socket:receive("*l") triggers watchdog

[TimWolla]

Output of haproxy -vv and uname -a

HA-Proxy version 2.3-dev0-950954-25 2020/07/10 - https://haproxy.org/
Status: development branch - not safe for use in production.
Known bugs: https://github.com/haproxy/haproxy/issues?q=is:issue+is:open
Running on: Linux 4.4.0-185-generic #215-Ubuntu SMP Mon Jun 8 21:53:19 UTC 2020 x86_64
Build options :
  TARGET  = linux-glibc
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -Wall -Wextra -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits
  OPTIONS = USE_LUA=1 HLUA_PREPEND_PATH=/usr/share/lua/5.2/?.lua

Feature list : +EPOLL -KQUEUE +NETFILTER -PCRE -PCRE_JIT -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED +BACKTRACE -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H +GETADDRINFO -OPENSSL +LUA +FUTEX +ACCEPT4 -ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL -SYSTEMD -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS

Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_THREADS=64, default=4).
Built with Lua version : Lua 5.3.1
Built with network namespace support.
Built without compression support (neither USE_ZLIB nor USE_SLZ are set).
Compression algorithms supported : identity("identity")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built without PCRE or PCRE2 support (using libc's regex instead)
Encrypted password support via crypt(3): yes
Built with gcc compiler version 5.4.0 20160609

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
            fcgi : mode=HTTP       side=BE        mux=FCGI
       <default> : mode=HTTP       side=FE|BE     mux=H1
              h2 : mode=HTTP       side=FE|BE     mux=H2
       <default> : mode=TCP        side=FE|BE     mux=PASS

Available services : none

Available filters :
    [SPOE] spoe
    [COMP] compression
    [TRACE] trace
    [CACHE] cache
    [FCGI] fcgi-app

What's the configuration?

    global
        lua-load ./crasher.lua

    listen fe1
        mode http
        bind *:8080

        http-request lua.crasher

core.register_action("crasher", { "http-req" }, function(txn)
    local s = socket:connect("127.0.0.1", 9000)
    s:receive("*l")
end)

Steps to reproduce the behavior

1. haproxy -d -f ./crasher.cfg
2. printf "foo" |nc -l 127.0.0.1 9000
3. curl localhost:8080

Actual behavior

[ALERT] 192/142233 (21937) : A bogus APPCTX [0xa6d130] is spinning at 612018 calls per second and refuses to die, aborting now! Please report this error to developers [strm=0xa6d3c0 src=<LUA_TCP> fe=LUA-SOCKET be=LUA-SOCKET dst=LUA-TCP-CONN rqf=848000 rqa=0 rpf=8000c020 rpa=0 sif=EST,204048 sib=EST,280058 af=0xa6d130,0 csf=(nil),0 ab=(nil),0 csb=0xa6df00,9000 cof=(nil),0:NONE((nil))/NONE((nil))/NONE(0) cob=0xa6a700,42300:PASS(0xa6df50)/RAW((nil))/tcpv4(26) filters={}]

Thread 1 "haproxy" received signal SIGABRT, Aborted.
0x00007ffff6faa438 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) t a a bt

