Hi, In the last commit for HAProxy 1.5dev25, 0014-MINOR-fix-a-few-memory-usage-errors, the process crashes when the first connect comes in.
-- Thu May 15 18:44:21 2014 kern.info kernel: [589854.655404] haproxy[22649] general protection ip:6a8279b89ceb sp:775da6be3cb0 error:0 in libpcreposix.so.0.0.0[6a8279b89000+2000] Thu May 15 18:44:21 2014 kern.alert kernel: [589854.657224] grsec: From 172.16.37.22: Segmentation fault occurred at (nil) in /usr/sbin/haproxy[haproxy:22649] uid/euid:0/0 gid/egid:0/0, parent /sbin/procd[procd:1] uid/euid:0/0 gid/egid:0/0 Thu May 15 18:44:21 2014 kern.alert kernel: [589854.660039] grsec: From 172.16.37.22: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/haproxy[haproxy:22649] uid/euid:0/0 gid/egid:0/0, parent /sbin/procd[procd:1] uid/euid:0/0 gid/egid:0/0 Thu May 15 18:45:05 2014 kern.info kernel: [589899.112620] haproxy[22720] general protection ip:749bf70ebceb sp:7ada274869f0 error:0 in libpcreposix.so.0.0.0[749bf70eb000+2000] Thu May 15 18:45:05 2014 kern.alert kernel: [589899.114595] grsec: From 172.16.37.21: Segmentation fault occurred at (nil) in /usr/sbin/haproxy[haproxy:22720] uid/euid:0/0 gid/egid:0/0, parent /sbin/procd[procd:1] uid/euid:0/0 gid/egid:0/0 Thu May 15 18:45:05 2014 kern.alert kernel: [589899.117478] grsec: From 172.16.37.21: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/haproxy[haproxy:22720] uid/euid:0/0 gid/egid:0/0, parent /sbin/procd[procd:1] uid/euid:0/0 gid/egid:0/0 -- when i remove the patch HAProxy is running fine. This is the actual output of haproxy -vv -- haproxy -vv HA-Proxy version 1.5-dev25-patch14-a339395 2014/05/10 Copyright 2000-2014 Willy Tarreau <[email protected]> Build options : TARGET = linux2628 CPU = generic CC = x86_64-openwrt-linux-gnu-gcc CFLAGS = -O2 -march=x86-64 -pipe -fomit-frame-pointer -fno-align-jumps -fno-align-functions -fno-align-labels -fno-align-loops -pipe -fomit-frame-pointer -fhonour-copts -DBUFSIZE=16384 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530 OPTIONS = USE_LINUX_SPLICE=1 USE_LINUX_TPROXY=1 USE_ZLIB=yes USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 165530, bufsize = 16384, maxrewrite = 1030, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.7 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014 Running on OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.11 2010-12-10 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. -- My system is using eglibc and a grsecurity enabled kernel. Has anybody a simmilar problem? cheers, thomas
