Hi all,
this malloc crash occurs with and only with a certain hostname of one of my
backends being added to the config. See "redirector.domain.tld" in the
config below. Since this is a production server i had to mask the hostname.
As a hint: The hostname does not contain any special characters, just
alphabetic a-z characters.
Interestingly if i change only a single letter anywhere in the hostname it
doesn't crash anymore. Neither does it crash if i use it's IP instead of
the hostname. How strange is that!?
Also, i am using the same config with 1.5 stable without any problems.
The infos:
=======================================
Running Haproxy 1.6-dev2
=======================================
root@master:/# haproxy -d -f /etc/haproxy/haproxy-test.conf
haproxy: malloc.c:3096: sYSMALLOc: Assertion `(old_top == (((mbinptr)
(((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct
malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >=
(unsigned long)((((__builtin_offsetof (struct malloc_chunk,
fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) -
1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) ==
0)' failed.
Aborted (core dumped)
=======================================
Verbose info
=======================================
root@master:/# haproxy -vv
HA-Proxy version 1.6-dev2-ad90f0d 2015/06/17
Copyright 2000-2015 Willy Tarreau <wi...@haproxy.org>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -g -O0
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.30 2012-02-04
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built without Lua support
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
=======================================
Core dump debug
=======================================
root@master:/# gdb haproxy
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/haproxy...done.
(gdb) core-file core
[New LWP 14246]
warning: Can't read pathname for load map: Input/output error.
Core was generated by `haproxy -d -f /etc/haproxy/haproxy-test.conf'.
Program terminated with signal 6, Aborted.
#0 0x00007faa0ea02165 in raise () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt full
#0 0x00007faa0ea02165 in raise () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#1 0x00007faa0ea053e0 in abort () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#2 0x00007faa0ea45dea in ?? () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#3 0x00007faa0ea48d13 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#4 0x00007faa0ea4aa70 in malloc () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#5 0x00000000004c3398 in pool_refill_alloc (pool=0xcc65d0, avail=2) at
src/memory.c:102
ptr = 0x0
failed = 0
#6 0x0000000000411da5 in init_buffer () at src/buffer.c:54
buffer = 0xcc6550
#7 0x0000000000408cb3 in init (argc=0, argv=0x7ffe8fb141f8) at
src/haproxy.c:818
arg_mode = 1
tmp = 0x0
cfg_pidfile = 0x0
err_code = 0
wl = 0x720a40
progname = 0x7ffe8fb14931 "haproxy"
change_dir = 0x0
curtime = {tm_sec = 29, tm_min = 39, tm_hour = 23, tm_mday = 15,
tm_mon = 6, tm_year = 115, tm_wday = 3, tm_yday = 195, tm_isdst = 0,
tm_gmtoff = 0, tm_zone = 0xcc57b0 "UTC"}
#8 0x000000000040b0e2 in main (argc=4, argv=0x7ffe8fb141d8) at
src/haproxy.c:1657
err = 0
retry = 4224192
limit = {rlim_cur = 140731309179056, rlim_max = 13339168}
errmsg =
"\260@\261\217\376\177\000\000\340\374q\000\000\000\000\000\004\000\000\000\000\000\000\000U*\245\017\252\177\000\000\020\227\313\000\000\000\000\000\000\227\313\000\000\000\000\000\350\003\000\000\000\000\000\000\060",
'\000' <repeats 15 times>"\310,
n\325\016\252\177\000\000\000\000\000\000\000\000\000\000\335Ǧ\016\252\177\000\000\071\001\000"
pidfd = -1
(gdb) quit
=======================================
haproxy-test.conf
=======================================
global
daemon
maxconn 15000
user haproxy
group haproxy
chroot /var/lib/haproxy
stats socket /var/run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
log /dev/log local4
pidfile /var/run/haproxy.pid
spread-checks 3
defaults
maxconn 14500
log global
mode http
option dontlognull
option http-server-close
option persist
timeout http-keep-alive 10000
timeout http-request 6s
timeout connect 7s
timeout client 10s
timeout server 10s
timeout queue 30s
timeout check 5s
retries 2
frontend f_media_http
bind 185.***.***.***:80
mode http
option httplog
capture request header Host len 50
capture request header User-Agent len 150
use_backend b_media_http if { hdr(host) -i getmedia.domain.tld }
use_backend b_media_http if { hdr(host) -i redirector.domain.tld }
backend b_media_http
mode http
option httplog
option accept-invalid-http-response
use-server getmedia-tg if { hdr(host) -i getmedia.domain.tld }
server getmedia getmedia-tg.domain.tld:80 check
use-server redirector if { hdr(host) -i redirector.domain.tld }
server redirector redirector.domain.tld:80 check