Thread 4 (Thread 0x7fffeb3fd700 (LWP 21944)):
#0  0x00007ffff707cad3 in epoll_wait () at ../sysdeps/unix/syscall-template.S:84
#1  0x000000000041da40 in _do_poll (p=<optimized out>, exp=0, wake=0) at src/ev_epoll.c:195
#2  0x00000000005242d7 in run_poll_loop () at src/haproxy.c:3003
#3  0x00000000005246ef in run_thread_poll_loop (data=<optimized out>) at src/haproxy.c:3121
#4  0x00007ffff757d6ba in start_thread (arg=0x7fffeb3fd700) at pthread_create.c:333
#5  0x00007ffff707c4dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 3 (Thread 0x7fffebbfe700 (LWP 21943)):
#0  0x00007ffff707cad3 in epoll_wait () at ../sysdeps/unix/syscall-template.S:84
#1  0x000000000041da40 in _do_poll (p=<optimized out>, exp=0, wake=0) at src/ev_epoll.c:195
#2  0x00000000005242d7 in run_poll_loop () at src/haproxy.c:3003
#3  0x00000000005246ef in run_thread_poll_loop (data=<optimized out>) at src/haproxy.c:3121
#4  0x00007ffff757d6ba in start_thread (arg=0x7fffebbfe700) at pthread_create.c:333
#5  0x00007ffff707c4dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 2 (Thread 0x7ffff0848700 (LWP 21942)):
#0  0x00007ffff707cad3 in epoll_wait () at ../sysdeps/unix/syscall-template.S:84
#1  0x000000000041da40 in _do_poll (p=<optimized out>, exp=0, wake=0) at src/ev_epoll.c:195
#2  0x00000000005242d7 in run_poll_loop () at src/haproxy.c:3003
#3  0x00000000005246ef in run_thread_poll_loop (data=<optimized out>) at src/haproxy.c:3121
#4  0x00007ffff757d6ba in start_thread (arg=0x7ffff0848700) at pthread_create.c:333
#5  0x00007ffff707c4dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 1 (Thread 0x7ffff7fcc1c0 (LWP 21937)):
#0  0x00007ffff6faa438 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007ffff6fac03a in __GI_abort () at abort.c:89
#2  0x00000000004ab979 in stream_dump_and_crash (obj=obj@entry=0xa6d130, rate=612018) at src/stream.c:2691
#3  0x000000000056442e in task_run_applet (t=0xa6d240, context=0xa6d130, state=<optimized out>) at src/applet.c:98
#4  0x0000000000567a22 in run_tasks_from_lists (budgets=budgets@entry=0x7fffffffddb0) at src/task.c:477
#5  0x0000000000568549 in process_runnable_tasks () at src/task.c:673
#6  0x000000000052431c in run_poll_loop () at src/haproxy.c:2956
#7  0x00000000005246ef in run_thread_poll_loop (data=data@entry=0x0) at src/haproxy.c:3121
#8  0x000000000041b5ed in main (argc=<optimized out>, argv=0x7fffffffe2b8) at src/haproxy.c:3819

Expected behavior

Not crash.

Do you have any idea what may have caused this?

Socket.receive("*l") does not properly handle responses not containing a single newline.

Do you have an idea how to solve the issue?

No. But please see also:

haproxytech/haproxy-lua-http#5, https://github.com/TimWolla/haproxy-auth-request/runs/860809162?check_suite_focus=true and this regtest: https://github.com/TimWolla/haproxy-auth-request/blob/haproxy-lua-http/test/deny_garbage.vtc

[wtarreau]

Just for my understanding, what does this "*l" mean ?

[TimWolla]

See client:receive here: http://w3.impa.br/~diego/software/luasocket/tcp.html

The socket class in HAProxy is modeled after that.

[capflam]

@TimWolla, I pushed a fix for this issue. I will backport it as far as 2.0 for now.

[TimWolla]

The reg-tests in my repository confirm that the patch works: https://github.com/TimWolla/haproxy-auth-request/runs/891438916. Thanks.

[TimWolla]

I hope I don't become too annoying with asking for backports and releases, but I'd appreciate if this patch could be backported to 1.8 soonish, so that I can merge the adjustments to my reg-tests with every branch green :smiley:

No need for proper release with all the bells and whistles, just the backport is sufficient. My reg-tests run on the newest snapshot of each branch anyway.

[wtarreau]

No Tim you're not annoying, however you're predictable :-) One hour ago I told Christopher "we've finally managed to issue 5 releases, you can be sure Tim will come back for 1.8" :-) 1.8 definitely needs another release, it's been without fix for almost 4 months now. It's just that it's materially impossible to work on all of them at once and we have to start with the latest ones. The problem is, when you spend 3 days in a row doing exclusively backports and builds (it's easy to build 300 times during such a series), fixing merges and running regtests and bisects, and you're getting terribly late on everything with people complaining, older releases that miss 200 patches require even harder motivation! We know we have to work on it, it's a matter of finding even more time :-( Hopefully next week, but this one will likely take the whole week and the person doing it will probably be found hung to a ceiling if not watched regularly... Actually we're too few to work on backports and fixes and this is seriously hindering progress because only a few percent of the time is spent improving the design for future versions, so we're duplicating issues over and over, adding more needs for backports over time. But anyway rest assured it's not forgotten!

