Hi Neil,
> my logs have a uncomforting line > > kernel: [7302179.685736] haproxy[1766]: segfault at 7c ip > 00007f6629410a9f sp 00007fffdaf98868 error 4 in > libc-2.15.so<http://libc-2.15.so>[7f66292ae000+1b5000] > > We caused this trying to use this config which tries to track the > source of a connection unless it matches a acl > following along the lines of > http://blog.serverfault.com/2010/08/26/1016491873/ I can reproduce the crash with your config, haproxy crashes when the second http requests come in. Both dev22 and current git are crashing. backtraces: (gdb) bt #0 0xb7406ebf in ?? () from /lib/i386-linux-gnu/libc.so.6 #1 0x080e02e0 in __ebmb_lookup (len=4, x=0x4c, root=0x907d05c) at ebtree/ebmbtree.h:152 #2 ebmb_lookup (root=0x907d05c, x=0x4c, len=4) at ebtree/ebmbtree.c:31 #3 0x0808519e in stktable_lookup (t=0x907d058, ts=0x0) at src/stick_table.c:233 #4 0x080c7148 in smp_fetch_sc_stkctr (l4=0x91048f8, args=0x90856e0, kw=0x80f9264 "sc0_get_gpc0") at src/session.c:2674 #5 0x080c7208 in smp_fetch_sc_get_gpc0 (px=0x907c498, l4=0x91048f8, l7=0x0, opt=6, args=0x90856e0, smp=0xbffa22a4, kw=0x80f9264 "sc0_get_gpc0") at src/session.c:2703 #6 0x080ccf23 in sample_process (px=0x907c498, l4=0x91048f8, l7=0x0, opt=6, expr=0x90856c0, p=0xbffa22a4) at src/sample.c:910 #7 0x080cb746 in acl_exec_cond (cond=0x9085998, px=0x907c498, l4=0x91048f8, l7=0x0, opt=6) at src/acl.c:1139 #8 0x080bd4a2 in tcp_exec_req_rules (s=0x91048f8) at src/proto_tcp.c:1171 #9 0x080c0dbe in session_accept (l=0x9085598, cfd=5, addr=0xbffa23fc) at src/session.c:144 #10 0x0805adb1 in listener_accept (fd=4) at src/listener.c:431 #11 0x0805c601 in fd_process_polled_events (fd=4) at src/fd.c:271 #12 0x080d5e7e in _do_poll (p=0x81214e0, exp=1015696217) at src/ev_epoll.c:165 #13 0x0804e5a9 in run_poll_loop () at src/haproxy.c:1294 #14 0x0804efab in main (argc=3, argv=0xbffa2724) at src/haproxy.c:1618 (gdb) backtrace full #0 0xb7406ebf in ?? () from /lib/i386-linux-gnu/libc.so.6 No symbol table info available. #1 0x080e02e0 in __ebmb_lookup (len=4, x=0x4c, root=0x907d05c) at ebtree/ebmbtree.h:152 node = 0x9104b5c node_bit = 53 troot = 0x9104b5c pos = 0 side = 62 #2 ebmb_lookup (root=0x907d05c, x=0x4c, len=4) at ebtree/ebmbtree.c:31 No locals. #3 0x0808519e in stktable_lookup (t=0x907d058, ts=0x0) at src/stick_table.c:233 eb = 0xbffa21a8 #4 0x080c7148 in smp_fetch_sc_stkctr (l4=0x91048f8, args=0x90856e0, kw=0x80f9264 "sc0_get_gpc0") at src/session.c:2674 stkctr = {entry = 152062756, table = 0x907d058} num = 0 arg = 0 #5 0x080c7208 in smp_fetch_sc_get_gpc0 (px=0x907c498, l4=0x91048f8, l7=0x0, opt=6, args=0x90856e0, smp=0xbffa22a4, kw=0x80f9264 "sc0_get_gpc0") at src/session.c:2703 stkctr = 0xb72c19b0 #6 0x080ccf23 in sample_process (px=0x907c498, l4=0x91048f8, l7=0x0, opt=6, expr=0x90856c0, p=0xbffa22a4) at src/sample.c:910 conv_expr = 0x3f3 #7 0x080cb746 in acl_exec_cond (cond=0x9085998, px=0x907c498, l4=0x91048f8, l7=0x0, opt=6) at src/acl.c:1139 suite = 0x90859d8 term = 0x90859c0 expr = 0x9085748 acl = 0x9085888 smp = {flags = 0, type = 0, data = {uint = 0, sint = 0, ipv4 = {s_addr = 0}, ipv6 = {__in6_u = {__u6_addr8 = '\000' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0, 0}, __u6_addr32 = {0, 0, 0, 0}}}, str = {str = 0x0, size = 0, len = 0}, meth = {meth = HTTP_METH_NONE, str = {str = 0x0, size = 0, len = 0}}}, ctx = {p = 0x0, i = 0, ll = 0, d = 0, a = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}} acl_res = ACL_TEST_FAIL suite_res = ACL_TEST_PASS cond_res = ACL_TEST_FAIL #8 0x080bd4a2 in tcp_exec_req_rules (s=0x91048f8) at src/proto_tcp.c:1171 rule = 0x9085938 ts = 0x91047c0 t = 0x0 conn = 0x91047c0 result = 1 ret = ACL_TEST_PASS #9 0x080c0dbe in session_accept (l=0x9085598, cfd=5, addr=0xbffa23fc) at src/session.c:144 cli_conn = 0x91047c0 p = 0x907c498 s = 0x91048f8 t = 0xb739d9ce ret = -1 #10 0x0805adb1 in listener_accept (fd=4) at src/listener.c:431 addr = {ss_family = 2, __ss_align = 50331658, __ss_padding = "\000\000\000\000\000\000\000\000H$\372\277\364?F\267(\000\000\000\334\323\071\267\201\303\005\b\005\000\000\000\000\000\000\000\r\000\000\000\220\066\016\b\b\000\000\000\020\243 \000\002\000\000\000\377\377\377\377\030p\t\t\005\000\000\000h$\372\277\330}\a\b\005\000\000\000\b\352\b\t\210$\372\277h$\372\277\227|\a\bZK\212<\330$\372\277\b\276\a\bZK\212<\212C\212<\000\000\000"} laddr = 16 l = 0x9085598 p = 0x907c498 max_accept = 63 cfd = 5 ret = -1074125800 #11 0x0805c601 in fd_process_polled_events (fd=4) at src/fd.c:271 new_updt = 1396880067 old_updt = 1 #12 0x080d5e7e in _do_poll (p=0x81214e0, exp=1015696217) at src/ev_epoll.c:165 n = 1 e = 1 status = 1 eo = 151651464 en = 0 fd = 4 opcode = -1074125560 count = 0 updt_idx = 1 wait_time = 1000 #13 0x0804e5a9 in run_poll_loop () at src/haproxy.c:1294 next = 1015696217 #14 0x0804efab in main (argc=3, argv=0xbffa2724) at src/haproxy.c:1618 err = 0 retry = 200 limit = {rlim_cur = 8204, rlim_max = 8204} errmsg = "\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\233\062o\267\320jp\267\000\200J\267\314\317K\267\f\021\032\000\000\000\000\000\343\207V\267^\200i\267\330e,\267\000\000\000\---Type <return> to continue, or q <return> to quit--- 000\000\000\000\000\354\221\004\b\364\217d\267\270\372\006\t\024\000\000\000X&\372\277\260\226o\267\270\365\006\t\200\064?\267\004\000\000\000\245\064?\267" pidfd = -1 (gdb)
