At #940 I added the latest call stack.
More info with Apache 2.4.28
**apr_pool.c**
node = active->next;
if (size <= node_free_space(node)) {
==> list_remove(node);
}
else {
**mod_security2.C**
#if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 2
if (info->file != NULL) em->file = apr_pstrdup(msr->mp, info->file);
em->line = info->line;
em->level = info->level;
em->status = info->status;
==> em->message = apr_pstrdup(msr->mp, errstr);
#else
**Call Stack**
libapr-1.dll!apr_palloc(apr_pool_t * pool, unsigned __int64 in_size) Line 849 C Symbols loaded.
[Inline Frame] libapr-1.dll!apr_pmemdup(apr_pool_t *) Line 118 C Symbols loaded.
libapr-1.dll!apr_pstrdup(apr_pool_t * a, const char * s) Line 78 C Symbols loaded.
>> mod_security2.so!hook_error_log(const ap_errorlog_info * info, const char * errstr) Line 1166 C Symbols loaded.
[Inline Frame] libhttpd.dll!ap_run_error_log(const ap_errorlog_info * errstr, const char *) Line 1949 C Symbols loaded.
libhttpd.dll!log_error_core(const char * file, int line, int module_index, int level, int status, const server_rec * s, const conn_rec * c, const request_rec * r, apr_pool_t * pool, const char * fmt, char * args) Line 1314 C Symbols loaded.
libhttpd.dll!ap_log_rerror_(const char * file, int line, int module_index, int level, int status, const request_rec * r, const char * fmt, ...) Line 1378 C Symbols loaded.
libhttpd.dll!ap_process_request(request_rec * r) Line 492 C Symbols loaded.
[Inline Frame] libhttpd.dll!ap_process_http_sync_connection(conn_rec *) Line 210 C Symbols loaded.
libhttpd.dll!ap_process_http_connection(conn_rec * c) Line 251 C Symbols loaded.
libhttpd.dll!ap_run_process_connection(conn_rec * c) Line 42 C Symbols loaded.
libhttpd.dll!ap_process_connection(conn_rec * c, void * csd) Line 228 C Symbols loaded.
libhttpd.dll!worker_main(void * thread_num_val) Line 816 C Symbols loaded.
[Frames may be missing, no binary loaded for kernel32.dll] Annotated Frame
kernel32.dll!00007ffbfe0813d2() Unknown No symbols loaded.
**Autos:**
apr_pstrdup 0x00007ffbf7f0310a {mod_security2.so!apr_pstrdup} void *
+ em 0x000000ce01b79660 {file=0x000000ce01b79680 "modules\\http\\http_request.c" line=487 level=6 ...} error_message_t *
em->level 6 int
em->line 487 int
+ em->message 0x0000000000000000 <NULL> const char *
em->status 70007 int
+ errstr 0x000000cdfb87dcba "AH01581: Timeout while writing data for URI /download/VC15/binaries/httpd-2.4.28-Win64-VC15.zip to the client" const char *
+ info 0x000000cdfb87dbd0 {s=0x000000cd8465a3b0 {process=0x000000cd83c307c0 {pool=0x000000cd83c306b8 {...} ...} ...} ...} const ap_errorlog_info *
info->level 6 const int
info->line 487 const int
info->status 70007 const int
+ msr 0x000000ce06eaa188 {mp=0x000000ce01b59638 {...} modsecurity=0x000000cd83cb3fa0 {mp=0x000000cd83c326c8 {...} ...} ...} modsec_rec *
msr->mp 0x000000ce01b59638 {...} apr_pool_t *
It happens just after this message in the apache error.log:
[Fri Oct 20 14:52:40.971748 2017] [http:info] [pid 3896:tid 2472] (70007)The timeout specified has expired: [client 110.54.171.140:49594] AH01581: Timeout while writing data for URI /download/VC15/binaries/httpd-2.4.28-Win64-VC15.zip to the client, referer: https://www.apachelounge.com/download/
[Fri Oct 20 14:52:41.172758 2017] [mpm_winnt:notice] [pid 8012:tid 424] AH00428: Parent: child process 3896 exited with status 3221225477 -- Restarting.
Looks like it happens when mod-security handles the error log message from Apache.
Also the last part of the message is in the Call Stack above: errstr 0x000000cdfb87dcba "AH01581: Timeout while writing data for URI /download/VC15/binaries....
It happens not always with above message and no rule involved.
No other crashes on this server.
Asked Apache dev for help:
Running now with the fix http://svn.apache.org/viewvc?view=revision&sortby=date&revision=1826556
Looks like this solves the issue.
Still fine, no crashes anymore.
I am oh so happy that the crashes are gone. It was holding a lot to use mod_security. I think the fix is also a benefit for other modules.
Cheers,
Steffen
www.apachelounge.com
I think you can close.
Most helpful comment
Still fine, no crashes anymore.
I am oh so happy that the crashes are gone. It was holding a lot to use mod_security. I think the fix is also a benefit for other modules.
Cheers,
Steffen
www.apachelounge.com
I think you can close.