[TimWolla]

No Tim you're not annoying, however you're predictable :-) One hour ago I told Christopher "we've finally managed to issue 5 releases, you can be sure Tim will come back for 1.8" :-)

Gotcha :grin:

it's easy to build 300 times during such a series

I did not realize that. Is each commit compiled separately?

older releases that miss 200 patches require even harder motivation

Yes, I totally understand that with the additional context. I am sure that you already optimized the process for you, but maybe it might make sense to backport all patches once a week (e.g. on Wednesday after Daniel's Bot sends the status update). Then only the patches from that week need to be tested, while they are still somewhat fresh in the brain.

Hopefully next week […] But anyway rest assured it's not forgotten!

Okay, that's a sufficient answer for me. I'm looking forward to it. It allows me to merge my tests and it allows to close a number of issues in the HAProxy tracker that only have the 1.8 label.

[wtarreau]

it's easy to build 300 times during such a series

I did not realize that. Is each commit compiled separately?

It depends. Sometimes yes, sometimes no. When you get a long series of patches applying without trouble it's not worth doing this, you just build once in a while to verify. With 1.8, it's simple, among the 86 patches I tried, probably less than 15 applied well (1.8 lacks HTX, HTTP files were renamed later, then includes, it uses the old buffer and chunks API, and the CLI was somewhat different, hence nothing applies). In this case you have to figure what conflicts, how the code used to work, then iteratively try to fix by hand and build. Once it builds, you run the reg-tests to be moderately sure. Sometimes I prefer to drop some patches than take risks.

older releases that miss 200 patches require even harder motivation

Yes, I totally understand that with the additional context. I am sure that you already optimized the process for you, but maybe it might make sense to backport all patches once a week (e.g. on Wednesday after Daniel's Bot sends the status update). Then only the patches from that week need to be tested, while they are still somewhat fresh in the brain.

That's what we try to do. Except that days are only 19 hours long and that it's not enough to deal with the big stuff and the backports. Plus when you work on backports, you're totally devasted afterwards and it's impossible to work on anything else. See it like an endurance run.

Okay, that's a sufficient answer for me. I'm looking forward to it. It allows me to merge my tests and it allows to close a number of issues in the HAProxy tracker that only have the 1.8 label.

I've done what I could backport for now, some are still missing but the one you needed above is among the merged ones. It's on the bkp-1.8.26-rc1 branch in the 1.8 repo. I'd appreciate it if you could give it a try with whatever you need 1.8 for.

Thanks!

[TimWolla]

I've done what I could backport for now, some are still missing but the one you needed above is among the merged ones. It's on the bkp-1.8.26-rc1 branch in the 1.8 repo. I'd appreciate it if you could give it a try with whatever you need 1.8 for.

I don't personally need 1.8, I run my important prod on 2.1 / 2.2. Less important prod is 1.8, though, because that's what Debian ships with.

1.8 is the lowest branch haproxy-auth-request is compatible with, though. I'd like to make sure that the Lua script runs properly with 1.8+ after I took the time writing reg-tests for it. Writing the reg-tests was already worth it for me, because it found this issue :smiley:

bkp-1.8.26-rc1 is looking good for me:

