nginx/1.9.9 with modsecurity/2.9.0 crashes with segfault and worker process exited on signal 11
Lukas
l at ymx.ch
Sat Jan 23 00:44:58 UTC 2016
Dear all
> Lukas <l at ymx.ch> [2016-01-10 14:39]:
>
> Fascinated by nginx, I attempted to integrate it with modsecurity.
>
> Unfortunately, ever when modsecurity is enabled, nginx reports a
> sefault in sysmessages.
>
I tried debugging the issue a bit further (from a user perspective)
with common web-page and CalDAV with the following results:
* nginx with modsecurity switched off works perfectly as a proxy nginx
* nginx with modsecurity switched on with one owasp rule-set
(modsecurity_crs_20_protocol_violations.conf) works for common
web-pages with multi-media content (quick test without any errors
reported)
* nginx with modsecurity switched on with one owasp rule-set
(modsecurity_crs_20_protocol_violations.conf) does not work for
CalDAV.
error.log: 2016/01/23 01:19:07 [emerg] 4844#0: *7 posix_memalign(16,
4096) failed (12: Cannot allocate memory) while logging request
* nginx with modsecurity switched on without any ruleset
does not work for CalDAV -- same error
* nginx with modsecurity switched off without any ruleset
does work for CalDAV perfectly.
With modsecurity switched on, an Out-of-Memory exception took place
always reporting:
[876715.533926] nginx invoked oom-killer: gfp_mask=0x280da, order=0, oom_score_adj=0
[876715.533930] nginx cpuset=/ mems_allowed=0
[876715.533936] CPU: 0 PID: 4844 Comm: nginx Not tainted 4.3.3-consecom-ag #1
[876715.533937] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS debian/1.7.5-1-0-g506b58d-dirty-20140812_231322-gandalf 04/01/2014
[876715.533939] f5a53ed0 d52542a6 f5a6b7c0 d5110792 d55a6db0 f5a6bab4 000280da 00000000
[876715.533943] 00000000 ffffffff 0d3f1361 00031d5e f4929cb8 00200282 f4929cb8 f4929cb0
[876715.533946] d50babb7 00200206 d525956e 00000002 00000002 f5020840 f5020bc4 d55a5702
[876715.533949] Call Trace:
[876715.533955] [<d52542a6>] ? dump_stack+0x3e/0x58
[876715.533959] [<d5110792>] ? dump_header.isra.8+0x65/0x1be
[876715.533963] [<d50babb7>] ? delayacct_end+0x47/0xa0
[876715.533967] [<d525956e>] ? ___ratelimit+0x7e/0xe0
[876715.533970] [<d50d0fa9>] ? oom_kill_process+0x1d9/0x380
[876715.533973] [<d51e9d3a>] ? security_capable_noaudit+0x3a/0x60
[876715.533977] [<d5047b0b>] ? has_ns_capability_noaudit+0xb/0x20
[876715.533979] [<d50d0b76>] ? oom_badness+0x96/0x100
[876715.533981] [<d50d1402>] ? out_of_memory+0x252/0x320
[876715.533984] [<d50d4f5e>] ? __alloc_pages_nodemask+0x77e/0x7a0
[876715.533989] [<d50efd24>] ? handle_mm_fault+0xd54/0xf50
[876715.533990] [<d50f2cef>] ? vma_merge+0x1bf/0x280
[876715.533992] [<d50f414a>] ? do_brk+0x1ca/0x2b0
[876715.533995] [<d5037657>] ? __do_page_fault+0x137/0x3a0
[876715.533998] [<d50379f0>] ? vmalloc_sync_all+0x130/0x130
[876715.534001] [<d54d3566>] ? error_code+0x5a/0x60
[876715.534003] [<d50379f0>] ? vmalloc_sync_all+0x130/0x130
[876715.534004] Mem-Info:
[876715.534008] active_anon:543864 inactive_anon:208884 isolated_anon:0
[876715.534008] active_file:54 inactive_file:77 isolated_file:0
[876715.534008] unevictable:0 dirty:1 writeback:0 unstable:0
[876715.534008] slab_reclaimable:326 slab_unreclaimable:997
[876715.534008] mapped:88 shmem:4 pagetables:957 bounce:0
[876715.534008] free:21502 free_pcp:289 free_cma:0
[876715.534014] DMA free:12152kB min:64kB low:80kB high:96kB active_anon:1676kB inactive_anon:1928kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB managed:15916kB mlocked:0kB dirty:0kB writeback:0kB mapped:8kB shmem:0kB slab_reclaimable:16kB slab_unreclaimable:76kB kernel_stack:8kB pagetables:20kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:120 all_unreclaimable? yes
[876715.534016] lowmem_reserve[]: 0 839 3023 3023
[876715.534021] Normal free:73380kB min:3528kB low:4408kB high:5292kB active_anon:386788kB inactive_anon:386844kB active_file:208kB inactive_file:276kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:892920kB managed:859928kB mlocked:0kB dirty:4kB writeback:0kB mapped:324kB shmem:0kB slab_reclaimable:1288kB slab_unreclaimable:3912kB kernel_stack:672kB pagetables:3808kB unstable:0kB bounce:0kB free_pcp:564kB local_pcp:564kB free_cma:0kB writeback_tmp:0kB pages_scanned:115004 all_unreclaimable? yes
[876715.534022] lowmem_reserve[]: 0 0 17471 17471
[876715.534027] HighMem free:476kB min:512kB low:2808kB high:5104kB active_anon:1786992kB inactive_anon:446764kB active_file:0kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:2236296kB managed:2236296kB mlocked:0kB dirty:0kB writeback:0kB mapped:20kB shmem:16kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB free_pcp:592kB local_pcp:592kB free_cma:0kB writeback_tmp:0kB pages_scanned:7836 all_unreclaimable? yes
[876715.534028] lowmem_reserve[]: 0 0 0 0
[876715.534030] DMA: 4*4kB (E) 7*8kB (UE) 5*16kB (UEM) 3*32kB (U) 2*64kB (EM) 2*128kB (EM) 3*256kB (UEM) 1*512kB (E) 2*1024kB (UE) 2*2048kB (UE) 1*4096kB (M) = 12152kB
[876715.534039] Normal: 149*4kB (UEM) 108*8kB (UEM) 63*16kB (UE) 32*32kB (UEM) 10*64kB (UE) 11*128kB (UEM) 5*256kB (UE) 2*512kB (EM) 2*1024kB (UM) 3*2048kB (UEM) 14*4096kB (M) = 73380kB
[876715.534047] HighMem: 1*4kB (U) 1*8kB (U) 1*16kB (M) 2*32kB (UM) 0*64kB 1*128kB (M) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 476kB
[876715.534054] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=4096kB
Thanks for any hints
Lukas
--
Lukas Ruf <http://www.lpr.ch> | Ad Personam
Consecom <http://www.consecom.com> | Ad Laborem
More information about the nginx
mailing list