Yeah, it's a memset operation that apr is doing that's failing though - a memory mapped file being created while approaching your FD limit could explain it (but it's a longshot).faris wrote:I don't think it is an FD limit issue.
Also VZ here, and have also had the same problems.
If you reduce the size of the malware blacklist and domain blacklist you'll find the problem will also go away (or at least not happen very often). [ note -- you have to copy your reduced files to /var/asl/rules/modsec or some similar place as they get copied from there into /etc/httpd/modsecurity.d every so often, overwriting any modifications you might make]
Interestingly, since ASL 3.x seems to have improved the situation in some mysterious way. I've not seen a single one since I updated (but I still reduce the malware/domain blacklists).
It appears to therefore be the amount of data in memory that triggers the "bug" - the more there is, the more likely it is to trigger.
In the past I had been looking for some way to use a dnsbl instead of those files, thus removing them from memory, but unfortunately it isn't possible since mod_sec basically has to lookup every single domain in both lists against an url in the request, and this can't be done using adnsbl.
I thought the bug had been narrowed down to APR, anyway? I can't update it on my systems (all Centos 4)
Further up this thread it was reported that there is a bug report in the apache bugtracker for this, but I can't find it anywhere. Does anyone know where this is?