Lots of messages "[ssl:warn] Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

OS:
Ubuntu 14.04 LTS

Kernel:
3.13.0-79-generic x86_64

Apache:
2.4.7-1ubuntu4.5

The Host has just been release-upgraded (with Ubuntu do-release-upgrade command) From Ubuntu 12.04 LTS

All Apache config files are the new ones, old configuration entries have been adopted to the new config files manually.

Issue:
Most of the 74 vHosts are working fine. But on two vHosts there is coming the following message nearly every minute:

[Tue Mar 08 16:08:18.596653 2016] [ssl:warn] [pid 8339:tid 140182179256064] (35)Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock
[Tue Mar 08 16:08:20.791623 2016] [ssl:warn] [pid 8849:tid 140182112114432] (35)Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock
[Tue Mar 08 16:08:54.230004 2016] [ssl:warn] [pid 8849:tid 140182162470656] (35)Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock
[Tue Mar 08 16:13:28.180687 2016] [ssl:warn] [pid 10595:tid 140182095329024] (35)Resource deadlock avoided: AH02026: Failed to acquire SSL session cache lock

But we are not aware of any impact of this. Server generally working fine (has some traffic- 700 established AJP proxy connections, 200 busy worker threads, 100 Requests/s, 300 KB/s).

I did not find much about that message. Only official:

AH02026: Failed to acquire SSL session cache lock"  ./modules/ssl/ssl_engine_mutex.c:92
(source: https://wiki.apache.org/httpd/ListOfErrors)

We use mpm worker:

/etc/apache2/mods-enabled/mpm_worker.conf
<IfModule mpm_worker_module>
    StartServers            2
    MinSpareThreads         25
    MaxSpareThreads         75
    ThreadLimit             64
    ThreadsPerChild         35
    MaxRequestWorkers       560
    MaxConnectionsPerChild  10000
</IfModule>


/etc/apache2/mods-enabled/ssl.conf
<IfModule mod_ssl.c>
        SSLRandomSeed startup builtin
        SSLRandomSeed startup file:/dev/urandom 512
        SSLRandomSeed connect builtin
        SSLRandomSeed connect file:/dev/urandom 512

        AddType application/x-x509-ca-cert .crt
        AddType application/x-pkcs7-crl .crl

        SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase

        SSLSessionCache         shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
        SSLSessionCacheTimeout  300

        SSLCipherSuite HIGH:MEDIUM:!ADH:!MD5:!RC4

        SSLProtocol all -SSLv3

</IfModule>

socache_shmcb.load
is loaded (via symlink /etc/apache2/mods-enabled)


/etc/apache2/apache2.conf
Mutex file:${APACHE_LOCK_DIR} default


/etc/apache2/envvars
export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX

file
/var/run/apache2/apache2.pid
exists and contains the proper PID of apache process.

But there is no "ssl_scache":

ls -al /var/run/apache2/
total 4
drwxr-xr-x  2 root     root  80 Mar  8 12:54 .
drwxr-xr-x 18 root     root 680 Mar  8 13:18 ..
-rw-r--r--  1 root     root   5 Mar  8 12:54 apache2.pid
srwx------  1 www-data root   0 Mar  8 12:54 cgisock.1425

But according to apache status page, SSL cache is working:

SSL/TLS Session Cache Status:
cache type: SHMCB, shared memory: 512000 bytes, current entries: 463
subcaches: 32, indexes per subcache: 88
time left on oldest entries' objects: avg: 26 seconds, (range: 0...71)
index usage: 16%, cache usage: 20%
total entries stored since starting: 27271
total entries replaced since starting: 0
total entries expired since starting: 22693
total (pre-expiry) entries scrolled out of the cache: 0
total retrieves since starting: 224953 hit, 14045 miss
total removes since starting: 0 hit, 0 miss


There is also nothing in /var/lock/apache2:

ls -al /var/lock/apache2/
total 0
drwxr-xr-x 2 www-data root 40 Mar  8 12:54 .
drwxrwxrwt 3 root     root 60 Mar  4 17:35 ..

I would expect that there would be files with the names of the mutex type, according to

"With the file-based mechanisms fcntl and flock, the path, if provided, is a directory where the lock file will be created [...] The basename of the file will be the mutex type"
(source: https://httpd.apache.org/docs/2.4/en/mod/core.html#mutex)

Could someone please tell if that is ok that there is neither a ssl_scache file nor mutex type named mutex files ?

What can I do to get rid of the "AH02026: Failed to acquire SSL session cache lock" messages?

What is the meaning of the message?

Thanks very much.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux