Nginx 1.8.0 + ModSecurity 2.9.0 + mod_pagespeed 1.9.32.6-stable crash

[thienphung]

Sometime I am sending a request , I'm seeing that nginx crashes with Segmentation Violation with the following backtrace:

(gdb) bt

0 net_instaweb::(anonymous namespace)::ps_send_to_pagespeed (r=, ctx=0x63ee1c0, cfg_s=0x2c66338,

in=) at ./3rd/modules/ngx_pagespeed/src/ngx_pagespeed.cc:2097

1 0x00000000004d3a31 in net_instaweb::(anonymous namespace)::html_rewrite::ps_html_rewrite_body_filter (r=,

in=0x64f1390) at ./3rd/modules/ngx_pagespeed/src/ngx_pagespeed.cc:2346

2 0x0000000000519e86 in ngx_http_modsecurity_body_filter (r=0x63a7468, in=)

at ./3rd/modules/modsecurity/nginx/modsecurity/ngx_http_modsecurity.c:1209

3 0x0000000000505553 in ngx_http_lua_capture_body_filter (r=0x639c550, in=0x7ffce84a0c60)

at ./3rd/modules/lua-nginx/src/ngx_http_lua_capturefilter.c:132

4 0x00000000004638dc in ngx_output_chain (ctx=0x64f0f40, in=0x7ffce84a0c60) at src/core/ngx_output_chain.c:74

5 0x000000000049a7b2 in ngx_http_copy_filter (r=0x639c550, in=0x7ffce84a0c60) at src/http/ngx_http_copy_filter_module.c:152

6 0x00000000004adaec in ngx_http_range_body_filter (r=0x639c550, in=0x7ffce84a0c60) at src/http/modules/ngx_http_range_filter_module.c:605

7 0x000000000048e649 in ngx_http_output_filter (r=0x639c550, in=0x7ffce84a0c60) at src/http/ngx_http_core_module.c:1991

8 0x00000000004b17d2 in ngx_http_cache_send (r=0x639c550) at src/http/ngx_http_file_cache.c:1576

9 0x00000000004a59c3 in ngx_http_upstream_cache_send (r=0x639c550, u=0x63a7770) at src/http/ngx_http_upstream.c:974

10 0x00000000004a9d78 in ngx_http_upstream_cache (r=0x639c550) at src/http/ngx_http_upstream.c:836

11 ngx_http_upstream_init_request (r=0x639c550) at src/http/ngx_http_upstream.c:524

12 0x00000000004b3383 in ngx_http_cache_aio_event_handler (ev=) at src/http/ngx_http_file_cache.c:715

13 0x0000000000480930 in ngx_file_aio_event_handler (ev=0x64f0988) at src/os/unix/ngx_linux_aio_read.c:147

14 0x00000000004776eb in ngx_event_process_posted (cycle=0x2c25f50, posted=0x169b570) at src/event/ngx_event_posted.c:33

15 0x000000000047746a in ngx_process_events_and_timers (cycle=0x2c25f50) at src/event/ngx_event.c:265

16 0x000000000047df8b in ngx_worker_process_cycle (cycle=0x2c25f50, data=) at src/os/unix/ngx_process_cycle.c:767

17 0x000000000047c71c in ngx_spawn_process (cycle=0x2c25f50, proc=0x47de90 <ngx_worker_process_cycle>, data=0x1,

name=0xe8bde2 "worker process", respawn=-3) at src/os/unix/ngx_process.c:198

18 0x000000000047d356 in ngx_start_worker_processes (cycle=0x2c25f50, n=4, type=-3) at src/os/unix/ngx_process_cycle.c:357

19 0x000000000047e61c in ngx_master_process_cycle (cycle=0x2c25f50) at src/os/unix/ngx_process_cycle.c:129

20 0x000000000046067e in main (argc=, argv=) at src/core/nginx.c:419

nginx.conf

ModSecurityEnabled on;
...
SecRuleEngine on
...
pagespeed on;

Many thanks for help or tips

[cristim]

Is anyone working on this issue?

I also see lots of nginx worker crashes when enabling mod_security.

[zimmerle]

Hi @cristim,

We are working on a new version of ModSecurity for nginx, it is available here:
https://github.com/SpiderLabs/ModSecurity-nginx

It depends on libModSecurity, which is under development here:
https://github.com/SpiderLabs/ModSecurity/tree/libmodsecurity

[zimmerle]

No longer a concern in libModSecurity. Marking it as won't fix for 2.x. Further information about libModSecurity available here:
https://github.com/SpiderLabs/ModSecurity/tree/v3/master