ModSecurity: Segfaults in kern.log

Describe the bug

ModSec has segfaults which causes CrowdSec Nginx Bouncer to stop working.

Logs and dumps

Feb  2 12:10:43 redacted kernel: [991891.066133] nginx[2386946]: segfault at 8 ip 00007f31d846001e sp 00007ffc5832da30 error 4 in libmodsecurity.so.3.0.8[7f31d8360000+114000]
Feb  2 12:10:43 redacted kernel: [991891.066146] Code: 83 c4 08 4c 89 e0 5d 41 5c c3 66 90 f3 0f 1e fa 41 57 41 56 41 55 4c 63 ee 41 54 49 89 fc 55 53 48 89 d3 48 81 ec b8 00 00 00 <4c> 8b 42 08 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 00 00 00 31
Feb  2 12:10:43 redacted kernel: [991891.109427] nginx[2422833]: segfault at 8 ip 00007f31d846001e sp 00007ffc5832da30 error 4 in libmodsecurity.so.3.0.8[7f31d8360000+114000]
Feb  2 12:10:43 redacted kernel: [991891.109441] Code: 83 c4 08 4c 89 e0 5d 41 5c c3 66 90 f3 0f 1e fa 41 57 41 56 41 55 4c 63 ee 41 54 49 89 fc 55 53 48 89 d3 48 81 ec b8 00 00 00 <4c> 8b 42 08 64 48 8b 04 25 28 00 00 00 48 89 84 24 a8 00 00 00 31

To Reproduce

Steps to reproduce the behavior:

1. Install ModSec 3.0.8 with CRS
2. Install Lua and CrowdSec Nginx Bouncer
3. wait for segfaults to show up in logs

Expected behavior

Segfaults should not be showing up in logs

Server

• ModSec v3.0.8
• Nginx 1.22.1
• Ubuntu 22.04 Proxmox LXC container
• Lua 5.1.5
• CrowdSec Nginx Bouncer

Rule Set

• CRS 3.3.4 (Sep 21, 2022)

Additional context

CrowdSec Nginx Bouncer will stop receiving decisions (IP Bans) if seg faults occur. I made a ticket on the CrowdSec Discord regarding the issue, they provided a fix for that but, if a segfault happens around the same time the bouncer is querying the CrowdSec Agent, the CrowdSec Bouncer will stop working.

Restarting Nginx temporarily fixes the issue