Hello, I know I'm reporting an issue with an old version, but I got 2 segfaults in 48h. As I only got 3 segfaults with HAProxy in +10 years, I just wanted to make sure these bugs have been caught and are now fixed.
haproxy -vv output: HA-Proxy version 1.9.6 2019/03/29 - https://haproxy.org/ Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-format-truncation -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wno-implicit-fallthrough -Wno-stringop-overflow -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_LUA=1 USE_STATIC_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Built with OpenSSL version : OpenSSL 1.1.1b 26 Feb 2019 Running on OpenSSL version : OpenSSL 1.1.1b 26 Feb 2019 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3 Built with Lua version : Lua 5.3.5 Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Built with zlib version : 1.2.11 Running on zlib version : 1.2.11 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with PCRE version : 8.41 2017-07-05 Running on PCRE version : 8.41 2017-07-05 PCRE library supports JIT : no (USE_PCRE_JIT not set) Encrypted password support via crypt(3): yes Built with multi-threading support. Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Available multiplexer protocols : (protocols marked as <default> cannot be specified using 'proto' keyword) h2 : mode=HTX side=FE|BE h2 : mode=HTTP side=FE <default> : mode=HTX side=FE|BE <default> : mode=TCP|HTTP side=FE|BE Available filters : [SPOE] spoe [COMP] compression [CACHE] cache [TRACE] trace ### First segfault : ### Program terminated with signal 11, Segmentation fault. #0 0x00000000004cba32 in h2_process_mux (h2c=0x9b4b300) at src/mux_h2.c:2588 (gdb) bt full #0 0x00000000004cba32 in h2_process_mux (h2c=0x9b4b300) at src/mux_h2.c:2588 h2s = 0x98edf50 #1 h2_send (h2c=h2c@entry=0x9b4b300) at src/mux_h2.c:2716 flags = <optimized out> conn = 0x9aef030 done = 0 sent = 0 #2 0x00000000004d3918 in h2_io_cb (t=<optimized out>, ctx=0x9b4b300, status=<optimized out>) at src/mux_h2.c:2778 h2c = 0x9b4b300 ret = 0 #3 0x0000000000584456 in process_runnable_tasks () at src/task.c:437 t = 0x9e15170 state = <optimized out> ctx = <optimized out> process = <optimized out> t = <optimized out> max_processed = 194 #4 0x0000000000503fd4 in run_poll_loop () at src/haproxy.c:2642 next = <optimized out> exp = <optimized out> #5 run_thread_poll_loop (data=data@entry=0x19a32b0) at src/haproxy.c:2707 ptif = <optimized out> ptdf = <optimized out> start_lock = 0 #6 0x00000000004648d8 in main (argc=<optimized out>, argv=0x7ffccfb0cba8) at src/haproxy.c:3343 tids = 0x19a32b0 threads = 0x19a2750 i = <optimized out> old_sig = {__val = {68097, 0, 64, 206158430210, 532575944795, 472446402679, 0, 139791683256608, 24, 11381472, 335544638, 11392704, 26776016, 139791680031404, 0, 26699504}} blocked_sig = {__val = {18446744067199990583, 18446744073709551615 <repeats 15 times>}} err = <optimized out> retry = <optimized out> limit = {rlim_cur = 801167, rlim_max = 801167} errmsg = "\000\000\000\000\000\000\000\000\220Ap\312#\177\000\000\000\357\200\000\000\000\000\000(\357\200\000\000\000\000\000\231\353\200\000\000\000\000\000\000\000\000\000\002", '\000' <repeats 11 times>"\350, Dp\312#\177\000\000p\311\260\317\374\177\000\000\035\000\000\000\000\000\000\000\210\311\260\317\374\177\000\000 \326\230\001\001\000\000\000\000v\000" pidfd = <optimized out> ### Second segfault ### Program terminated with signal 11, Segmentation fault. #0 0x00000000005808b5 in __pendconn_unlink (p=p@entry=0x7fff694b0730) at src/queue.c:138 (gdb) bt full #0 0x00000000005808b5 in __pendconn_unlink (p=p@entry=0x7fff694b0730) at src/queue.c:138 No locals. #1 0x0000000000581507 in pendconn_redistribute (s=s@entry=0x6b01cd0) at src/queue.c:413 p = 0x7fff694b0730 node = 0xb781a88 #2 0x00000000004ee2b2 in srv_update_status (s=s@entry=0x6b01cd0) at src/server.c:4805 next_admin = <optimized out> check = 0x6b02170 xferred = <optimized out> px = 0x6a357e0 prev_srv_count = 2 srv_was_stopping = <optimized out> log_level = <optimized out> tmptrash = 0x0 #3 0x00000000004eef04 in srv_set_stopped (s=0x6b01cd0, reason=reason@entry=0x0, check=<optimized out>) at src/server.c:1016 srv = <optimized out> #4 0x00000000004eefc1 in srv_set_stopped (s=<optimized out>, reason=reason@entry=0x0, check=<optimized out>) at src/server.c:999 No locals. #5 0x00000000004f51c2 in check_notify_failure (check=check@entry=0x6b02170) at src/checks.c:326 s = <optimized out> #6 0x00000000004fde28 in process_chk_conn (state=<optimized out>, context=0x6b02170, t=0x8e16ba0) at src/checks.c:2302 cs = <optimized out> conn = <optimized out> rv = <optimized out> check = 0x6b02170 proxy = 0x6a357e0 #7 process_chk (t=0x8e16ba0, context=0x6b02170, state=<optimized out>) at src/checks.c:2345 check = 0x6b02170 #8 0x0000000000584456 in process_runnable_tasks () at src/task.c:437 t = 0x8e16ba0 state = <optimized out> ctx = <optimized out> process = <optimized out> t = <optimized out> max_processed = 199 #9 0x0000000000503fd4 in run_poll_loop () at src/haproxy.c:2642 next = <optimized out> exp = <optimized out> #10 run_thread_poll_loop (data=data@entry=0x131e280) at src/haproxy.c:2707 ptif = <optimized out> ptdf = <optimized out> start_lock = 0 #11 0x00000000004648d8 in main (argc=<optimized out>, argv=0x7fff694b0cb8) at src/haproxy.c:3343 tids = 0x131e280 threads = 0x131d720 i = <optimized out> old_sig = {__val = {68097, 0, 64, 206158430210, 532575944795, 472446402679, 0, 140406116471072, 24, 11381472, 335544638, 11392704, 19939792, 140406113245868, 0, 19863280}} blocked_sig = {__val = {18446744067199990583, 18446744073709551615 <repeats 15 times>}} err = <optimized out> retry = <optimized out> limit = {rlim_cur = 801167, rlim_max = 801167} errmsg = "\000\000\000\000\000\000\000\000\220\021\203\331\262\177\000\000\000\357\200\000\000\000\000\000(\357\200\000\000\000\000\000\231\353\200\000\000\000\000\000\000\000\000\000\002", '\000' <repeats 11 times>"\350, \024\203\331\262\177\000\000\200\nKi\377\177\000\000\035\000\000\000\000\000\000\000\230\nKi\377\177\000\000 \206\060\001\001\000\000\000\000v\000" pidfd = <optimized out> Config file is very heavy with dozens of frontends and backends. I can provide the coredump in a secure channel if needed. Olivier