Haproxy: Valgrind: Syscall param socketcall.recvfrom(buf) points to unaddressable byte(s)

Created on 5 Mar 2019  路  3Comments  路  Source: haproxy/haproxy

Output of haproxy -vv and uname -a

Linux eu-4 4.13.0-38-generic #43~16.04.1-Ubuntu SMP Wed Mar 14 17:48:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
HA-Proxy version 1.9.4-1ppa1~xenial 2019/02/07 - https://haproxy.org/
Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits
  OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE2=1 USE_PCRE2_JIT=1 USE_NS=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.0.2g  1 Mar 2016
Running on OpenSSL version : OpenSSL 1.0.2g  1 Mar 2016
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.1
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with PCRE2 version : 10.21 2016-01-12
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with multi-threading support.

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
              h2 : mode=HTX        side=FE|BE
              h2 : mode=HTTP       side=FE
       <default> : mode=HTX        side=FE|BE
       <default> : mode=TCP|HTTP   side=FE|BE

Available filters :
    [SPOE] spoe
    [COMP] compression
    [CACHE] cache
    [TRACE] trace


What's the configuration?

# This file managed by Puppet
global
  cpu-map  1/all 1-7
  daemon  
  group  haproxy
  log  /dev/log syslog notice
  maxconn  131000
  nbproc  1
  nbthread  7
  pidfile  /var/run/haproxy.pid
  stats socket /run/haproxy/haproxyadmin.sock  mode 600 level admin
  stats socket /run/haproxy/haproxystats.sock  mode 660 level operator
  tune.ssl.default-dh-param  2048
  user  haproxy

defaults
  backlog  10000
  log  global
  maxconn  131000
  mode  http
  option  dontlognull
  option  http-ignore-probes
  option  redispatch
  retries  3

frontend foo
  ssl-default-bind-ciphers  HIGH:MEDIUM:!RC4:!aNULL:!eNULL:@STRENGTH
  ssl-default-bind-options  no-sslv3 no-tls-tickets
  bind :::443 v6only ssl crt /etc/haproxy/ssl/foo.pem
  bind :::80 v6only
  bind x.x.x.x:443 ssl crt /etc/haproxy/ssl/foo.pem
  bind x.x.x.x:80
  mode http
  compression algo gzip
  compression type application/json
  default_backend foo
  option forwardfor
  timeout client 60s
  server weight 100 maxconn 10000 check inter 1000 rise 1 fall 1 agent-check agent-port 7107

backend foo
  ssl-default-bind-ciphers  HIGH:MEDIUM:!RC4:!aNULL:!eNULL:@STRENGTH
  ssl-default-bind-options  no-sslv3 no-tls-tickets
  bind :::443 v6only ssl crt /etc/haproxy/ssl/foo.pem
  bind :::80 v6only
  bind x.x.x.x:443 ssl crt /etc/haproxy/ssl/foo.pem
  bind x.x.x.x:80
  balance roundrobin
  http-reuse always
  option abortonclose
  timeout connect 2s
  timeout check 100ms
  server weight 100 maxconn 10000 check inter 1000 rise 1 fall 1 agent-check agent-port 7107

Actual behavior


Valgrind complains:
```
==24431== Thread 2:
==24431== Syscall param socketcall.recvfrom(buf) points to unaddressable byte(s)
==24431== at 0x529C87F: recv (recv.c:28)
==24431== by 0x2515B0: recv (socket2.h:44)
==24431== by 0x2515B0: conn_sock_drain (connection.c:405)
==24431== by 0x1D79B2: process_chk_conn (checks.c:2275)
==24431== by 0x1D79B2: process_chk (checks.c:2331)
==24431== by 0x267305: process_runnable_tasks (task.c:435)
==24431== by 0x1DEF1F: run_poll_loop (haproxy.c:2621)
==24431== by 0x1DEF1F: run_thread_poll_loop (haproxy.c:2686)
==24431== by 0x52936B9: start_thread (pthread_create.c:333)
==24431== by 0x631641C: clone (clone.S:109)
==24431== Address 0x0 is not stack'd, malloc'd or (recently) free'd
````

Expected behavior

Valgrind does not complain

Do you have any idea what may have caused this?

Do you have an idea how to solve the issue?

invalid bug

Most helpful comment

I'm closing the issue as there really is nothing we can do about it, except document it as a known behaviour as done here.

All 3 comments

Note: This issue was encountered while attempting to debug https://github.com/haproxy/haproxy/issues/29#issuecomment-469633558 using valgrind in IRC. I advised @mateusz-gozdek-sociomantic to report this to make sure someone takes a look.

This is a valgrind issue, it apparently doesn't know that recv/recvfrom do not use the supplied buffer and that it's better to place NULL there than anything else as this way you're certain that an implementation ignoring the flag will not silently overwrite memory.

I'm closing the issue as there really is nothing we can do about it, except document it as a known behaviour as done here.

Was this page helpful?
0 / 5 - 0 ratings