From f494957980d3e570ba2f4339481c3a66182e1af3 Mon Sep 17 00:00:00 2001
From: Olivier Houchard <ohouchard@haproxy.com>
Date: Tue, 2 Jul 2019 17:42:22 +0200
Subject: [PATCH] BUG/MEDIUM: checks: Make sure the tasklet won't run if the
 connection is closed.

wake_srv_chk() can be called from conn_fd_handler(), and may decide to
destroy the conn_stream and the connection, by calling cs_close(). If that
happens, we have to make sure the tasklet isn't scheduled to run, or it will
probably crash trying to access the connection or the conn_stream.
This fixes a crash that can be seen when using tcp checks.

This should be backported to 1.9 and 2.0.
For 1.9, the call should be instead :
task_remove_from_tasklet_list((struct task *)check->wait_list.task);
That function was renamed in 2.0.
---
 src/checks.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/checks.c b/src/checks.c
index 68da2a3766..d3920ce8da 100644
--- a/src/checks.c
+++ b/src/checks.c
@@ -1453,6 +1453,11 @@ static int wake_srv_chk(struct conn_stream *cs)
 		conn_sock_drain(conn);
 		cs_close(cs);
 		ret = -1;
+		/* We may have been scheduled to run, and the
+		 * I/O handler expects to have a cs, so remove
+		 * the tasklet
+		 */
+		tasklet_remove_from_tasklet_list(check->wait_list.tasklet);
 		task_wakeup(check->task, TASK_WOKEN_IO);
 	}