Oh, and the crash is introduced in 8af03b396a6025437b675f9ecaa5db321ec4918c; 56dd354b3c55876c4e693fe5eee919e85b2bad53 is the last version that doesn't crash for me.
On Thu, Jan 23, 2020 at 12:06 PM Tim Düsterhus <t...@bastelstu.be> wrote: > Willy, > James, > > Am 23.01.20 um 21:00 schrieb Willy Tarreau: > > I'm impressed, I'm unable to reproduce it! > > FWIW, I can reproduce it: > > > [timwolla@/s/haproxy ((f22758d1…))]./haproxy -vv > > HA-Proxy version 2.2-dev1-f22758-30 2020/01/23 - https://haproxy.org/ > > Status: development branch - not safe for use in production. > > Known bugs: https://github.com/haproxy/haproxy/issues?q=is:issue+is:open > > Build options : > > TARGET = linux-glibc > > CPU = generic > > CC = gcc > > CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement > -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter > -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered > -Wno-missing-field-initializers -Wtype-limits > > OPTIONS = > > > > Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER -PCRE > -PCRE_JIT -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED > -REGPARM -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE > +LIBCRYPT +CRYPT_H -VSYSCALL +GETADDRINFO -OPENSSL -LUA +FUTEX +ACCEPT4 > -MY_ACCEPT4 -ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS > -51DEGREES -WURFL -SYSTEMD -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS > > > > Default settings : > > bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 > > > > Built with multi-threading support (MAX_THREADS=64, default=4). > > Built with network namespace support. > > Built with transparent proxy support using: IP_TRANSPARENT > IPV6_TRANSPARENT IP_FREEBIND > > Built without PCRE or PCRE2 support (using libc's regex instead) > > Encrypted password support via crypt(3): yes > > Built without compression support (neither USE_ZLIB nor USE_SLZ are set). > > Compression algorithms supported : identity("identity") > > > > Available polling systems : > > epoll : pref=300, test result OK > > poll : pref=200, test result OK > > select : pref=150, test result OK > > Total: 3 (3 usable), will use epoll. > > > > Available multiplexer protocols : > > (protocols marked as <default> cannot be specified using 'proto' keyword) > > h2 : mode=HTTP side=FE|BE mux=H2 > > fcgi : mode=HTTP side=BE mux=FCGI > > <default> : mode=HTTP side=FE|BE mux=H1 > > <default> : mode=TCP side=FE|BE mux=PASS > > > > Available services : none > > > > Available filters : > > [SPOE] spoe > > [CACHE] cache > > [FCGI] fcgi-app > > [TRACE] trace > > [COMP] compression > > > > [timwolla@/s/haproxy ((f22758d1…))]./haproxy -d -f ./crasher.cfg > > Available polling systems : > > epoll : pref=300, test result OK > > poll : pref=200, test result OK > > select : pref=150, test result FAILED > > Total: 3 (2 usable), will use epoll. > > > > Available filters : > > [SPOE] spoe > > [CACHE] cache > > [FCGI] fcgi-app > > [TRACE] trace > > [COMP] compression > > Using epoll() as the polling mechanism. > > 00000000:test_fe.accept(0004)=0011 from [::ffff:127.0.0.1:48030] > ALPN=<none> > > 00000000:test_fe.clireq[0011:ffffffff]: GET / HTTP/1.1 > > 00000000:test_fe.clihdr[0011:ffffffff]: host: localhost:9999 > > 00000000:test_fe.clihdr[0011:ffffffff]: user-agent: curl/7.47.0 > > 00000000:test_fe.clihdr[0011:ffffffff]: accept: */* > > 00000001:test_fe.accept(0004)=0011 from [::ffff:127.0.0.1:48030] > ALPN=<none> > > 00000001:test_fe.clicls[0010:ffffffff] > > 00000001:test_fe.closed[0010:ffffffff] > > fish: “./haproxy -d -f ./crasher.cfg” terminated by signal SIGSEGV > (Address boundary error) > > And in another Terminal: > > > $ curl localhost:9999 > > curl: (52) Empty reply from server > > With valgrind: > > > ==19765== Memcheck, a memory error detector > > ==19765== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. > > ==19765== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright > info > > ==19765== Command: ./haproxy -d -f ./crasher.cfg > > ==19765== > > Available polling systems : > > epoll : pref=300, test result OK > > poll : pref=200, test result OK > > select : pref=150, test result FAILED > > Total: 3 (2 usable), will use epoll. > > > > Available filters : > > [SPOE] spoe > > [CACHE] cache > > [FCGI] fcgi-app > > [TRACE] trace > > [COMP] compression > > Using epoll() as the polling mechanism. > > [WARNING] 022/210543 (19765) : [./haproxy.main()] Cannot raise FD limit > to 2071, limit is 1024. This will fail in >= v2.3 > > [ALERT] 022/210543 (19765) : [./haproxy.main()] FD limit (1024) too low > for maxconn=1024/maxsock=2071. Please raise 'ulimit-n' to 2071 or more to > avoid any trouble.This will fail in >= v2.3 > > ==19765== Thread 2: > > ==19765== Syscall param timer_create(evp.sigev_value) points to > uninitialised byte(s) > > ==19765== at 0x5292FE0: timer_create@@GLIBC_2.3.3 (timer_create.c:78) > > ==19765== by 0x53824D: init_wdt_per_thread (wdt.c:146) > > ==19765== by 0x4B1D84: run_thread_poll_loop (haproxy.c:2723) > > ==19765== by 0x50796B9: start_thread (pthread_create.c:333) > > ==19765== by 0x559E41C: clone (clone.S:109) > > ==19765== Address 0x643ea64 is on thread 2's stack > > ==19765== in frame #1, created by init_wdt_per_thread (wdt.c:131) > > ==19765== > > ==19765== Thread 1: > > ==19765== Syscall param timer_create(evp.sigev_value) points to > uninitialised byte(s) > > ==19765== at 0x5292FE0: timer_create@@GLIBC_2.3.3 (timer_create.c:78) > > ==19765== by 0x53824D: init_wdt_per_thread (wdt.c:146) > > ==19765== by 0x4B1D84: run_thread_poll_loop (haproxy.c:2723) > > ==19765== by 0x40760C: main (haproxy.c:3483) > > ==19765== Address 0xffefffe84 is on thread 1's stack > > ==19765== in frame #1, created by init_wdt_per_thread (wdt.c:131) > > ==19765== > > 00000000:test_fe.accept(0004)=0010 from [::ffff:127.0.0.1:48036] > ALPN=<none> > > 00000000:test_fe.clireq[0010:ffffffff]: GET / HTTP/1.1 > > 00000000:test_fe.clihdr[0010:ffffffff]: host: localhost:9999 > > 00000000:test_fe.clihdr[0010:ffffffff]: user-agent: curl/7.47.0 > > 00000000:test_fe.clihdr[0010:ffffffff]: accept: */* > > 00000001:test_fe.accept(0004)=0010 from [::ffff:127.0.0.1:48036] > ALPN=<none> > > 00000001:test_fe.clicls[0011:ffffffff] > > 00000001:test_fe.closed[0011:ffffffff] > > ==19765== Invalid read of size 8 > > ==19765== at 0x499DD5: back_handle_st_con (backend.c:1937) > > ==19765== by 0x427353: process_stream (stream.c:1662) > > ==19765== by 0x5023E9: process_runnable_tasks (task.c:461) > > ==19765== by 0x4B1E78: run_poll_loop (haproxy.c:2630) > > ==19765== by 0x4B1E78: run_thread_poll_loop (haproxy.c:2783) > > ==19765== by 0x40760C: main (haproxy.c:3483) > > ==19765== Address 0x18 is not stack'd, malloc'd or (recently) free'd > > ==19765== > > ==19765== > > ==19765== Process terminating with default action of signal 11 (SIGSEGV) > > ==19765== Access not within mapped region at address 0x18 > > ==19765== at 0x499DD5: back_handle_st_con (backend.c:1937) > > ==19765== by 0x427353: process_stream (stream.c:1662) > > ==19765== by 0x5023E9: process_runnable_tasks (task.c:461) > > ==19765== by 0x4B1E78: run_poll_loop (haproxy.c:2630) > > ==19765== by 0x4B1E78: run_thread_poll_loop (haproxy.c:2783) > > ==19765== by 0x40760C: main (haproxy.c:3483) > > ==19765== If you believe this happened as a result of a stack > > ==19765== overflow in your program's main thread (unlikely but > > ==19765== possible), you can try to increase the size of the > > ==19765== main thread stack using the --main-stacksize= flag. > > ==19765== The main thread stack size used in this run was 8388608. > > ==19765== > > ==19765== HEAP SUMMARY: > > ==19765== in use at exit: 2,005,950 bytes in 224 blocks > > ==19765== total heap usage: 269 allocs, 45 frees, 2,115,657 bytes > allocated > > ==19765== > > ==19765== LEAK SUMMARY: > > ==19765== definitely lost: 0 bytes in 0 blocks > > ==19765== indirectly lost: 0 bytes in 0 blocks > > ==19765== possibly lost: 864 bytes in 3 blocks > > ==19765== still reachable: 2,005,086 bytes in 221 blocks > > ==19765== suppressed: 0 bytes in 0 blocks > > ==19765== Rerun with --leak-check=full to see details of leaked memory > > ==19765== > > ==19765== For counts of detected and suppressed errors, rerun with: -v > > ==19765== Use --track-origins=yes to see where uninitialised values come > from > > ==19765== ERROR SUMMARY: 5 errors from 3 contexts (suppressed: 0 from 0) > > fish: “valgrind ./haproxy -d -f ./cras…” terminated by signal SIGKILL > (Forced quit) > > Best regards > Tim Düsterhus > -- James Brown Engineer