haproxy -vv and uname -aLinux eu-4 4.13.0-38-generic #43~16.04.1-Ubuntu SMP Wed Mar 14 17:48:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
HA-Proxy version 1.9.4-1ppa1~xenial 2019/02/07 - https://haproxy.org/
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits
OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE2=1 USE_PCRE2_JIT=1 USE_NS=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with OpenSSL version : OpenSSL 1.0.2g 1 Mar 2016
Running on OpenSSL version : OpenSSL 1.0.2g 1 Mar 2016
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.1
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with PCRE2 version : 10.21 2016-01-12
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
h2 : mode=HTX side=FE|BE
h2 : mode=HTTP side=FE
<default> : mode=HTX side=FE|BE
<default> : mode=TCP|HTTP side=FE|BE
Available filters :
[SPOE] spoe
[COMP] compression
[CACHE] cache
[TRACE] trace
# This file managed by Puppet
global
cpu-map 1/all 1-7
daemon
group haproxy
log /dev/log syslog notice
maxconn 131000
nbproc 1
nbthread 7
pidfile /var/run/haproxy.pid
stats socket /run/haproxy/haproxyadmin.sock mode 600 level admin
stats socket /run/haproxy/haproxystats.sock mode 660 level operator
tune.ssl.default-dh-param 2048
user haproxy
defaults
backlog 10000
log global
maxconn 131000
mode http
option dontlognull
option http-ignore-probes
option redispatch
retries 3
frontend foo
ssl-default-bind-ciphers HIGH:MEDIUM:!RC4:!aNULL:!eNULL:@STRENGTH
ssl-default-bind-options no-sslv3 no-tls-tickets
bind :::443 v6only ssl crt /etc/haproxy/ssl/foo.pem
bind :::80 v6only
bind x.x.x.x:443 ssl crt /etc/haproxy/ssl/foo.pem
bind x.x.x.x:80
mode http
compression algo gzip
compression type application/json
default_backend foo
option forwardfor
timeout client 60s
server weight 100 maxconn 10000 check inter 1000 rise 1 fall 1 agent-check agent-port 7107
backend foo
ssl-default-bind-ciphers HIGH:MEDIUM:!RC4:!aNULL:!eNULL:@STRENGTH
ssl-default-bind-options no-sslv3 no-tls-tickets
bind :::443 v6only ssl crt /etc/haproxy/ssl/foo.pem
bind :::80 v6only
bind x.x.x.x:443 ssl crt /etc/haproxy/ssl/foo.pem
bind x.x.x.x:80
balance roundrobin
http-reuse always
option abortonclose
timeout connect 2s
timeout check 100ms
server weight 100 maxconn 10000 check inter 1000 rise 1 fall 1 agent-check agent-port 7107
Valgrind complains:
```
==24431== Thread 2:
==24431== Syscall param socketcall.recvfrom(buf) points to unaddressable byte(s)
==24431== at 0x529C87F: recv (recv.c:28)
==24431== by 0x2515B0: recv (socket2.h:44)
==24431== by 0x2515B0: conn_sock_drain (connection.c:405)
==24431== by 0x1D79B2: process_chk_conn (checks.c:2275)
==24431== by 0x1D79B2: process_chk (checks.c:2331)
==24431== by 0x267305: process_runnable_tasks (task.c:435)
==24431== by 0x1DEF1F: run_poll_loop (haproxy.c:2621)
==24431== by 0x1DEF1F: run_thread_poll_loop (haproxy.c:2686)
==24431== by 0x52936B9: start_thread (pthread_create.c:333)
==24431== by 0x631641C: clone (clone.S:109)
==24431== Address 0x0 is not stack'd, malloc'd or (recently) free'd
````
Valgrind does not complain
Note: This issue was encountered while attempting to debug https://github.com/haproxy/haproxy/issues/29#issuecomment-469633558 using valgrind in IRC. I advised @mateusz-gozdek-sociomantic to report this to make sure someone takes a look.
This is a valgrind issue, it apparently doesn't know that recv/recvfrom do not use the supplied buffer and that it's better to place NULL there than anything else as this way you're certain that an implementation ignoring the flag will not silently overwrite memory.
I'm closing the issue as there really is nothing we can do about it, except document it as a known behaviour as done here.
Most helpful comment
I'm closing the issue as there really is nothing we can do about it, except document it as a known behaviour as done here.