Pieter,
Am 08.01.19 um 23:37 schrieb PiBa-NL:
> Got a coredump of 1.9.0-8223050 today, see below. Would this be 'likely'
> the same one with the 'PRIORITY' that 1.9.1 fixes?
Without knowing much about the mux code: This is highly unlikely to be
related. In my tests the bug lead to an immediate crash when receiving
the bogusrequest. In your case it appears to me that the crash happened
while sending the response.
Generally I believe it's best to send those kind of reports to Willy in
private. If this is a actually something that can be triggered by an
unauthenticated client it does not need to be exposed for the whole
world to see :-)
> I don't have any idea what the exact circumstance request/response was..
What might be of interest is the configuration: Are you using HTX,
Compression, Lua or something like that?
Best regards
Tim Düsterhus
> Anyhow i updated my system to 2.0-dev0-251a6b7 for the moment, lets see
> if something strange happens again. Might take a few days though, IF it
> still occurs..
>
> Regards,
>
> PiBa-NL (Pieter)
>
> Core was generated by `/usr/local/sbin/haproxy -f
> /var/etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0 0x00000000004b91c7 in h2_process_mux (h2c=0x802657480) at
> src/mux_h2.c:2434
> 2434 src/mux_h2.c: No such file or directory.
> (gdb) bt full
> #0 0x00000000004b91c7 in h2_process_mux (h2c=0x802657480) at
> src/mux_h2.c:2434
> h2s = 0x80262c7a0
> h2s_back = 0x80262ca40
> #1 0x00000000004b844d in h2_send (h2c=0x802657480) at src/mux_h2.c:2560
> flags = 0
> conn = 0x8026dc300
> done = 0
> sent = 1
> #2 0x00000000004b8a49 in h2_process (h2c=0x802657480) at src/mux_h2.c:2640
> conn = 0x8026dc300
> #3 0x00000000004b32e1 in h2_wake (conn=0x8026dc300) at src/mux_h2.c:2715
> h2c = 0x802657480
> #4 0x00000000005c8158 in conn_fd_handler (fd=7) at src/connection.c:190
> conn = 0x8026dc300
> flags = 0
> io_available = 0
> #5 0x00000000005e3c7c in fdlist_process_cached_events (fdlist=0x9448f0
> <fd_cache_local>) at src/fd.c:441
> fd = 7
> old_fd = 7
> e = 117
> #6 0x00000000005e377c in fd_process_cached_events () at src/fd.c:459
> No locals.
> #7 0x0000000000514296 in run_poll_loop () at src/haproxy.c:2655
> next = 762362654
> exp = 762362654
> #8 0x0000000000510b78 in run_thread_poll_loop (data=0x802615970) at
> src/haproxy.c:2684
> start_lock = 0
> ptif = 0x92ed10 <per_thread_init_list>
> ptdf = 0x0
> #9 0x000000000050d1a6 in main (argc=6, argv=0x7fffffffec60) at
> src/haproxy.c:3313
> tids = 0x802615970
> threads = 0x802615998
> i = 1
> old_sig = {__bits = {0, 0, 0, 0}}
> blocked_sig = {__bits = {4227856759, 4294967295, 4294967295,
> 4294967295}}
> err = 0
> retry = 200
> limit = {rlim_cur = 2040, rlim_max = 2040}
> errmsg =
> "\000\354\377\377\377\177\000\000\230\354\377\377\377\177\000\000`\354\377\377\377\177\000\000\006\000\000\000\000\000\000\000\f\373\353\230\373\032\351~\240\270\223\000\000\000\000\000X\354\377\377\377\177\000\000\230\354\377\377\377\177\000\000`\354\377\377\377\177\000\000\006\000\000\000\000\000\000\000\000\354\377\377\377\177\000\000\302z\000\002\b\000\000\000\001\000\000"
>
> pidfd = 17
> (gdb)
>
>
