I have a config that produces a segfault when using the sc0_trackers but works
when using sc0_conn_cur. I’m not 100% sure that my use is correct but I don’t
think it should SEGV either way.
This config produces the crash when processing a simple request from curl. The
intent of the stick table counters is to limit rates per-source, using the
frontend table, and per-service (request path), using the backend table. If the
line using sc0_trackers is commented out, the processing works as expected.
Also, if the backend uses sc1 instead of sc0 then there is no crash either. I
am assuming that sc0 trackers from two different tables can both be used at the
same time with different values; this does seem to work with sc_conn_cur but
not so with sc_trackers.
Is this a proper use of sc_trackers?
btalbot-lt:haproxy-1.6$ cat crash.cfg
global
defaults
timeout client 1s
timeout server 1s
timeout connect 1s
mode http
frontend http
bind :8000
stick-table type ip size 100k expire 60m store http_req_rate(10s)
acl is_special path_beg /special
http-request track-sc0 hdr(X-Forwarded-For) if is_special
http-request track-sc0 str(/special) table be1 if is_special
http-request set-header X-Haproxy-ACL
%[req.fhdr(X-Haproxy-ACL,-1)]high-request-rate, if is_special {
sc0_http_req_rate() ge 10 }
http-request set-header X-Haproxy-ACL
%[req.fhdr(X-Haproxy-ACL,-1)]high-service-concur, if is_special {
sc0_trackers(be1) gt 50 }
#http-request set-header X-Haproxy-ACL
%[req.fhdr(X-Haproxy-ACL,-1)]high-service-concur, if is_special {
sc0_conn_cur(be1) gt 50 }
backend be1
stick-table type string size 100k expire 10m
btalbot-lt:haproxy-1.6$ ./haproxy -vv
HA-Proxy version 1.6.7-f7a1f0-17 2016/08/10
Copyright 2000-2016 Willy Tarreau <[email protected]>
Build options :
TARGET = generic
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Encrypted password support via crypt(3): no
Built with zlib version : 1.2.5
Compression algorithms supported : identity("identity"), deflate("deflate"),
raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.2h 3 May 2016
Running on OpenSSL version : OpenSSL 1.0.2h 3 May 2016
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.39 2016-06-14
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built without Lua support
Available polling systems :
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 2 (2 usable), will use poll.
The crash can be triggered with curl
btalbot-lt:haproxy-1.6$ ./haproxy -f ./crash.cfg -d
Note: setting global.maxconn to 2000.
Available polling systems :
poll : pref=200, test result OK
select : pref=150, test result FAILED
Total: 2 (1 usable), will use poll.
Using poll() as the polling mechanism.
00000000:http.accept(0004)=0005 from [127.0.0.1:63079]
00000000:http.clireq[0005:ffffffff]: GET /special/batman HTTP/1.1
00000000:http.clihdr[0005:ffffffff]: Host: 127.0.0.1:8000
00000000:http.clihdr[0005:ffffffff]: User-Agent: curl/7.50.1
00000000:http.clihdr[0005:ffffffff]: Accept: */*
00000000:http.clihdr[0005:ffffffff]: X-Forwarded-For: 1.2.3.4
Segmentation fault: 11 (core dumped)
btalbot-lt:haproxy-1.6$ curl -isS --url "http://127.0.0.1:8000/special/batman";
-H "X-Forwarded-For: 1.2.3.4"
curl: (52) Empty reply from server
A backtrace from the core file is
btalbot-lt:haproxy-1.6$ lldb -c /cores/core.9762 ./haproxy
(lldb) target create "./haproxy" --core "/cores/core.9762"
warning: (x86_64) /cores/core.9762 load command 74 LC_SEGMENT_64 has a fileoff
+ filesize (0x26ccd000) that extends beyond the end of the file (0x26ccc000),
the segment will be truncated to match
warning: (x86_64) /cores/core.9762 load command 75 LC_SEGMENT_64 has a fileoff
(0x26ccd000) that extends beyond the end of the file (0x26ccc000), ignoring
this section
Core file '/cores/core.9762' (x86_64) was loaded.
(lldb) pla sta
Platform: host
Triple: x86_64h-apple-macosx
OS Version: 10.11.6 (15G31)
Kernel: Darwin Kernel Version 15.6.0: Thu Jun 23 18:25:34 PDT 2016;
root:xnu-3248.60.10~1/RELEASE_X86_64
Hostname: 127.0.0.1
WorkingDir: /Users/btalbot/git/haproxy-1.6
(lldb) bt
* thread #1: tid = 0x0000, 0x00000001093d436d
haproxy`smp_fetch_sc_trackers(args=<unavailable>, smp=0x00007fff568a74f0,
kw=<unavailable>, private=0x0000000000000000) + 61 at stream.c:3299, stop
reason = signal SIGSTOP
* frame #0: 0x00000001093d436d
haproxy`smp_fetch_sc_trackers(args=<unavailable>, smp=0x00007fff568a74f0,
kw=<unavailable>, private=0x0000000000000000) + 61 at stream.c:3299
frame #1: 0x00000001093d8c18 haproxy`sample_process(px=0x00007f933480ae00,
sess=0x00007f9333c050e0, strm=0x00007f9333c056d0, opt=<unavailable>,
expr=0x00007f9333d01720, p=<unavailable>) + 104 at sample.c:1060
frame #2: 0x00000001093d7573 haproxy`acl_exec_cond(cond=<unavailable>,
px=0x00007f933480ae00, sess=0x00007f9333c050e0, strm=0x00007f9333c056d0, opt=6)
+ 291 at acl.c:1143
frame #3: 0x000000010939f389
haproxy`http_req_get_intercept_rule(px=0x00007f933480ae00,
rules=0x00007f933480ae48, s=0x00007f9333c056d0, deny_status=0x00007fff568a7684)
+ 169 at proto_http.c:3528
frame #4: 0x00000001093a067c
haproxy`http_process_req_common(s=0x00007f9333c056d0, req=0x00007f9333c056e0,
an_bit=16, px=0x00007f933480ae00) + 284 at proto_http.c:4338
frame #5: 0x00000001093cea68 haproxy`process_stream(t=0x00007f9333c053b0) +
1496 at stream.c:1785
frame #6: 0x0000000109368405 haproxy`process_runnable_tasks + 277 at
task.c:238
frame #7: 0x000000010935c11a haproxy`run_poll_loop + 122 at haproxy.c:1573
frame #8: 0x000000010935cb81 haproxy`main(argc=<unavailable>,
argv=0x00007fff568a7970) + 2609 at haproxy.c:1933
frame #9: 0x00007fff8c9205ad libdyld.dylib`start + 1