Broken 1.8.25 (click to expand)

``` [timwolla@/t/haproxy-auth-request (expand-garbage)]/scratch/haproxy/haproxy -v HA-Proxy version 1.8.25 2020/04/02 Copyright 2000-2020 Willy Tarreau [timwolla@/t/haproxy-auth-request (expand-garbage)]env HAPROXY_PROGRAM=/scratch/haproxy/haproxy VTest/vtest -Dauth_request_root=(pwd) -Dhaproxy_version=1.8.25 -k -t 10 -C test/*.vtc # top TEST test/allow.vtc passed (0.119) # top TEST test/deny.vtc passed (0.124) # top TEST test/deny_close.vtc passed (0.126) **** dT 0.000 * top TEST test/deny_garbage.vtc starting **** top extmacro def pwd=/tmp/haproxy-auth-request **** top extmacro def auth_request_root=/tmp/haproxy-auth-request **** top extmacro def haproxy_version=1.8.25 **** top extmacro def localhost=127.0.0.1 **** top extmacro def bad_backend=127.0.0.1 40604 **** top extmacro def bad_ip=192.0.2.255 **** top macro def testdir=/tmp/haproxy-auth-request/test **** top macro def tmpdir=/tmp/vtc.28402.4dc62d77 ** top === varnishtest "Verify that a backend sending garbage denies ac... * top VTEST Verify that a backend sending garbage denies access. ** top === feature ignore_unknown_macro ** top === server s1 { ** s1 Starting server **** s1 macro def s1_addr=127.0.0.1 **** s1 macro def s1_port=40791 **** s1 macro def s1_sock=127.0.0.1 40791 * s1 Listen on 127.0.0.1 40791 ** top === server s_auth_backend { ** s_auth_backend Starting server **** s_auth_backend macro def s_auth_backend_addr=127.0.0.1 **** s_auth_backend macro def s_auth_backend_port=34356 ** s1 Started on 127.0.0.1 40791 (7 iterations) **** s_auth_backend macro def s_auth_backend_sock=127.0.0.1 34356 * s_auth_backend Listen on 127.0.0.1 34356 ** top === haproxy h1 -conf { **** dT 0.001 ** s_auth_backend Started on 127.0.0.1 34356 (1 iterations) **** h1 macro def h1_closed_sock=127.0.0.1 41852 **** h1 macro def h1_closed_addr=127.0.0.1 **** h1 macro def h1_closed_port=41852 **** dT 0.005 **** h1 macro def h1_cli_sock=127.0.0.1 41016 **** h1 macro def h1_cli_addr=127.0.0.1 **** h1 macro def h1_cli_port=41016 **** h1 setenv(cli, 8) **** h1 macro def h1_fe1_sock=127.0.0.1 36918 **** h1 macro def h1_fe1_addr=127.0.0.1 **** h1 macro def h1_fe1_port=36918 **** h1 setenv(fe1, 9) ** h1 haproxy_start **** h1 opt_worker 0 opt_daemon 0 opt_check_mode 0 opt_mcli 0 **** h1 argv|exec "/scratch/haproxy/haproxy" -d -f "/tmp/vtc.28402.4dc62d77/h1/cfg" **** h1 conf| global **** h1 conf|\tstats socket "/tmp/vtc.28402.4dc62d77/h1/stats.sock" level admin mode 600 **** h1 conf| stats socket "fd@${cli}" level admin **** h1 conf| **** h1 conf| global **** h1 conf| lua-load /tmp/haproxy-auth-request/auth-request.lua **** h1 conf| **** h1 conf| listen fe1 **** h1 conf| mode http **** h1 conf| bind "fd@${fe1}" **** h1 conf| **** h1 conf| http-request lua.auth-request auth_backend /allow **** h1 conf| http-request deny if ! { var(txn.auth_response_successful) -m bool } **** h1 conf| **** h1 conf| server s1 127.0.0.1:40791 **** h1 conf| **** h1 conf| backend auth_backend **** h1 conf| mode http **** h1 