What version of Janus is this happening on?
1.3.3 (07c6105)
1.4.0 (aa86122)
Have you tested a more recent version of Janus too?
no, 1.4.0 is quite recent and the likely problematic file has not changed (src/transports/janus_websockets.c).
Was this working before?
I think the issue has been hiding for a long time, but it is hard to reproduce.
Is there a gdb or libasan trace of the issue?
gdb backtrace
#0 0x00007fec0ee2f95c in ??? () at /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007fec0eddacc2 in raise () at /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007fec0edc34ac in abort () at /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007fec0edc4291 in ??? () at /lib/x86_64-linux-gnu/libc.so.6
#4 0x00007fec0ee39465 in ??? () at /lib/x86_64-linux-gnu/libc.so.6
#5 0x00007fec0ee39e64 in ??? () at /lib/x86_64-linux-gnu/libc.so.6
#6 0x00007fec0ee39fbc in ??? () at /lib/x86_64-linux-gnu/libc.so.6
#7 0x00007fec0ee3b240 in ??? () at /lib/x86_64-linux-gnu/libc.so.6
#8 0x00007fec0ee3b690 in ??? () at /lib/x86_64-linux-gnu/libc.so.6
#9 0x00007fec0ee3e3c0 in free () at /lib/x86_64-linux-gnu/libc.so.6
#10 0x00007fec0c31620f in janus_websockets_common_callback
(wsi=0x7febe008e4d0, reason=<optimized out>, user=0x7febe00dd9d0, in=<optimized out>, len=<optimized out>, admin=<optimized out>) at transports/janus_websockets.c:1463
#11 0x00007fec0c2bdd62 in ??? () at /lib/x86_64-linux-gnu/libwebsockets.so.19
#12 0x00007fec0c2bba12 in lws_handle_POLLOUT_event () at /lib/x86_64-linux-gnu/libwebsockets.so.19
#13 0x00007fec0c2dd04b in ??? () at /lib/x86_64-linux-gnu/libwebsockets.so.19
#14 0x00007fec0c2bc578 in lws_service_fd_tsi () at /lib/x86_64-linux-gnu/libwebsockets.so.19
#15 0x00007fec0c29ec6e in _lws_plat_service_forced_tsi () at /lib/x86_64-linux-gnu/libwebsockets.so.19
#16 0x00007fec0c29ef60 in _lws_plat_service_tsi () at /lib/x86_64-linux-gnu/libwebsockets.so.19
#17 0x00007fec0c2bc7f5 in lws_service () at /lib/x86_64-linux-gnu/libwebsockets.so.19
#18 0x00007fec0c3130c7 in janus_websockets_thread (data=0x559474620240) at transports/janus_websockets.c:1118
#19 0x00007fec0f96f883 in g_thread_proxy (data=0x559474af68b0) at ../../../glib/gthread.c:893
#20 0x00007fec0ee2db7b in ??? () at /lib/x86_64-linux-gnu/libc.so.6
#21 0x00007fec0eeab7b8 in ??? () at /lib/x86_64-linux-gnu/libc.so.6
Additional context
The issue is very hard to reproduce, it occurred only twice.
IMHO this is a double free problem.
Since I have applied this patch it never happened again:
git patch
diff --git a/src/transports/janus_websockets.c b/src/transports/janus_websockets.c
index 963febbb..dffd995b 100644
--- a/src/transports/janus_websockets.c
+++ b/src/transports/janus_websockets.c
@@ -871,10 +871,13 @@ static void janus_websockets_destroy_client(
ws_client->buflen = 0;
ws_client->bufpending = 0;
ws_client->bufoffset = 0;
- janus_mutex_unlock(&ws_client->ts->mutex);
+ janus_transport_session* ts = ws_client->ts; // store this before nullying it because we need it to notify the core
+ ws_client->ts = NULL;
+ janus_mutex_unlock(&ts->mutex);
+
/* Notify core */
- gateway->transport_gone(&janus_websockets_transport, ws_client->ts);
- janus_transport_session_destroy(ws_client->ts);
+ gateway->transport_gone(&janus_websockets_transport, ts);
+ janus_transport_session_destroy(ts);
}
int janus_websockets_get_api_compatibility(void) {
What version of Janus is this happening on?
1.3.3 (07c6105)
1.4.0 (aa86122)
Have you tested a more recent version of Janus too?
no, 1.4.0 is quite recent and the likely problematic file has not changed (src/transports/janus_websockets.c).
Was this working before?
I think the issue has been hiding for a long time, but it is hard to reproduce.
Is there a gdb or libasan trace of the issue?
gdb backtrace
Additional context
The issue is very hard to reproduce, it occurred only twice.
IMHO this is a double free problem.
Since I have applied this patch it never happened again:
git patch