Le 19/04/2021 à 19:54, Maciej Zdeb a écrit :
Hi,
After a couple weeks running HAProxy 2.2.11, one server started to loop on
thread 9. If I'm reading this correctly something went wrong on h2c at
0x7fd7b08d0530.
[...]
### (gdb) p *((struct h2c *)0x7fd7b08d0530)
$1 = {conn = 0x7fd785b87990, st0 = H2_CS_FRAME_P, errcode = H2_ERR_NO_ERROR,
flags = 8, streams_limit = 100, max_id = 0, rcvd_c = 0, rcvd_s = 0,
ddht = 0x7fd7b0820d60, dbuf = {size = 16384,
area = 0x7fd7b1dec0b0
"¤\226\205\064\f\212jܧâ\201\004A\fN\177jC]t\027\221cÌd°à\033\\+\205µ?¬Ø÷èÏô¥\006êU1\024\235O",
data = 16384, head = 48},
dsi = 1, dfl = 16383, dft = 1 '\001', dff = 1 '\001', dpl = 0 '\000',
last_sid = -1, mbuf = {{size = 32,
area = 0x2 <error: Cannot access memory at address 0x2>, data = 1, head =
1}, {size = 0, area = 0x0, data = 0, head = 0} <repeats 29 times>, {
size = 0, area = 0x0, data = 0, head = 12}, {size = 1249, area =
0x7fd7b0000080 "ðHX²×\177", data = 140564347486336, head = 0}}, msi = -1, mfl = 0,
mft = 32 ' ', mff = -96 ' ', miw = 65535, mws = 65535, mfs = 16384, timeout =
20000, shut_timeout = 20000, nb_streams = 0, nb_cs = 0, nb_reserved = 0,
stream_cnt = 0, proxy = 0x5557136cbe60, task = 0x7fd792079be0, streams_by_id
= {b = {0x0, 0x0}}, send_list = {n = 0x7fd7b08d09d8, p = 0x7fd7b08d09d8},
fctl_list = {n = 0x7fd7b08d09e8, p = 0x7fd7b08d09e8}, blocked_list = {n =
0x7fd7b08d09f8, p = 0x7fd7b08d09f8}, buf_wait = {target = 0x0, wakeup_cb = 0x0,
list = {next = 0x7fd7b08d0a18, prev = 0x7fd7b08d0a18}}, wait_event =
{tasklet = 0x7fd79e235bf0, events = 0}}
Hi Maciej,
I'm able to reproduce a similar bug hacking the nghttp2 client to send at most
16383 bytes per frame (instead of 16384). By sending too large headers, we are
falling into a wakeup loop, waiting for more data while the buffer is full.
I have a fix but I must check with Willy how to proceed because I'm not 100%
sure for now.
--
Christopher Faulet
