Willy, James, Am 23.01.20 um 21:00 schrieb Willy Tarreau: > I'm impressed, I'm unable to reproduce it!
FWIW, I can reproduce it: > [timwolla@/s/haproxy ((f22758d1…))]./haproxy -vv > HA-Proxy version 2.2-dev1-f22758-30 2020/01/23 - https://haproxy.org/ > Status: development branch - not safe for use in production. > Known bugs: https://github.com/haproxy/haproxy/issues?q=is:issue+is:open > Build options : > TARGET = linux-glibc > CPU = generic > CC = gcc > CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv > -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter > -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered > -Wno-missing-field-initializers -Wtype-limits > OPTIONS = > > Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER -PCRE -PCRE_JIT > -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED -REGPARM > -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT > +CRYPT_H -VSYSCALL +GETADDRINFO -OPENSSL -LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 > -ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL > -SYSTEMD -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS > > Default settings : > bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 > > Built with multi-threading support (MAX_THREADS=64, default=4). > Built with network namespace support. > Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT > IP_FREEBIND > Built without PCRE or PCRE2 support (using libc's regex instead) > Encrypted password support via crypt(3): yes > Built without compression support (neither USE_ZLIB nor USE_SLZ are set). > Compression algorithms supported : identity("identity") > > Available polling systems : > epoll : pref=300, test result OK > poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use epoll. > > Available multiplexer protocols : > (protocols marked as <default> cannot be specified using 'proto' keyword) > h2 : mode=HTTP side=FE|BE mux=H2 > fcgi : mode=HTTP side=BE mux=FCGI > <default> : mode=HTTP side=FE|BE mux=H1 > <default> : mode=TCP side=FE|BE mux=PASS > > Available services : none > > Available filters : > [SPOE] spoe > [CACHE] cache > [FCGI] fcgi-app > [TRACE] trace > [COMP] compression > > [timwolla@/s/haproxy ((f22758d1…))]./haproxy -d -f ./crasher.cfg > Available polling systems : > epoll : pref=300, test result OK > poll : pref=200, test result OK > select : pref=150, test result FAILED > Total: 3 (2 usable), will use epoll. > > Available filters : > [SPOE] spoe > [CACHE] cache > [FCGI] fcgi-app > [TRACE] trace > [COMP] compression > Using epoll() as the polling mechanism. > 00000000:test_fe.accept(0004)=0011 from [::ffff:127.0.0.1:48030] ALPN=<none> > 00000000:test_fe.clireq[0011:ffffffff]: GET / HTTP/1.1 > 00000000:test_fe.clihdr[0011:ffffffff]: host: localhost:9999 > 00000000:test_fe.clihdr[0011:ffffffff]: user-agent: curl/7.47.0 > 00000000:test_fe.clihdr[0011:ffffffff]: accept: */* > 00000001:test_fe.accept(0004)=0011 from [::ffff:127.0.0.1:48030] ALPN=<none> > 00000001:test_fe.clicls[0010:ffffffff] > 00000001:test_fe.closed[0010:ffffffff] > fish: “./haproxy -d -f ./crasher.cfg” terminated by signal SIGSEGV (Address > boundary error) And in another Terminal: > $ curl localhost:9999 > curl: (52) Empty reply from server With valgrind: > ==19765== Memcheck, a memory error detector > ==19765== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. > ==19765== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info > ==19765== Command: ./haproxy -d -f ./crasher.cfg > ==19765== > Available polling systems : > epoll : pref=300, test result OK > poll : pref=200, test result OK > select : pref=150, test result FAILED > Total: 3 (2 usable), will use epoll. > > Available filters : > [SPOE] spoe > [CACHE] cache > [FCGI] fcgi-app > [TRACE] trace > [COMP] compression > Using epoll() as the polling mechanism. > [WARNING] 022/210543 (19765) : [./haproxy.main()] Cannot raise FD limit to > 2071, limit