Hi Emeric,
since 8d85aa4 ("BUG/MAJOR: map: fix segfault during 'show map/acl' on cli") my setup crashes when a request comes in going through SSL termination. memory corruption, invalid pointers, double free is what haproxy randomly crashes with. Here 2 crashes with full backtrace: *** Error in `/usr/sbin/haproxy': double free or corruption (!prev): 0x0000000000a42590 *** ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7ffff71bb7e5] /lib/x86_64-linux-gnu/libc.so.6(+0x8037a)[0x7ffff71c437a] /lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7ffff71c853c] /usr/sbin/haproxy[0x53a64e] /usr/sbin/haproxy[0x53630b] /usr/sbin/haproxy[0x4124de] /usr/sbin/haproxy[0x48103a] /usr/sbin/haproxy[0x482f09] /usr/sbin/haproxy[0x4891af] /usr/sbin/haproxy[0x50910f] /usr/sbin/haproxy[0x4d5159] /usr/sbin/haproxy[0x4d64ba] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7ffff7164830] /usr/sbin/haproxy[0x4055a9] ======= Memory map: ======== 00400000-007af000 r-xp 00000000 ca:02 40972 /usr/sbin/haproxy 009af000-009cf000 r--p 003af000 ca:02 40972 /usr/sbin/haproxy 009cf000-009eb000 rw-p 003cf000 ca:02 40972 /usr/sbin/haproxy 009eb000-00ac5000 rw-p 00000000 00:00 0 [heap] 7ffff0000000-7ffff0021000 rw-p 00000000 00:00 0 7ffff0021000-7ffff4000000 ---p 00000000 00:00 0 7ffff6b0e000-7ffff6b24000 r-xp 00000000 ca:02 24641 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ffff6b24000-7ffff6d23000 ---p 00016000 ca:02 24641 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ffff6d23000-7ffff6d24000 rw-p 00015000 ca:02 24641 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ffff6d24000-7ffff7144000 rw-p 00000000 00:00 0 7ffff7144000-7ffff7304000 r-xp 00000000 ca:02 26350 /lib/x86_64-linux-gnu/libc-2.23.so 7ffff7304000-7ffff7504000 ---p 001c0000 ca:02 26350 /lib/x86_64-linux-gnu/libc-2.23.so 7ffff7504000-7ffff7508000 r--p 001c0000 ca:02 26350 /lib/x86_64-linux-gnu/libc-2.23.so 7ffff7508000-7ffff750a000 rw-p 001c4000 ca:02 26350 /lib/x86_64-linux-gnu/libc-2.23.so 7ffff750a000-7ffff750e000 rw-p 00000000 00:00 0 7ffff750e000-7ffff7526000 r-xp 00000000 ca:02 24805 /lib/x86_64-linux-gnu/libpthread-2.23.so 7ffff7526000-7ffff7725000 ---p 00018000 ca:02 24805 /lib/x86_64-linux-gnu/libpthread-2.23.so 7ffff7725000-7ffff7726000 r--p 00017000 ca:02 24805 /lib/x86_64-linux-gnu/libpthread-2.23.so 7ffff7726000-7ffff7727000 rw-p 00018000 ca:02 24805 /lib/x86_64-linux-gnu/libpthread-2.23.so 7ffff7727000-7ffff772b000 rw-p 00000000 00:00 0 7ffff772b000-7ffff7799000 r-xp 00000000 ca:02 24672 /lib/x86_64-linux-gnu/libpcre.so.3.13.2 7ffff7799000-7ffff7999000 ---p 0006e000 ca:02 24672 /lib/x86_64-linux-gnu/libpcre.so.3.13.2 7ffff7999000-7ffff799a000 r--p 0006e000 ca:02 24672 /lib/x86_64-linux-gnu/libpcre.so.3.13.2 7ffff799a000-7ffff799b000 rw-p 0006f000 ca:02 24672 /lib/x86_64-linux-gnu/libpcre.so.3.13.2 7ffff799b000-7ffff799e000 r-xp 00000000 ca:02 26330 /lib/x86_64-linux-gnu/libdl-2.23.so 7ffff799e000-7ffff7b9d000 ---p 00003000 ca:02 26330 /lib/x86_64-linux-gnu/libdl-2.23.so 7ffff7b9d000-7ffff7b9e000 r--p 00002000 ca:02 26330 /lib/x86_64-linux-gnu/libdl-2.23.so 7ffff7b9e000-7ffff7b9f000 rw-p 00003000 ca:02 26330 /lib/x86_64-linux-gnu/libdl-2.23.so 7ffff7b9f000-7ffff7ba8000 r-xp 00000000 ca:02 24741 /lib/x86_64-linux-gnu/libcrypt-2.23.so 7ffff7ba8000-7ffff7da7000 ---p 00009000 ca:02 24741 /lib/x86_64-linux-gnu/libcrypt-2.23.so 