Hi, I found a segfault when using server-template within 1.9.x and 2.0-dev. This seems to be related to "http-reuse" as when I set to "never" it does not crash anymore.
It appears that idle_orphan_conns is not being properly initialized for the
first server within the server-template. I was able to confirm this by
creating a small server-template with 4 servers and setting all of the
addresses except for the first 1. This did not result in a crash. As soon
as I set and was sent to the first address it resulted in a crash.
I found that server_template_init() establishes everything fine for all
servers (setting id from prefix with srv_set_id_from_prefix() , etc... )
and then at the bottom of the function you can see it calls
srv_set_id_from_prefix() to then establish the id for the first server --
however, the first server doesn't get any of the logic to initialize the
idle_orphan_conns.
My initial fix added the idle_orphan_conns initialization code to the
bottom of server_template_init() (right below the srv_set_id_from_prefix()
which sets the prefix specifically for the first server slot) -- however
this seemed like it might be too messy.
I believe a better option is to remove the check for !srv->tmpl_info.prefix
within server_finalize_init(). Patch attached.
Feel free to correct me if I am wrong on this assumption.
Here is the config which results in a crash:
listen fe_main
mode http
bind *:80
timeout server 5ms
timeout client 5ms
timeout connect 5ms
server-template srv 2 10.1.0.1:80
(Should segfault after the first request)
HA-Proxy version 2.0-dev0-251a6b-97 2019/01/08 - https://haproxy.org/
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
-fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter
-Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered
-Wno-missing-field-initializers -Wtype-limits
OPTIONS = USE_OPENSSL=1
Backtrace:
[New LWP 14046]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `./haproxy -f crash.cfg -d'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00000000004f82fe in srv_add_to_idle_list (conn=0x2331320,
srv=0x22aeb60) at include/proto/server.h:244
244 LIST_ADDQ(&srv->idle_orphan_conns[tid], &conn->list);
(gdb) bt
#0 0x00000000004f82fe in srv_add_to_idle_list (conn=0x2331320,
srv=0x22aeb60) at include/proto/server.h:244
#1 session_free (sess=0x2330970) at src/session.c:90
#2 0x000000000050dca3 in mux_pt_destroy (ctx=0x2330920) at src/mux_pt.c:38
#3 0x0000000000446bdb in cs_destroy (cs=0x2331230) at
include/proto/connection.h:708
#4 si_release_endpoint (si=si@entry=0x2330cd8) at
include/proto/stream_interface.h:170
#5 0x000000000044c9ec in stream_free (s=0x2330a40) at src/stream.c:446
#6 process_stream (t=t@entry=0x2330e30, context=0x2330a40,
state=<optimized out>) at src/stream.c:2610
#7 0x0000000000509955 in process_runnable_tasks () at src/task.c:432
#8 0x000000000048b485 in run_poll_loop () at src/haproxy.c:2619
#9 run_thread_poll_loop (data=data@entry=0x23267d0) at src/haproxy.c:2684
#10 0x000000000040aa0c in main (argc=<optimized out>, argv=0x7fffd8018e48)
at src/haproxy.c:3313
(gdb) frame 0
#0 0x00000000004f82fe in srv_add_to_idle_list (conn=0x2331320,
srv=0x22aeb60) at include/proto/server.h:244
244 LIST_ADDQ(&srv->idle_orphan_conns[tid], &conn->list);
(gdb) print &srv->idle_orphan_conns[tid]
$1 = (struct list *) 0x0
(gdb) print &conn->list
$2 = (struct list *) 0x2331370
0001-BUG-MEDIUM-init-Initialize-idle_orphan_conns-for-fir.patch
Description: Binary data