conf| server auth_backend 127.0.0.1:34356 **** h1 XXX 11 @727 *** h1 PID: 28447 **** h1 macro def h1_pid=28447 **** h1 macro def h1_name=/tmp/vtc.28402.4dc62d77/h1 ** top === client c1 -connect ${h1_fe1_sock} { **** dT 0.006 ** c1 Starting client ** c1 Waiting for client **** dT 0.008 ** c1 Started (7 iterations) *** c1 Connect to 127.0.0.1 36918 **** dT 0.009 *** c1 connected fd 10 from 127.0.0.1 36060 to 127.0.0.1 36918 ** c1 === txreq **** c1 txreq|GET / HTTP/1.1\r **** c1 txreq|Host: 127.0.0.1\r **** c1 txreq|\r ** c1 === rxresp **** dT 0.012 *** h1 debug|[WARNING] 212/200528 (28447) : config : missing timeouts for proxy 'fe1'. *** h1 debug| | While not properly invalid, you will certainly encounter various problems *** h1 debug| | with such a configuration. To fix this, please ensure that all following *** h1 debug| | timeouts are set to a non-zero value: 'client', 'connect', 'server'. *** h1 debug|[WARNING] 212/200528 (28447) : config : missing timeouts for backend 'auth_backend'. *** h1 debug| | While not properly invalid, you will certainly encounter various problems *** h1 debug| | with such a configuration. To fix this, please ensure that all following *** h1 debug| | timeouts are set to a non-zero value: 'client', 'connect', 'server'. *** h1 debug|Note: setting global.maxconn to 2000. *** h1 debug|Available polling systems : *** h1 debug| poll : pref=200, test result OK *** h1 debug| select : pref=150, test result FAILED *** h1 debug|Total: 2 (1 usable), will use poll. *** h1 debug| *** h1 debug|Available filters : *** h1 debug|\t[SPOE] spoe *** h1 debug|\t[COMP] compression *** h1 debug|\t[TRACE] trace *** h1 debug|00000000:fe1.accept(0009)=0007 from [127.0.0.1:36060] ALPN= **** dT 0.013 *** h1 debug|00000000:fe1.clireq[0007:ffffffff]: GET / HTTP/1.1 *** h1 debug|00000000:fe1.clihdr[0007:ffffffff]: Host: 127.0.0.1 *** s_auth_backend accepted fd 7 127.0.0.1 47286 ** s_auth_backend === rxreq **** s_auth_backend rxhdr|HEAD /allow HTTP/1.1\r **** s_auth_backend rxhdr|Connection: close, TE\r **** s_auth_backend rxhdr|User-Agent: LuaSocket 3.0-rc1\r **** s_auth_backend rxhdr|TE: trailers\r **** s_auth_backend rxhdr|Host: 127.0.0.1\r **** s_auth_backend rxhdr|\r **** s_auth_backend rxhdrlen = 109 **** s_auth_backend http[ 0] |HEAD **** s_auth_backend http[ 1] |/allow **** s_auth_backend http[ 2] |HTTP/1.1 **** s_auth_backend http[ 3] |Connection: close, TE **** s_auth_backend http[ 4] |User-Agent: LuaSocket 3.0-rc1 **** s_auth_backend http[ 5] |TE: trailers **** s_auth_backend http[ 6] |Host: 127.0.0.1 **** s_auth_backend bodylen = 0 ** s_auth_backend === send "foo" **** s_auth_backend send|foo ** s_auth_backend === accept **** s_auth_backend Accepting **** dT 0.014 *** h1 debug|[ALERT] 212/200528 (28447) : Lua function 'auth-request': runtime error: /usr/share/lua/5.3/ltn12.lua:298: assertion failed! from [C] field 'request', /tmp/haproxy-auth-request/auth-request.lua:86 C function line 44. *** h1 debug|00000000:fe1.clicls[adfd:ffffffff] *** h1 debug|00000000:fe1.closed[adfd:ffffffff] *** h1 debug|00000001:LUA-SOCKET.srvcls[ffffffff:adfd] *** h1 debug|00000001:LUA-SOCKET.clicls[ffffffff:adfd] *** h1 debug|00000001:LUA-SOCKET.closed[ffffffff:adfd] **** c1 rxhdr|HTTP/1.0 403 Forbidden\r **** c1 rxhdr|Cache-Control: no-cache\r **** c1 rxhdr|Connection: close\r **** c1 rxhdr|Content-Type: text/html\r **** c1 rxhdr|\r **** c1 rxhdrlen = 95 **** c1 http[ 0] |HTTP/1.0 **** c1 http[ 1] |403 **** c1 http[ 2] |Forbidden **** c1 http[ 3] |Cache-Control: no-cache **** c1 http[ 4] |Connection: close **** c1 http[ 5] |Content-Type: text/html **** c1 bodylen = 0 ** c1 === expect resp.status == 403 **** c1 EXPECT resp.status (403) == "403" match *** c1 closing fd 10 *** c1 Connect to 127.0.0.1 36918 **** dT 0.015 *** c1 connected fd 10 from 127.0.0.1 36064 to 127.0.0.1 36918 *** h1 debug|00000002:fe1.accept(0009)=0007 from [127.0.0.1:36064] ALPN= ** c1 === txreq **** c1 txreq|GET / HTTP/1.1\r **** c1 txreq|Host: 127.0.0.1\r **** c1 txreq|\r ** c1 === rxresp *** h1 debug|00000002:fe1.clireq[0007:ffffffff]: GET / HTTP/1.1 *** h1 debug|00000002:fe1.clihdr[0007:ffffffff]: Host: 127.0.0.1 *** s_auth_backend Accepted socket fd is 7 ** s_auth_backend === rxreq **** dT 0.016 **** s_auth_backend rxhdr|HEAD /allow HTTP/1.1\r **** s_auth_backend rxhdr|Connection: close, TE\r **** s_auth_backend rxhdr|User-Agent: LuaSocket 3.0-rc1\r **** s_auth_backend rxhdr|TE: trailers\r **** s_auth_backend rxhdr|Host: 127.0.0.1\r **** s_auth_backend rxhdr|\r **** s_auth_backend rxhdrlen = 109 **** s_auth_backend http[ 0] |HEAD **** s_auth_backend http[ 1] |/allow **** s_auth_backend http[ 2] |HTTP/1.1 **** s_auth_backend http[ 3] |Connection: close, TE **** s_auth_backend http[ 4] |User-Agent: LuaSocket 3.0-rc1 **** s_auth_backend http[ 5] |TE: trailers **** s_auth_backend http[ 6] |Host: 127.0.0.1 **** s_auth_backend bodylen = 0 ** s_auth_backend === send "foo\r\n" **** s_auth_backend send|foo\r ** s_auth_backend === accept **** s_auth_backend Accepting *** h1 debug|[ALERT] 212/200528 (28447) : Lua function 'auth-request': runtime error: /usr/share/lua/5.3/ltn12.lua:298: assertion failed! from [C] field 'request', /tmp/haproxy-auth-request/auth-request.lua:86 C function line 44. *** h1 debug|00000002:fe1.clicls[adfd:ffffffff] *** h1 debug|00000002:fe1.closed[adfd:ffffffff] *** h1 debug|00000003:LUA-SOCKET.srvcls[ffffffff:adfd] *** h1 debug|00000003:LUA-SOCKET.clicls[ffffffff:adfd] *** h1 debug|00000003:LUA-SOCKET.closed[ffffffff:adfd] **** c1 rxhdr|HTTP/1.0 403 Forbidden\r **** c1 rxhdr|Cache-Control: no-cache\r **** c1 rxhdr|Connection: close\r **** c1 rxhdr|Content-Type: text/html\r **** c1 rxhdr|\r **** c1 rxhdrlen = 95 **** c1 http[ 0] |HTTP/1.0 **** c1 http[ 1] |403 **** c1 http[ 2] |Forbidden **** c1 http[ 3] |Cache-Control: no-cache **** c1 http[ 4] |Connection: close **** c1 http[ 5] |Content-Type: text/html **** c1 bodylen = 0 ** c1 === expect resp.status == 403 **** c1 EXPECT resp.status (403) == "403" match *** c1 closing fd 10 *** c1 Connect to 127.0.0.1 