7ffff7da7000-7ffff7da8000 r--p 00008000 ca:02 24741 /lib/x86_64-linux-gnu/libcrypt-2.23.so 7ffff7da8000-7ffff7da9000 rw-p 00009000 ca:02 24741 /lib/x86_64-linux-gnu/libcrypt-2.23.so 7ffff7da9000-7ffff7dd7000 rw-p 00000000 00:00 0 7ffff7dd7000-7ffff7dfd000 r-xp 00000000 ca:02 24651 /lib/x86_64-linux-gnu/ld-2.23.so 7ffff7fec000-7ffff7ff0000 rw-p 00000000 00:00 0 7ffff7ff5000-7ffff7ff8000 rw-p 00000000 00:00 0 7ffff7ff8000-7ffff7ffa000 r--p 00000000 00:00 0 [vvar] 7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso] 7ffff7ffc000-7ffff7ffd000 r--p 00025000 ca:02 24651 /lib/x86_64-linux-gnu/ld-2.23.so 7ffff7ffd000-7ffff7ffe000 rw-p 00026000 ca:02 24651 /lib/x86_64-linux-gnu/ld-2.23.so 7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 7fffffede000-7ffffffff000 rw-p 00000000 00:00 0 [stack] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Program received signal SIGABRT, Aborted. 0x00007ffff7179428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0x00007ffff7179428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 #1 0x00007ffff717b02a in __GI_abort () at abort.c:89 #2 0x00007ffff71bb7ea in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff72d4e98 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00007ffff71c437a in malloc_printerr (ar_ptr=<optimized out>, ptr=<optimized out>, str=0x7ffff72d4fc8 "double free or corruption (!prev)", action=3) at malloc.c:5006 #4 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3867 #5 0x00007ffff71c853c in __GI___libc_free (mem=<optimized out>) at malloc.c:2968 #6 0x000000000053a64e in SSL_SESSION_free () #7 0x000000000053630b in SSL_free () #8 0x00000000004124de in ssl_sock_close (conn=0xa45080) at src/ssl_sock.c:5086 #9 0x000000000048103a in conn_force_close (conn=0xa45080) at include/proto/connection.h:151 #10 0x0000000000482f09 in stream_free (s=0xaaf230) at src/stream.c:312 #11 0x00000000004891af in process_stream (t=0xa52a40) at src/stream.c:2419 #12 0x000000000050910f in process_runnable_tasks () at src/task.c:238 #13 0x00000000004d5159 in run_poll_loop () at src/haproxy.c:2168 #14 0x00000000004d64ba in main (argc=4, argv=0x7fffffffe658) at src/haproxy.c:2701 (gdb) bt full #0 0x00007ffff7179428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 resultvar = 0 pid = 29988 selftid = 29988 #1 0x00007ffff717b02a in __GI_abort () at abort.c:89 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0x20302030303a3030, sa_sigaction = 0x20302030303a3030}, sa_mask = {__val = {2314885530818453536, 2314885530818453536, 7017579609838738208, 4206752516204751980, 3545519503966220848, 2314885530818453536, 2314885530818453536, 7795484802351636512, 3917909816998060649, 3276497845987585332, 7161402270846119527, 3615882721633532274, 7378645557452156467, 3472337303646987878, 3991990709698112816, 8223625903104156004}}, sa_flags = 544222583, sa_restorer = 0x5c} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x00007ffff71bb7ea in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff72d4e98 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 ap = <error reading variable ap (Attempt to dereference a generic pointer.)