Public bug reported:
In Ubuntu 16.04 using cups version 2.1.3-4 the cups daemon leaves tcp sockets
in CLOSE_WAIT state if a client uses kerberos authentication with encryption
(the default for authenticated connections). cupds will then also consume 100%
of a CPU.
The impact of this bug is that after a few hours cupsd stops accepting
new connections as it runs out of sockets. (This can be slowed down by
increasing the open files limit and setting MaxClients to a much higher
number)
This bug does not exist in cups 1.5.3-0ubuntu8.7 on Ubuntu 12.04.
To replicate:
Cups server requires kerberos authentication.
Cups client runs 'lpstat -h cupserver.domain -v' after obtaining valid kerberos
credentials.
The cups daemon will then have a connection in CLOSE_WAIT state
(according to netstat).
In cupsd debug mode the client rapidly logs thousands of:
D [24/May/2016:11:49:17 +0100] [Client 29] Read: status=100
The debug error_log for a connection is:
D [24/May/2016:11:49:17 +0100] cupsdSetBusyState: newbusy="Not busy", busy="Not
busy"
D [24/May/2016:11:49:17 +0100] [Client 29] Accepted from AAA.BBB.CCC.DDD:40678
(IPv4)
D [24/May/2016:11:49:17 +0100] [Client 29] Waiting for request.
D [24/May/2016:11:49:17 +0100] [Client 29] OPTIONS * HTTP/1.1
D [24/May/2016:11:49:17 +0100] cupsdSetBusyState: newbusy="Active clients",
busy="Not busy"
D [24/May/2016:11:49:17 +0100] [Client 29] Read: status=200
D [24/May/2016:11:49:17 +0100] [Client 29] No authentication data provided.
D [24/May/2016:11:49:17 +0100] [Client 29] cupsdSendHeader: code=101,
type="(null)", auth_type=0
D [24/May/2016:11:49:17 +0100] [Client 29] Connection now encrypted.
D [24/May/2016:11:49:17 +0100] [Client 29] cupsdSendHeader: code=200,
type="(null)", auth_type=0
D [24/May/2016:11:49:17 +0100] cupsdSetBusyState: newbusy="Not busy",
busy="Active clients"
D [24/May/2016:11:49:17 +0100] [Client 29] POST / HTTP/1.1
D [24/May/2016:11:49:17 +0100] cupsdSetBusyState: newbusy="Active clients",
busy="Not busy"
D [24/May/2016:11:49:17 +0100] [Client 29] Read: status=200
D [24/May/2016:11:49:17 +0100] [Client 29] No authentication data provided.
D [24/May/2016:11:49:17 +0100] cupsdIsAuthorized: username=""
D [24/May/2016:11:49:17 +0100] [Client 29] cupsdSendHeader: code=401,
type="text/html", auth_type=0
D [24/May/2016:11:49:17 +0100] [Client 29] WWW-Authenticate: Negotiate
D [24/May/2016:11:49:17 +0100] [Client 29] Closing connection.
D [24/May/2016:11:49:17 +0100] cupsdSetBusyState: newbusy="Not busy",
busy="Active clients"
D [24/May/2016:11:49:17 +0100] [Client 29] Waiting for socket close.
D [24/May/2016:11:49:17 +0100] [Client 29] Read: status=100
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: cups-daemon 2.1.3-4
ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8
Uname: Linux 4.4.0-22-generic x86_64
ApportVersion: 2.20.1-0ubuntu2
Architecture: amd64
CupsErrorLog:
Date: Thu May 26 08:20:33 2016
InstallationDate: Installed on 2016-04-25 (30 days ago)
InstallationMedia: Ubuntu-Server 16.04 LTS "Xenial Xerus" - Release amd64
(20160420.3)
KernLog:
Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
Papersize: a4
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz root=/dev/mapper/cups2016--vg-root ro
SourcePackage: cups
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 01/01/2011
dmi.bios.vendor: Bochs
dmi.bios.version: Bochs
dmi.chassis.type: 1
dmi.chassis.vendor: Bochs
dmi.modalias:
dmi:bvnBochs:bvrBochs:bd01/01/2011:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-trusty:cvnBochs:ct1:cvr:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-trusty
dmi.sys.vendor: QEMU
** Affects: cups (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1585923
Title:
cupsd leaves sockets in CLOSE_WAIT if client uses kerberos
authentication
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1585923/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