36918 *** c1 connected fd 10 from 127.0.0.1 36068 to 127.0.0.1 36918 ** c1 === txreq **** c1 txreq|GET / HTTP/1.1\r **** c1 txreq|Host: 127.0.0.1\r **** c1 txreq|\r *** h1 debug|00000004:fe1.accept(0009)=0007 from [127.0.0.1:36068] ALPN= ** c1 === rxresp *** h1 debug|00000004:fe1.clireq[0007:ffffffff]: GET / HTTP/1.1 *** h1 debug|00000004:fe1.clihdr[0007:ffffffff]: Host: 127.0.0.1 **** dT 0.017 *** s_auth_backend Accepted socket fd is 7 ** s_auth_backend === rxreq **** s_auth_backend rxhdr|HEAD /allow HTTP/1.1\r **** s_auth_backend rxhdr|Connection: close, TE\r **** s_auth_backend rxhdr|User-Agent: LuaSocket 3.0-rc1\r **** s_auth_backend rxhdr|TE: trailers\r **** s_auth_backend rxhdr|Host: 127.0.0.1\r **** s_auth_backend rxhdr|\r **** s_auth_backend rxhdrlen = 109 **** s_auth_backend http[ 0] |HEAD **** s_auth_backend http[ 1] |/allow **** s_auth_backend http[ 2] |HTTP/1.1 **** s_auth_backend http[ 3] |Connection: close, TE **** s_auth_backend http[ 4] |User-Agent: LuaSocket 3.0-rc1 **** s_auth_backend http[ 5] |TE: trailers **** s_auth_backend http[ 6] |Host: 127.0.0.1 **** s_auth_backend bodylen = 0 ** s_auth_backend === send "HTTP/1.0 200 Ok" **** s_auth_backend send|HTTP/1.0 200 Ok ** s_auth_backend === accept **** s_auth_backend Accepting **** dT 5.021 ---- c1 HTTP rx timeout (fd:10 5000 ms) **** dT 5.022 * top RESETTING after test/deny_garbage.vtc ** h1 Reset and free h1 haproxy 28447 ** h1 Wait ** h1 Stop HAproxy pid=28447 **** h1 Kill(2)=0: Success **** dT 5.029 **** h1 STDOUT EOF **** dT 5.122 ** h1 WAIT4 pid=28447 status=0x0002 (user 3.348000 sys 1.672000) **** dT 5.125 ** s1 Waiting for server (4/-1) ** s_auth_backend Waiting for server (5/-1) **** dT 5.126 * top TEST test/deny_garbage.vtc FAILED # top TEST test/deny_garbage.vtc FAILED (5.127) exit=2 # top TEST test/expose_location.vtc passed (0.128) # top TEST test/expose_status_code.vtc passed (0.123) # top TEST test/no_variable_leak.vtc skipped (0.004) # top TEST test/pass_headers_to_backend.vtc passed (0.118) # top TEST test/starts.vtc passed (0.124) 1 tests failed, 1 tests skipped, 7 tests passed ```

Working 1.8.25-ac0543-58 (click to expand)

``` [timwolla@/t/haproxy-auth-request (expand-garbage) [1]]/scratch/haproxy/haproxy -v HA-Proxy version 1.8.25-ac0543-58 2020/07/31 Copyright 2000-2020 Willy Tarreau [timwolla@/t/haproxy-auth-request (expand-garbage)]env HAPROXY_PROGRAM=/scratch/haproxy/haproxy VTest/vtest -Dauth_request_root=(pwd) -Dhaproxy_version=1.8.25-ac0543-58 -k -t 10 -C test/*.vtc # top TEST test/allow.vtc passed (0.125) # top TEST test/deny.vtc passed (0.121) # top TEST test/deny_close.vtc passed (0.125) # top TEST test/deny_garbage.vtc passed (0.124) # top TEST test/expose_location.vtc passed (0.127) # top TEST test/expose_status_code.vtc passed (0.116) # top TEST test/no_variable_leak.vtc skipped (0.007) # top TEST test/pass_headers_to_backend.vtc passed (0.123) # top TEST test/starts.vtc passed (0.123) 0 tests failed, 1 tests skipped, 8 tests passed ```

[wtarreau]

OK, thank you!