> fd = 7 on_2 = <optimized out> list = <optimized out> nlist = <optimized out> cp = <optimized out> written = <optimized out> #3 0x00007ffff71c437a in malloc_printerr (ar_ptr=<optimized out>, ptr=<optimized out>, str=0x7ffff72d4fc8 "double free or corruption (!prev)", action=3) at malloc.c:5006 buf = "0000000000a42590" cp = <optimized out> ar_ptr = <optimized out> str = 0x7ffff72d4fc8 "double free or corruption (!prev)" action = 3 #4 _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3867 size = <optimized out> fb = <optimized out> nextchunk = <optimized out> nextsize = <optimized out> nextinuse = <optimized out> prevsize = <optimized out> bck = <optimized out> fwd = <optimized out> errstr = <optimized out> locked = <optimized out> #5 0x00007ffff71c853c in __GI___libc_free (mem=<optimized out>) at malloc.c:2968 ar_ptr = <optimized out> p = <optimized out> hook = <optimized out> #6 0x000000000053a64e in SSL_SESSION_free () No symbol table info available. #7 0x000000000053630b in SSL_free () No symbol table info available. #8 0x00000000004124de in ssl_sock_close (conn=0xa45080) at src/ssl_sock.c:5086 No locals. #9 0x000000000048103a in conn_force_close (conn=0xa45080) at include/proto/connection.h:151 No locals. #10 0x0000000000482f09 in stream_free (s=0xaaf230) at src/stream.c:312 sess = 0xa529b0 fe = 0xa429f0 bref = 0xa9f850 back = 0xaaf230 cli_conn = 0xa45080 i = 0 #11 0x00000000004891af in process_stream (t=0xa52a40) at src/stream.c:2419 srv = 0x0 s = 0xaaf230 sess = 0xa529b0 rqf_last = 75554848 rpf_last = 2147787360 rq_prod_last = 9 rq_cons_last = 9 rp_cons_last = 9 rp_prod_last = 9 req_ana_back = 0 req = 0xaaf240 res = 0xaaf280 si_f = 0xaaf468 si_b = 0xaaf490 #12 0x000000000050910f in process_runnable_tasks () at src/task.c:238 t = 0xa52a40 i = 0 max_processed = 1 rq_next = 0x0 rewind = 1 local_tasks = {0xa52a40, 0xa45080, 0x7fffffffe3a0, 0x802a130000a45080, 0x7fffffffe3a0, 0x4fa8aa <conn_cond_update_polling+89>, 0xaaf240, 0x9dc3f0 <applet_active_queue>, 0x7fffffffe3d0, 0x4facd8 <conn_fd_handler+802>, 0xf240107009eceb0, 0x500a14ce0, 0x7fffffffe3c0, 0x7fffffffe3c0, 0x7fffffffe3f0, 0xc2769aa5f730bf00} local_tasks_count = 1 #13 0x00000000004d5159 in run_poll_loop () at src/haproxy.c:2168 next = 254017799 #14 0x00000000004d64ba in main (argc=4, argv=0x7fffffffe658) at src/haproxy.c:2701 err = 0 retry = 200 limit = {rlim_cur = 4011, rlim_max = 4011} errmsg = "\000@\243\000\000\000\000\000X\346\377\377\377\177\000\000\004\000\000\000\000\000\000\000ʍ\034\367\377\177\000\000\260=\243\000\000\000\000\000\"\000\000\000\000\000\000\000\000\345\377\377\377\177\000\000\370\364\232\000\000\000\000\000\200\346\377\377\377\177\000\000*\373L\000\000\000\000\000\001\000\000\000\001\000\000\000\060?\243\000\000\000\000\000\"\000\000" pidfd = -1 (gdb) Here's another one: *** Error in `/usr/sbin/haproxy': malloc(): memory corruption: 0x0000000000a41ee0 *** ======= Backtrace: ========= /lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7ffff71bb7e5] /lib/x86_64-linux-gnu/libc.so.6(+0x8213e)[0x7ffff71c613e] /lib/x86_64-linux-gnu/libc.so.6(__libc_malloc+0x54)[0x7ffff71c8184] /usr/sbin/haproxy[0x524a36] /usr/sbin/haproxy[0x522e24] /usr/sbin/haproxy[0x523402] /usr/sbin/haproxy[0x533150] /usr/sbin/haproxy[0x4120b6] /usr/sbin/haproxy[0x4d9195] /usr/sbin/haproxy[0x4da24d] /usr/sbin/haproxy[0x4fab7d] /usr/sbin/haproxy[0x51202c] /usr/sbin/haproxy[0x4d51c8] /usr/sbin/haproxy[0x4d64ba] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7ffff7164830] /usr/sbin/haproxy[0x4055a9] ======= Memory map: ======== 00400000-007af000 r-xp 00000000 ca:02 40972 /usr/sbin/haproxy 009af000-009cf000 r--p 003af000 ca:02 40972 /usr/sbin/haproxy 009cf000-009eb000 rw-p 003cf000 ca:02 40972 /usr/sbin/haproxy 009eb000-00ac5000 rw-p 00000000 00:00 0 [heap] 7ffff0000000-7ffff0021000 rw-p 00000000 00:00 0 7ffff0021000-7ffff4000000 ---p 00000000 00:00 0 7ffff6b0e000-7ffff6b24000 r-xp 00000000 ca:02 24641 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ffff6b24000-7ffff6d23000 ---p 00016000 ca:02 24641 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ffff6d23000-7ffff6d24000 rw-p 00015000 ca:02 24641 /lib/x86_64-linux-gnu/libgcc_s.so.1 7ffff6d24000-7ffff7144000 rw-p 00000000 00:00 0 7ffff7144000-7ffff7304000 r-xp 00000000 ca:02 26350 /lib/x86_64-linux-gnu/libc-2.23.so 7ffff7304000-7ffff7504000 ---p 001c0000 ca:02 26350 /lib/x86_64-linux-gnu/libc-2.23.so 7ffff7504000-7ffff7508000 r--p 001c0000 ca:02 26350 /lib/x86_64-linux-gnu/libc-2.23.so 7ffff7508000-7ffff750a000 rw-p 001c4000 ca:02 26350 /lib/x86_64-linux-gnu/libc-2.23.so 7ffff750a000-7ffff750e000 rw-p 00000000 00:00 0 7ffff750e000-7ffff7526000 r-xp 00000000 ca:02 24805 /lib/x86_64-linux-gnu/libpthread-2.23.so 7ffff7526000-7ffff7725000 ---p 00018000 ca:02 24805 /lib/x86_64-linux-gnu/libpthread-2.23.so 7ffff7725000-7ffff7726000 r--p 00017000 ca:02 24805 /lib/x86_64-linux-gnu/libpthread-2.23.so 7ffff7726000-7ffff7727000 rw-p 00018000 ca:02 24805 /lib/x86_64-linux-gnu/libpthread-2.23.so 7ffff7727000-7ffff772b000 rw-p 00000000 00:00 0 7ffff772b000-7ffff7799000 r-xp 00000000 ca:02 24672 /lib/x86_64-linux-gnu/libpcre.so.3.13.2 7ffff7799000-7ffff7999000 ---p 0006e000 ca:02 24672 /lib/x86_64-linux-gnu/libpcre.so.3.13.2 7ffff7999000-7ffff799a000 r--p 0006e000 ca:02 24672 /lib/x86_64-linux-gnu/libpcre.so.3.13.2 7ffff799a000-7ffff799b000 rw-p 0006f000 ca:02 24672 /lib/x86_64-linux-gnu/libpcre.so.3.13.2 7ffff799b000-7ffff799e000 r-xp 00000000 ca:02 26330 /lib/x86_64-linux-gnu/libdl-2.23.so 7ffff799e000-7ffff7b9d000 ---p 00003000 ca:02 26330 /lib/x86_64-linux-gnu/libdl-2.23.so 7ffff7b9d000-7ffff7b9e000 r--p 00002000 ca:02 26330 /lib/x86_64-linux-gnu/libdl-2.23.so 7ffff7b9e000-7ffff7b9f000 rw-p 00003000 ca:02 26330 /lib/x86_64-linux-gnu/libdl-2.23.so 7ffff7b9f000-7ffff7ba8000 r-xp 00000000 ca:02 24741 /lib/x86_64-linux-gnu/libcrypt-2.23.so 7ffff7ba8000-7ffff7da7000 ---p 00009000 ca:02 24741 /lib/x86_64-linux-gnu/libcrypt-2.23.so 7ffff7da7000-7ffff7da8000 r--p 00008000 ca:02 24741 /lib/x86_64-linux-gnu/libcrypt-2.23.so 7ffff7da8000-7ffff7da9000 rw-p 00009000 ca:02 24741 /lib/x86_64-linux-gnu/libcrypt-2.23.so 7ffff7da9000-7ffff7dd7000 rw-p 00000000 00:00 0 7ffff7dd7000-7ffff7dfd000 r-xp 00000000 ca:02 24651 /lib/x86_64-linux-gnu/ld-2.23.so 7ffff7fec000-7ffff7ff0000 rw-p 00000000 00:00 0 7ffff7ff5000-7ffff7ff8000 rw-p 00000000 00:00 0 7ffff7ff8000-7ffff7ffa000 r--p 00000000 00:00 0 [vvar] 7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso] 7ffff7ffc000-7ffff7ffd000 r--p 00025000 ca:02 24651 /lib/x86_64-linux-gnu/ld-2.23.so 7ffff7ffd000-7ffff7ffe000 rw-p 00026000 ca:02 24651 /lib/x86_64-linux-gnu/ld-2.23.so 7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 7fffffede000-7ffffffff000 rw-p 00000000 00:00 0 [stack] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Program received signal SIGABRT, Aborted. 0x00007ffff7179428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 0x00007ffff7179428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 #1 0x00007ffff717b02a in __GI_abort () at abort.c:89 #2 0x00007ffff71bb7ea in __libc_message (do_abort=2, fmt=fmt@entry=0x7ffff72d4e98 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00007ffff71c613e in malloc_printerr (ar_ptr=0x7ffff7508b20 <main_arena>, ptr=0xa41ee0, str=0x7ffff72d1cff "malloc(): memory corruption", action=<optimized out>) at malloc.c:5006 #4 _int_malloc (av=av@entry=0x7ffff7508b20 <main_arena>, bytes=bytes@entry=16472) at malloc.c:3474 #5 0x00007ffff71c8184 in __GI___libc_malloc (bytes=16472) at malloc.c:2913 #6 0x0000000000524a36 in ssl3_setup_write_buffer () #7 0x0000000000522e24 in do_ssl3_write () #8 0x0000000000523402 in ssl3_write_bytes () #9 0x0000000000533150 in SSL_write () #10 0x00000000004120b6 in ssl_sock_from_buf (conn=0xa45080, buf=0xa9f850, flags=1) at src/ssl_sock.c:4974 #11 0x00000000004d9195 in si_conn_send (conn=0xa45080) at src/stream_interface.c:658 #12 0x00000000004da24d in si_conn_send_cb (conn=0xa45080) at src/stream_interface.c:1295 #13 0x00000000004fab7d in conn_fd_handler (fd=5) at src/connection.c:104 #14 0x000000000051202c in fd_process_cached_events () at src/fd.c:240 #15 0x00000000004d51c8 in run_poll_loop () at src/haproxy.c:2186 #16 0x00000000004d64ba in main (argc=4, argv=0x7fffffffe658) at src/haproxy.c:2701 (gdb) bt full #0 0x00007ffff7179428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54 resultvar = 0 pid = 29977 selftid = 29977 #1 0x00007ffff717b02a in __GI_abort () at abort.c:89 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0x20302030303a3030, sa_sigaction = 0x20302030303a3030}, sa_mask = {__val = {2314885530818453536, 2314885530818453536, 7017579609838738208, 4206752516204751980, 3545519503966220848, 2314885530818453536, 2314885530818453536, 7795484802351636512, 3917909816998060649, 3276497845987585332, 7161402270846119527, 3615882721633532274, 7378645557452156467, 3472337303646987878, 3991990709698112816, 8223625903104156004}}, sa_flags = 544222583, sa_restorer = 0x56} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x00007ffff71bb7ea in __libc_message (do_abort=2, fmt=fmt@entry=0x7ffff72d4e98 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 ap = <error reading variable ap (Attempt to dereference a generic pointer.)> fd = 6 on_2 = <optimized out> list = <optimized out> nlist = <optimized out> cp = <optimized out> written = <optimized out> #3 0x00007ffff71c613e in malloc_printerr (ar_ptr=0x7ffff7508b20 <main_arena>, ptr=0xa41ee0, str=0x7ffff72d1cff "malloc(): memory corruption", action=<optimized out>) at malloc.c:5006 buf = "0000000000a41ee0" cp = <optimized out> ar_ptr = 0x7ffff7508b20 <main_arena> ptr = 0xa41ee0 str = 0x7ffff72d1cff "malloc(): memory corruption" action = <optimized out> #4 _int_malloc (av=av@entry=0x7ffff7508b20 <main_arena>, bytes=bytes@entry=16472) at malloc.c:3474 iters = <optimized out> nb = 16480 idx = 114 bin = <optimized out> victim = 0xa41ed0 size = <optimized out> victim_index = <optimized out> remainder = <optimized out> remainder_size = <optimized out> block = <optimized out> bit = <optimized out> map = <optimized out> fwd = <optimized out> bck = 0x7ffff7508b78 <main_arena+88> errstr = 0x0 __func__ = "_int_malloc" #5 0x00007ffff71c8184 in __GI___libc_malloc (bytes=16472) at malloc.c:2913 ar_ptr = 0x7ffff7508b20 <main_arena> victim = <optimized out> hook = <optimized out> #6 0x0000000000524a36 in ssl3_setup_write_buffer () No symbol table info available. #7 0x0000000000522e24 in do_ssl3_write () No symbol table info available. #8 0x0000000000523402 in ssl3_write_bytes () No symbol table info available. #9 0x0000000000533150 in SSL_write () No symbol table info available. #10 0x00000000004120b6 in ssl_sock_from_buf (conn=0xa45080, buf=0xa9f850, flags=1) at src/ssl_sock.c:4974 ret = 253949018 try = 212 done = 0 #11 0x00000000004d9195 in si_conn_send (conn=0xa45080) at src/stream_interface.c:658 send_flag = 1 si = 0xaa5b18 oc = 0xaa5930 ret = 0 #12 0x00000000004da24d in si_conn_send_cb (conn=0xa45080) at src/stream_interface.c:1295 si = 0xaa5b18 #13 0x00000000004fab7d in conn_fd_handler (fd=5) at src/connection.c:104 conn = 0xa45080 flags = 0 #14 0x000000000051202c in fd_process_cached_events () at src/fd.c:240 fd = 5 entry = 0 e = 50 #15 0x00000000004d51c8 in run_poll_loop () at src/haproxy.c:2186 next = 253899019 #16 0x00000000004d64ba in main (argc=4, argv=0x7fffffffe658) at src/haproxy.c:2701 err = 0 retry = 200 limit = {rlim_cur = 4011, rlim_max = 4011} errmsg = "\000@\243\000\000\000\000\000X\346\377\377\377\177\000\000\004\000\000\000\000\000\000\000ʍ\034\367\377\177\000\000\260=\243\000\000\000\000\000\"\000\000\000\000\000\000\000\000\345\377\377\377\177\000\000\370\364\232\000\000\000\000\000\200\346\377\377\377\177\000\000*\373L\000\000\000\000\000\001\000\000\000\001\000\000\000\060?\243\000\000\000\000\000\"\000\000" pidfd = -1 (gdb) Repro config (fire requests to /robots.txt from curl or browsers): global ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:!DSS ssl-default-bind-options no-tls-tickets no-tlsv10 no-tlsv11 force-tlsv12 prefer-client-ciphers defaults log global option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 timeout http-keep-alive 60s option http-keep-alive option forwardfor frontend tls-termination mode http bind :443 ssl crt /etc/ssl/private/temp.example.com.ecdsa crt /etc/ssl/private/ npn http/1.1 alpn http/1.1 curves X25519:P-256 #strict-sni use_backend robots if { path /robots.txt } #use_backend temp if { ssl_fc_sni -i temp.example.com } backend temp mode http server local-nginx 127.0.0.1:80 maxconn 200 backend robots mode http errorfile 403 /etc/haproxy/errors/robotstxt.http http-request deny root@www:/usr/sbin# haproxy -vv HA-Proxy version 1.8-dev2-8d85aa-52 2017/06/30 Copyright 2000-2017 Willy Tarreau <wi...@haproxy.org> Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O0 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv OPTIONS = USE_GETADDRINFO=1 USE_SLZ=1 USE_OPENSSL=1 USE_PCRE=1 USE_PCRE_JIT=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with OpenSSL version : OpenSSL 1.1.0g-dev xx XXX xxxx Running on OpenSSL version : OpenSSL 1.1.0g-dev xx XXX xxxx OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2 Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with network namespace support. Built with libslz for stateless compression. Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Encrypted password support via crypt(3): yes Built with PCRE version : 8.38 2015-11-23 Running on PCRE version : 8.38 2015-11-23 PCRE library supports JIT : yes Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available filters : [SPOE] spoe [COMP] compression [TRACE] trace Hope this helps, Lukas