is 1024. This will fail in >= v2.3 > [ALERT] 022/210543 (19765) : [./haproxy.main()] FD limit (1024) too low for > maxconn=1024/maxsock=2071. Please raise 'ulimit-n' to 2071 or more to avoid > any trouble.This will fail in >= v2.3 > ==19765== Thread 2: > ==19765== Syscall param timer_create(evp.sigev_value) points to uninitialised > byte(s) > ==19765== at 0x5292FE0: timer_create@@GLIBC_2.3.3 (timer_create.c:78) > ==19765== by 0x53824D: init_wdt_per_thread (wdt.c:146) > ==19765== by 0x4B1D84: run_thread_poll_loop (haproxy.c:2723) > ==19765== by 0x50796B9: start_thread (pthread_create.c:333) > ==19765== by 0x559E41C: clone (clone.S:109) > ==19765== Address 0x643ea64 is on thread 2's stack > ==19765== in frame #1, created by init_wdt_per_thread (wdt.c:131) > ==19765== > ==19765== Thread 1: > ==19765== Syscall param timer_create(evp.sigev_value) points to uninitialised > byte(s) > ==19765== at 0x5292FE0: timer_create@@GLIBC_2.3.3 (timer_create.c:78) > ==19765== by 0x53824D: init_wdt_per_thread (wdt.c:146) > ==19765== by 0x4B1D84: run_thread_poll_loop (haproxy.c:2723) > ==19765== by 0x40760C: main (haproxy.c:3483) > ==19765== Address 0xffefffe84 is on thread 1's stack > ==19765== in frame #1, created by init_wdt_per_thread (wdt.c:131) > ==19765== > 00000000:test_fe.accept(0004)=0010 from [::ffff:127.0.0.1:48036] ALPN=<none> > 00000000:test_fe.clireq[0010:ffffffff]: GET / HTTP/1.1 > 00000000:test_fe.clihdr[0010:ffffffff]: host: localhost:9999 > 00000000:test_fe.clihdr[0010:ffffffff]: user-agent: curl/7.47.0 > 00000000:test_fe.clihdr[0010:ffffffff]: accept: */* > 00000001:test_fe.accept(0004)=0010 from [::ffff:127.0.0.1:48036] ALPN=<none> > 00000001:test_fe.clicls[0011:ffffffff] > 00000001:test_fe.closed[0011:ffffffff] > ==19765== Invalid read of size 8 > ==19765== at 0x499DD5: back_handle_st_con (backend.c:1937) > ==19765== by 0x427353: process_stream (stream.c:1662) > ==19765== by 0x5023E9: process_runnable_tasks (task.c:461) > ==19765== by 0x4B1E78: run_poll_loop (haproxy.c:2630) > ==19765== by 0x4B1E78: run_thread_poll_loop (haproxy.c:2783) > ==19765== by 0x40760C: main (haproxy.c:3483) > ==19765== Address 0x18 is not stack'd, malloc'd or (recently) free'd > ==19765== > ==19765== > ==19765== Process terminating with default action of signal 11 (SIGSEGV) > ==19765== Access not within mapped region at address 0x18 > ==19765== at 0x499DD5: back_handle_st_con (backend.c:1937) > ==19765== by 0x427353: process_stream (stream.c:1662) > ==19765== by 0x5023E9: process_runnable_tasks (task.c:461) > ==19765== by 0x4B1E78: run_poll_loop (haproxy.c:2630) > ==19765== by 0x4B1E78: run_thread_poll_loop (haproxy.c:2783) > ==19765== by 0x40760C: main (haproxy.c:3483) > ==19765== If you believe this happened as a result of a stack > ==19765== overflow in your program's main thread (unlikely but > ==19765== possible), you can try to increase the size of the > ==19765== main thread stack using the --main-stacksize= flag. > ==19765== The main thread stack size used in this run was 8388608. > ==19765== > ==19765== HEAP SUMMARY: > ==19765== in use at exit: 2,005,950 bytes in 224 blocks > ==19765== total heap usage: 269 allocs, 45 frees, 2,115,657 bytes allocated > ==19765== > ==19765== LEAK SUMMARY: > ==19765== definitely lost: 0 bytes in 0 blocks > ==19765== indirectly lost: 0 bytes in 0 blocks > ==19765== possibly lost: 864 bytes in 3 blocks > ==19765== still reachable: 2,005,086 bytes in 221 blocks > ==19765== suppressed: 0 bytes in 0 blocks > ==19765== Rerun with --leak-check=full to see details of leaked memory > ==19765== > ==19765== For counts of detected and suppressed errors, rerun with: -v > ==19765== Use --track-origins=yes to see where uninitialised values come from > ==19765== ERROR SUMMARY: 5 errors from 3 contexts (suppressed: 0 from 0) > fish: “valgrind ./haproxy -d -f ./cras…” terminated by signal SIGKILL (Forced > quit) Best regards Tim Düsterhus
