Haproxy 1.9.0 segfault at 7f141e6e3ab8 ip 00007f141e6e3ab8 sp 00007ffea3eab4b8 error 15 in libc-2.17.so[7f141e6e3000+2000]

@safari wrote:

I have a problem with latest haproxy 1.9.0, http traffic is OK, but when running with https traffic, haproxy got segfault errors and crashed. Segfault errors are as below:

[ 6374.791610] haproxy[2741]: segfault at 7f141e6e3ab8 ip 00007f141e6e3ab8 sp 00007ffea3eab4b8 error 15 in libc-2.17.so[7f141e6e3000+2000]
[ 6376.080835] haproxy[2739]: segfault at 60 ip 0000000000000060 sp 00007ffea3eab4b8 error 14 in haproxy-1.9.0[400000+46a000]
[ 6385.632464] haproxy[2762]: segfault at b0 ip 00000000004cc0da sp 00007fff64bd3360 error 4 in haproxy-1.9.0[400000+46a000]
[ 6389.265346] haproxy[2764]: segfault at 0 ip           (null) sp 00007fff64bd3358 error 14 in haproxy-1.9.0[400000+46a000]
[ 6389.546879] traps: haproxy[2766] general protection ip:4cc0da sp:7fff64bd3360 error:0 in haproxy-1.9.0[400000+46a000]
[ 6389.571351] haproxy[2763]: segfault at ffffffffffffffb8 ip ffffffffffffffb8 sp 00007fff64bd3358 error 15
[ 6390.114721] traps: haproxy[2767] general protection ip:4cc0da sp:7fff64bd3360 error:0 in haproxy-1.9.0[400000+46a000]
[ 6391.928882] haproxy[2765]: segfault at ffffffffffffffb8 ip ffffffffffffffb8 sp 00007fff64bd3358 error 15

[ 7565.677404] haproxy[8910]: segfault at 96 ip 00000000004cc0da sp 00007ffcb2fdf250 error 4 in haproxy-1.9.0[400000+46a000]
[ 7566.251417] haproxy[8909]: segfault at ffffffffffffffb8 ip ffffffffffffffb8 sp 00007ffcb2fdf248 error 15
[ 7569.549036] haproxy[8912]: segfault at 0 ip           (null) sp 00007ffcb2fdf248 error 14 in haproxy-1.9.0[400000+46a000]
[ 7570.831296] haproxy[8913]: segfault at 0 ip           (null) sp 00007ffcb2fdf248 error 14 in haproxy-1.9.0[400000+46a000]
[ 7572.139128] traps: haproxy[8911] general protection ip:4cc0da sp:7ffcb2fdf250 error:0 in haproxy-1.9.0[400000+46a000]
[ 7576.601277] traps: haproxy[8908] general protection ip:4cc0da sp:7ffcb2fdf250 error:0 in haproxy-1.9.0[400000+46a000]

haproxy -vv

HA-Proxy version 1.9.0 2018/12/19 - https://haproxy.org/
Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits
  OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_STATIC_PCRE2=1 USE_PCRE2_JIT=1 USE_TFO=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.1.1a  20 Nov 2018
Running on OpenSSL version : OpenSSL 1.1.1a  20 Nov 2018
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with PCRE2 version : 10.32 2018-09-10
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with multi-threading support.

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
              h2 : mode=HTX        side=FE|BE
              h2 : mode=HTTP       side=FE
       <default> : mode=HTX        side=FE|BE
       <default> : mode=TCP|HTTP   side=FE|BE

Available filters :
	[SPOE] spoe
	[COMP] compression
	[CACHE] cache
	[TRACE] trace

Configs related to SSL

    tune.maxaccept  -1
    tune.bufsize  32768
    tune.maxrewrite  8192
    tune.ssl.cachesize  2000000
    tune.ssl.lifetime  600
    tune.ssl.default-dh-param  1024
    tune.ssl.ssl-ctx-cache-size  4096
    ssl-default-bind-options no-sslv3
    ssl-default-server-options no-sslv3
    bind 0.0.0.0:443 ssl crt /path/to/domain.pem ciphers ECDHE+aRSA+AES256+GCM+SHA384:ECDHE+aRSA+AES128+GCM+SHA256:ECDHE+aRSA+AES256+SHA384:ECDHE+aRSA+AES128+SHA256:ECDHE+aRSA+RC4+SHA:ECDHE+aRSA+AES256+SHA:ECDHE+aRSA+AES128+SHA:AES256+GCM+SHA384:AES128+GCM+SHA256:AES128+SHA256:AES256+SHA256:DHE+aRSA+AES128+SHA:RC4+SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
    .........
    http-request del-header Proxy
    http-request set-header X-Forwarded-Proto https
    http-response set-header Strict-Transport-Security max-age=0

Posts: 1

Participants: 1

Read full topic