Comment 3 for bug 1884149

The proper fix on the 1.8 branch for the linked issue is [1]

While checking if that applies to the 1.8.8-1ubuntu0.10 in Bionic it turned out that we don't even have the code that is fixed. So I'm not entirely sure the identified Debian/Upstream bugs are really the "same thing".

The offending commit of that is [2] and only in 1.8.18.

Without [2] there'd be a memory leak which isn't good, but not the crash that you are seeing.

The list of interesting fixes isn't too long:
$ git log --oneline v1.8.8..v1.8.19 -- src/stream.c
109b76f51 BUG/MAJOR: stream: avoid double free on unique_id
56fd86588 BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free().
ec70cf52e BUG/MINOR: stream: don't close the front connection when facing a backend error
4b57858a4 BUG/MEDIUM: cli: make "show sess" really thread-safe
784260e63 MINOR: stream/cli: report more info about the HTTP messages on "show sess all"
6d9b1b723 MINOR: stream/cli: fix the location of the waiting flag in "show sess all"
0539df4a0 BUILD: threads: fix minor build warnings when threads are disabled
4bf6d76a2 BUG/MEDIUM: stream: don't crash on out-of-memory
8342ef909 BUG/MEDIUM: session: fix reporting of handshake processing time in the logs
9e1754816 BUG/MINOR: stream: use atomic increments for the request counter

Of these the only "this could be it" seems "4bf6d76a2 BUG/MEDIUM: stream: don't crash on out-of-memory" but you are saying this "occurs after a first few HTTP requests going through" which doesn't sound like usual OOM conditions.

What is the indication that we look at src/stream.c? Is it just the expected fix that was linked - which I disagree? If so we need to look further.

Upstream usually classifies crashes as major, the full list would be:

109b76f51 BUG/MAJOR: stream: avoid double free on unique_id
7cd8fc9eb BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck
4f256797f BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes
a7f9b5545 BUG/MAJOR: config: verify that targets of track-sc and stick rules are present
a64e5574e BUG/MAJOR: cache: fix confusion between zero and uninitialized cache key
ca3a8768d BUG/MAJOR: stream-int: Update the stream expiration date in stream_int_notify()
69d4ddf91 BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer
8e5b0923a BUG/MAJOR: kqueue: Don't reset the changes number by accident.
5877e9b88 BUG/MAJOR: thread: lua: Wrong SSL context initialization.
c28c2bfba BUG/MAJOR: stick_table: Complete incomplete SEGV fix
de9d4c677 BUG/MAJOR: Stick-tables crash with segfault when the key is not in the stick-table
30b244818 BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot
ade2721ed BUG/MAJOR: ssl: Random crash with cipherlist capture
2b5ef62fc BUG/MAJOR: map: fix a segfault when using http-request set-map
293225b75 MAJOR: spoe: upgrade the SPOP version to 2.0 and remove the support for 1.0
de3b6d5db BUG/MAJOR: lua: Dead lock with sockets
e0f6d4a4e BUG/MAJOR: channel: Fix crash when trying to read from a closed socket

If you look at those does any of them seem to better match your case?

@Simon, if it is so reproducible for you, do you think you'd have a chance to bisect between 1.8.8 [3] and 1.8.19 [4]?

[1]: https://github.com/haproxy/haproxy/commit/109b76f51c282ca51d0b6e6c0c9202e3c50ff1db
[2]: https://github.com/haproxy/haproxy/commit/56fd8658
[3]: https://git.haproxy.org/?p=haproxy-1.8.git;a=tag;h=79aa5aa12e55cf0c381a74d2715eaf4a6926e499
[4]: https://git.haproxy.org/?p=haproxy-1.8.git;a=tag;h=2cdefda83d22b44a561ad5e66b5417fa10461625