Apache with loaded modsecurity has crashed on my server with the signal 11, Segmentation fault in apr_global_mutex_lock ()

[artemvarlyga]

Hello
I have faced the issue that Apache with loaded ModSecurity has crashed on a couple of servers with signal 11. running with Imunify360 commercial ruleset
ModSecurity-apache v2.9.3.
Apache/2.4.46
Server loaded: APR 1.6.5, APR-UTIL 1.6.1
Compiled using: APR 1.6.5, APR-UTIL 1.6.1
Architecture: 64-bit
Server MPM: event
Panel -DirectAdmin
Cloudlinux OS - release 7.8

Logs and dumps
I have a gdb report related to:

gdb /usr/sbin/httpd core.3900944
....
Program terminated with signal 11, Segmentation fault.
#0 0x00007f0b60c5549f in apr_global_mutex_lock ()
from /usr/lib/apache/libapr-1.so.0
.....
(gdb) bt
#0 0x00007f0b60c5549f in apr_global_mutex_lock ()
from /usr/lib/apache/libapr-1.so.0
#1 0x00007f0b5cdf05f1 in do_hash_link () from /usr/lib/apache/mod_security2.so
#2 0x00007f0b5cdf646c in sec_audit_logger_native ()
from /usr/lib/apache/mod_security2.so
#3 0x00007f0b5cde670a in is_black_attr ()
from /usr/lib/apache/mod_security2.so
#4 0x00007f0b5cde6991 in libinjection_is_xss ()
from /usr/lib/apache/mod_security2.so
#5 0x00007f0b5cde4203 in libinjection_sqli_fold ()
from /usr/lib/apache/mod_security2.so
#6 0x0000000000458d02 in ap_run_log_transaction ()
#7 0x000000000046c18f in eor_bucket_cleanup ()
#8 0x00007f0b60c596ce in run_cleanups () from /usr/lib/apache/libapr-1.so.0
#9 0x00007f0b60c58528 in apr_pool_destroy ()
from /usr/lib/apache/libapr-1.so.0
#10 0x000000000046c339 in eor_bucket_destroy ()
#11 0x000000000046e213 in remove_empty_buckets ()
#12 0x000000000046e1c0 in send_brigade_nonblocking ()
#13 0x000000000046d03e in ap_core_output_filter ()
#14 0x00007f0b5a9d2d4f in process_socket ()
from /usr/lib/apache/mod_mpm_event.so
#15 0x00007f0b5a9d5727 in worker_thread ()
from /usr/lib/apache/mod_mpm_event.so
#16 0x00007f0b60c67c20 in dummy_worker () from /usr/lib/apache/libapr-1.so.0
#17 0x00007f0b605e1ea5 in start_thread () from /lib64/libpthread.so.0
#18 0x00007f0b601068dd in clone () from /lib64/libc.so.6
(gdb)

Unfortunately, I don't have particular steps to reproduce the issue

[zimmerle]

Hi @artemvarlyga,

please double check if you have a version mismatch. That is very likely to be the kernel of the issue.

[d0q]

Hello, dear @zimmerle could you please clarify, what version mismatch need to check? It looks like I have the same issue on my server.

Thank you.