Setting retry-on causes segmentation fault with TCP backends

[Louis Chanouha]

Hello,

I upgraded to HAProxy 2.0.5 (from 1.9) and found an issue when i tried to add 
retry-on option. TCP backend seems to answer to one or two requests and then 
crash HAProxy:

My simplified conf:

defaults
       [...]
       retries                         3
       option abortonclose
       http-reuse                      safe
       retry-on conn-failure 0rtt-rejected 503

listen SMTPS2_PROD
       bind            0.0.0.0:587
       mode            tcp
       balance         roundrobin

       server          s1 1.1.1.1:586
       server          s2 1.1.1.2:586

I get in logs:

Aug 30 14:48:49 s1 haproxy[3071]: [ALERT] 241/144849 (3071) : Current worker #1 
(3072) exited with code 139 (Segmentation fault)

With option, i get:

└──╼ openssl s_client -connect server:587  -starttls smtp
CONNECTED(00000003)
Didn't find STARTTLS in server response, trying anyway...
write:errno=32
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 23 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

Sow few requests success..

Without option, server is stable:

──╼ openssl s_client -connect server:587 -starttls smtp
^[[A
CONNECTED(00000003)
[...]
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3843 bytes and written 483 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: yyy
    Session-ID-ctx: 
    Master-Key: 5xxx
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1567167549
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes

Louis

---

--

Louis Chanouha | Infrastructures informatiques    
Service Numérique de l'Université de Toulouse
Université Fédérale Toulouse Midi-Pyrénées    
Maison de la Recherche et de la Valorisation - MRV
118 route de Narbonne - 31062 Toulouse Cedex 09
Tél. : +33 5 61 10 80 45 /    poste int. : 12 80 45    
louis.chano...@univ-toulouse.fr
Facebook |         Twitter | www.univ-toulouse.fr