New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Haproxy crashing on OpenBSD #2558
Comments
Hey, I discussed this with a libressl developer, they said
|
alternatively, it might be easier to examine core dump on linux. I'd suggest something like that
that should install LibreSSL to ~/opt and link haproxy against it using rpath |
i can confirm, first dump took place one time. I waited few dumps at row, and mostly it return second one (/usr/src/lib/libcrypto/lhash/lhash.c:394). First dump looks like fake. If needs additional info from problem host please let me know. |
Please |
@wizard-it , can you please provide full config ? are there any activities, i.e. queries to haproxy ? I tried your config, haproxy runs without any queries, it never crashed by itself |
egdb:
|
Thanks. This points at one of these two commits, which unfortunately
can't easily be reverted at this point:
openbsd/src@91a7e77
openbsd/src@20273a9
@4a6f656c could you please take a look when you get a chance?
|
@chipitsine , Also, |
config does not have backend definitions: DEFAULT-EXCHANGE, EXCHANGE-SMTP, EXCHANGE-SMTP-RESERVE, EXCHANGE-CLIENT no need to provide certificate, I can issue my own. nevermind, "egdb" backtrace looks useful, hopefully it will help |
@chipitsine , i send full config(without changes) by mail, for some security reason. |
Also i did some experiments with cfg. I cut this options at all ssl-default-bind-options ssl-default-bind-ciphers ssl-default-server-options ssl-default-server-ciphers tune.ssl.default-dh-param , but it did not get any changes, still segfaulting. |
I understand reasons of running OpenBSD, I used it for CARP which is lovely. while the issue is being investigated by LibreSSL developers, I can suggest to try OpenBSD + OpenSSL + haproxy, which most probably will resolve your current situation. you can install OpenSSL to some special folder not mixing system ssl library. |
Roger that |
Could you perhaps try this diff? Index: lhash/lhash.c
===================================================================
RCS file: /cvs/src/lib/libcrypto/lhash/lhash.c,v
diff -u -p -r1.22 lhash.c
--- lhash/lhash.c 2 Mar 2024 11:11:11 -0000 1.22
+++ lhash/lhash.c 5 May 2024 15:10:17 -0000
@@ -294,7 +294,9 @@ doall_util_fn(_LHASH *lh, int use_arg, L
/* Restore down load factor and trigger contraction. */
lh->down_load = down_load;
- contract(lh);
+ if ((lh->num_nodes > MIN_NODES) &&
+ (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)))
+ contract(lh);
}
void |
This should be fixed with
openbsd/src@7b25026
and the fix is available in -stable via a syspatch.
There will be also be a LibreSSL release including this fix soon.
|
Ok, I'll check it on my node in a few days. |
So, i have updated system and reinstalled haproxy (+LibreSSL) on master node. There are no crashes under load in last five hours.
I think it's solved. Thanks to all for the quick response! |
On Tue, May 14, 2024 at 03:23:36AM -0700, wizard-it wrote:
Thanks to all for the quick response!
Thanks for the report, testing and confirming.
|
Detailed Description of the Problem
Have Installed haproxy on openbsd. Service is started normally but after one hour i always get segfault.
uname -a
OpenBSD 7.5 GENERIC.MP#82 amd64
I also tried to build 2.7 version, there was same problem.
Expected Behavior
_
Steps to Reproduce the Behavior
Do you have any idea what may have caused this?
I think it connected to ssl or crypto func, same version on freebsd with same config and same vm does not have this problem.
Do you have an idea how to solve the issue?
_
What is your configuration?
Output of
haproxy -vv
Last Outputs and Backtraces
Additional Information
Also server uses CARP interface , w/o firewall.
Trace for app when server without load(usually i see this segfault):
The text was updated successfully, but these errors were encountered: