The proper fix on the 1.8 branch for the linked issue is [1] While checking if that applies to the 1.8.8-1ubuntu0.10 in Bionic it turned out that we don't even have the code that is fixed. So I'm not entirely sure the identified Debian/Upstream bugs are really the "same thing". The offending commit of that is [2] and only in 1.8.18. Without [2] there'd be a memory leak which isn't good, but not the crash that you are seeing. The list of interesting fixes isn't too long: $ git log --oneline v1.8.8..v1.8.19 -- src/stream.c 109b76f51 BUG/MAJOR: stream: avoid double free on unique_id 56fd86588 BUG/MEDIUM: stream: Don't forget to free s->unique_id in stream_free(). ec70cf52e BUG/MINOR: stream: don't close the front connection when facing a backend error 4b57858a4 BUG/MEDIUM: cli: make "show sess" really thread-safe 784260e63 MINOR: stream/cli: report more info about the HTTP messages on "show sess all" 6d9b1b723 MINOR: stream/cli: fix the location of the waiting flag in "show sess all" 0539df4a0 BUILD: threads: fix minor build warnings when threads are disabled 4bf6d76a2 BUG/MEDIUM: stream: don't crash on out-of-memory 8342ef909 BUG/MEDIUM: session: fix reporting of handshake processing time in the logs 9e1754816 BUG/MINOR: stream: use atomic increments for the request counter Of these the only "this could be it" seems "4bf6d76a2 BUG/MEDIUM: stream: don't crash on out-of-memory" but you are saying this "occurs after a first few HTTP requests going through" which doesn't sound like usual OOM conditions. What is the indication that we look at src/stream.c? Is it just the expected fix that was linked - which I disagree? If so we need to look further. Upstream usually classifies crashes as major, the full list would be: 109b76f51 BUG/MAJOR: stream: avoid double free on unique_id 7cd8fc9eb BUG/MAJOR: spoe: Don't try to get agent config during SPOP healthcheck 4f256797f BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes a7f9b5545 BUG/MAJOR: config: verify that targets of track-sc and stick rules are present a64e5574e BUG/MAJOR: cache: fix confusion between zero and uninitialized cache key ca3a8768d BUG/MAJOR: stream-int: Update the stream expiration date in stream_int_notify() 69d4ddf91 BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer 8e5b0923a BUG/MAJOR: kqueue: Don't reset the changes number by accident. 5877e9b88 BUG/MAJOR: thread: lua: Wrong SSL context initialization. c28c2bfba BUG/MAJOR: stick_table: Complete incomplete SEGV fix de9d4c677 BUG/MAJOR: Stick-tables crash with segfault when the key is not in the stick-table 30b244818 BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot ade2721ed BUG/MAJOR: ssl: Random crash with cipherlist capture 2b5ef62fc BUG/MAJOR: map: fix a segfault when using http-request set-map 293225b75 MAJOR: spoe: upgrade the SPOP version to 2.0 and remove the support for 1.0 de3b6d5db BUG/MAJOR: lua: Dead lock with sockets e0f6d4a4e BUG/MAJOR: channel: Fix crash when trying to read from a closed socket If you look at those does any of them seem to better match your case? @Simon, if it is so reproducible for you, do you think you'd have a chance to bisect between 1.8.8 [3] and 1.8.19 [4]? [1]: https://github.com/haproxy/haproxy/commit/109b76f51c282ca51d0b6e6c0c9202e3c50ff1db [2]: https://github.com/haproxy/haproxy/commit/56fd8658 [3]: https://git.haproxy.org/?p=haproxy-1.8.git;a=tag;h=79aa5aa12e55cf0c381a74d2715eaf4a6926e499 [4]: https://git.haproxy.org/?p=haproxy-1.8.git;a=tag;h=2cdefda83d22b44a561ad5e66b5417fa10461625