105298714 in query_forward_func gstpad.c:3484
#25 0x105296510 in gst_pad_forward gstpad.c:3110
#26 0x105297914 in gst_pad_query_default gstpad.c:3555
#27 0x105299b1c in gst_pad_query gstpad.c:4239
#28 0x105294f28 in gst_pad_peer_query gstpad.c:4376
#29 0x105298714 in query_forward_func gstpad.c:3484
#30 0x105296510 in gst_pad_forward gstpad.c:3110
#31 0x105297914 in gst_pad_query_default gstpad.c:3555
#32 0x116f7c758 in gst_parse_pad_query gstparsebin.c:4334
#33 0x105299b1c in gst_pad_query gstpad.c:4239
#34 0x105294f28 in gst_pad_peer_query gstpad.c:4376
#35 0x105298714 in query_forward_func gstpad.c:3484
#36 0x105296510 in gst_pad_forward gstpad.c:3110
#37 0x105297914 in gst_pad_query_default gstpad.c:3555
#38 0x105299b1c in gst_pad_query gstpad.c:4239
#39 0x105294f28 in gst_pad_peer_query gstpad.c:4376
#40 0x105298714 in query_forward_func gstpad.c:3484
#41 0x105296510 in gst_pad_forward gstpad.c:3110
#42 0x105297914 in gst_pad_query_default gstpad.c:3555
#43 0x116f82760 in sink_query_function gstparsebin.c:872
#44 0x105299b1c in gst_pad_query gstpad.c:4239
#45 0x105294f28 in gst_pad_peer_query gstpad.c:4376
#46 0x105298714 in query_forward_func gstpad.c:3484
#47 0x105296510 in gst_pad_forward gstpad.c:3110
#48 0x105297914 in gst_pad_query_default gstpad.c:3555
#49 0x105299b1c in gst_pad_query gstpad.c:4239
#50 0x105294f28 in gst_pad_peer_query gstpad.c:4376
#51 0x104bc87b0 in gst_base_src_negotiate_unlocked gstbasesrc.c:3511
#52 0x104bd19f8 in gst_base_src_loop gstbasesrc.c:2920
#53 0x105313ae0 in gst_task_func gsttask.c:399
#54 0x105bfa950 in g_thread_pool_thread_proxy gthreadpool.c:350
#55 0x105bf7f3c in g_thread_proxy gthread.c:831
#56 0x198195f90 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x6f90)
#57 0x198190d30 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1d30)
0x000121b0b970 is located 64 bytes inside of 80-byte region [0x000121b0b930,0x000121b0b980)
freed by thread T57 here:
#0 0x10719b260 in wrap_free+0x98 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x53260)
#1 0x119cb7c9c in gst_multi_queue_loop gstmultiqueue.c:2350
#2 0x105313ae0 in gst_task_func gsttask.c:399
#3 0x105bfa950 in g_thread_pool_thread_proxy gthreadpool.c:350
#4 0x105bf7f3c in g_thread_proxy gthread.c:831
#5 0x198195f90 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x6f90)
#6 0x198190d30 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1d30)
previously allocated by thread T49 here:
#0 0x10719b4f0 in wrap_calloc+0x9c (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x534f0)
#1 0x105ba66c4 in g_malloc0 gmem.c:163
#2 0x1052cd1f8 in gst_query_new_custom gstquery.c:670
#3 0x104bc8798 in gst_base_src_negotiate_unlocked gstbasesrc.c:3511
#4 0x104bd19f8 in gst_base_src_loop gstbasesrc.c:2920
#5 0x105313ae0 in gst_task_func gsttask.c:399
#6 0x105bfa950 in g_thread_pool_thread_proxy gthreadpool.c:350
#7 0x105bf7f3c in g_thread_proxy gthread.c:831
#8 0x198195f90 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x6f90)
#9 0x198190d30 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1d30)
Edited by Tim-Philipp Müller