"Mutex file:${APACHE_LOCK_DIR} default" should be disabled by default on Linux because it leads to errors

Bug #1565744 reported by Miranda Schumacher on 2016-04-04
This bug affects 3 people
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)

Bug Description

Ubuntu 14.04 LTS

3.13.0-79-generic x86_64


In the default Apache 2.4 config on Ubuntu 14.04 LTS is the following set in /etc/apache2/apache2.conf:

Mutex file:${APACHE_LOCK_DIR} default

(/debian/config-dir/apache2.conf in http://archive.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.4.7-1ubuntu4.5.debian.tar.gz)

which leads to the following output of "apache2ctl -t -D DUMP_RUN_CFG":

Mutex default: dir="/var/lock/apache2" mechanism=fcntl

This leads constantly to a lot of these warning/emergency messages on a server with 200 busy worker threads, 100 Requests/s, 300 KB/s:

[Tue Mar 08 16:08:18.596653 2016] [ssl:warn] [pid 8339:tid 140182179256064] (35)Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock

[Wed Mar 09 07:09:31.099331 2016] [mpm_worker:emerg] [pid 26526:tid 139668485949184] (35)Resource deadlock avoided: AH00273: apr_proc_mutex_lock failed. Attempting to shutdown process gracefully.

Solution (as suggested by Yann Ylavic from Apache):
Commenting (removing) the Mutex directive, which leads to the following output of "apache2ctl -t -D DUMP_RUN_CFG":

Mutex default: dir="/var/run/apache2/" mechanism=default

Then, there are no error messages anymore.

For the discussion, see the corresponding Apache httpd-users mailing list thread:


(thread subject 'Lots of messages "[ssl:warn] Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock"' from 2016-03-08)

Here some more information:

# apache2ctl -V
Server version: Apache/2.4.7 (Ubuntu)
Server built: Jul 24 2015 17:25:11
Server's Module Magic Number: 20120211:27
Server loaded: APR 1.5.1-dev, APR-UTIL 1.5.3
Compiled using: APR 1.5.1-dev, APR-UTIL 1.5.3
Architecture: 64-bit
Server MPM: worker
  threaded: yes (fixed thread count)
    forked: yes (variable process count)
Server compiled with....
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D HTTPD_ROOT="/etc/apache2"
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="mime.types"
 -D SERVER_CONFIG_FILE="apache2.conf"

CVE References

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apache2 (Ubuntu):
status: New → Confirmed
Launchpad Janitor (janitor) wrote :
Download full text (5.4 KiB)

This bug was fixed in the package apache2 - 2.4.23-7ubuntu1

apache2 (2.4.23-7ubuntu1) zesty; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - debian/{control, apache2.install, apache2-utils.ufw.profile,
      apache2.dirs}: Add ufw profiles.
    - debian/apache2.py, debian/apache2-bin.install: Add apport hook.
    - debian/rules: Fix cross-building by passing
      DEB_{HOST,BUILD}_GNU_TYPE to configure.
    - debian/patches/086_svn_cross_compiles: Backport several cross
      fixes from upstream
    - d/index.html, d/icons/ubuntu-logo.png, d/apache2.postrm: replace
      Debian with Ubuntu on default page.
    - Don't build experimental http2 module for LTS:
      + debian/control: removed libnghttp2-dev Build-Depends (in universe).
      + debian/config-dir/mods-available/http2.load: removed.
      + debian/rules: removed proxy_http2 from configure.
    - Correct systemd-sysv-generator behavior by customizing some
      + d/apache2-systemd.conf: add a drop-in file to specify some
        parameters for the systemd unit (type=Forking and
        RemainsAfterExit=no), this allow a correct state synchronisation
        between systemctl status and actual state of apache2 daemon.
      + d/apache2.install: place the apache2-systemd.conf file in the
        correct location.

apache2 (2.4.23-7) unstable; urgency=medium

  * Make apache2-dev depend on openssl 1.0, too. Closes: #844160
  * Move DefaultRuntimeDir and pid file for multi-instances to
    /var/run/apache2-xxx. Thanks to Horst Platz for the debugging.
    Closes: #838932 LP: #1627339
  * Fix systemd unit naming for multi-instances.
  * Tweak embedded .tar.gz some more to build reproducibly.

apache2 (2.4.23-6) unstable; urgency=medium

  * One more tweak for reproducible build. Thanks to Daniel Shahaf for the
    patch. Closes: #839977
  * Avoid building with openssl 1.1 for now. See #828236

apache2 (2.4.23-5) unstable; urgency=low

  * Team upload.

  [ Stefan Fritsch ]
  * Tweak creation of .tar.gz embedded in preinst to get reproducible

  [ Raphaël Hertzog ]
  * Add systemd unit files. Closes: #798430
  * Improve a2enmod to enable apache-htcacheclean with systemctl and let
    it enable '<email address hidden>' for multi-instance
  * Improve setup-instance to rely on the systemd <email address hidden> for
    multi-instance support.
  * Drop /lib/systemd/system/apache2.service.d/forking.conf now that we have
    proper native systemd support.
  * Modify handling of /etc/init.d/apache-htcacheclean to have a usual
    Default-Start value but instead we disable it manually in the postinst.
    That way "systemctl enable apache-htcacheclean" works.
  * Add some lintian overrides for non-problems (two update-rc.d calls in
    postinst, and a .js file with a very long line).

apache2 (2.4.23-4) unstable; urgency=medium

  * Fix pre-inst script for new installations. Closes: #834169

apache2 (2.4.23-3) unstable; urgency=low

  * Fix conffiles that may have got the wrong content during upgrade from
    wheezy to early jessie versions. Closes: #794933
  * Also restore re-introduced *.load fil...


Changed in apache2 (Ubuntu):
status: Confirmed → Fix Released
Haw Loeung (hloeung) wrote :

Can we get the following backported to Xenial (so 2.4.18-2ubuntu3.14)?

| apache2 (2.4.20-1) unstable; urgency=medium
| * On Linux, use pthread mutexes. On kfreebsd/hurd, continue using fctnl
| because they lack robust pthred mutexes. LP: #1565744, #1527044

Seeing it on a couple of Xenial hosts and the fix being to comment out the following line from /etc/apache2/apache2.conf:

| Mutex file:${APACHE_LOCK_DIR} default

Changed in apache2 (Ubuntu Xenial):
status: New → Confirmed
Changed in apache2 (Ubuntu Xenial):
status: Confirmed → Triaged
importance: Undecided → Low
tags: added: server-next
Bryce Harrington (bryce) wrote :

Haw Loeung, is there a simple way to reproduce the message?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers