Ubuntu
cups package

cupsd leaves sockets in CLOSE_WAIT if client uses kerberos authentication

Bug #1585923 reported by Ian Gordon
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cups (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

In Ubuntu 16.04 using cups version 2.1.3-4 the cups daemon leaves tcp sockets in CLOSE_WAIT state if a client uses kerberos authentication with encryption (the default for authenticated connections). cupds will then also consume 100% of a CPU.

The impact of this bug is that after a few hours cupsd stops accepting new connections as it runs out of sockets. (This can be slowed down by increasing the open files limit and setting MaxClients to a much higher number)

This bug does not exist in cups 1.5.3-0ubuntu8.7 on Ubuntu 12.04.

To replicate:

Cups server requires kerberos authentication.
Cups client runs 'lpstat -h cupserver.domain -v' after obtaining valid kerberos credentials.

The cups daemon will then have a connection in CLOSE_WAIT state (according to netstat).

In cupsd debug mode the client rapidly logs thousands of:

D [24/May/2016:11:49:17 +0100] [Client 29] Read: status=100

The debug error_log for a connection is:

D [24/May/2016:11:49:17 +0100] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
D [24/May/2016:11:49:17 +0100] [Client 29] Accepted from AAA.BBB.CCC.DDD:40678 (IPv4)
D [24/May/2016:11:49:17 +0100] [Client 29] Waiting for request.
D [24/May/2016:11:49:17 +0100] [Client 29] OPTIONS * HTTP/1.1
D [24/May/2016:11:49:17 +0100] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
D [24/May/2016:11:49:17 +0100] [Client 29] Read: status=200
D [24/May/2016:11:49:17 +0100] [Client 29] No authentication data provided.
D [24/May/2016:11:49:17 +0100] [Client 29] cupsdSendHeader: code=101, type="(null)", auth_type=0
D [24/May/2016:11:49:17 +0100] [Client 29] Connection now encrypted.
D [24/May/2016:11:49:17 +0100] [Client 29] cupsdSendHeader: code=200, type="(null)", auth_type=0
D [24/May/2016:11:49:17 +0100] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
D [24/May/2016:11:49:17 +0100] [Client 29] POST / HTTP/1.1
D [24/May/2016:11:49:17 +0100] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
D [24/May/2016:11:49:17 +0100] [Client 29] Read: status=200
D [24/May/2016:11:49:17 +0100] [Client 29] No authentication data provided.
D [24/May/2016:11:49:17 +0100] cupsdIsAuthorized: username=""
D [24/May/2016:11:49:17 +0100] [Client 29] cupsdSendHeader: code=401, type="text/html", auth_type=0
D [24/May/2016:11:49:17 +0100] [Client 29] WWW-Authenticate: Negotiate
D [24/May/2016:11:49:17 +0100] [Client 29] Closing connection.
D [24/May/2016:11:49:17 +0100] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
D [24/May/2016:11:49:17 +0100] [Client 29] Waiting for socket close.
D [24/May/2016:11:49:17 +0100] [Client 29] Read: status=100

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: cups-daemon 2.1.3-4
ProcVersionSignature: Ubuntu 4.4.0-22.40-generic 4.4.8
Uname: Linux 4.4.0-22-generic x86_64
ApportVersion: 2.20.1-0ubuntu2
Architecture: amd64
CupsErrorLog:

Date: Thu May 26 08:20:33 2016
InstallationDate: Installed on 2016-04-25 (30 days ago)
InstallationMedia: Ubuntu-Server 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.3)
KernLog:

Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
Papersize: a4
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz root=/dev/mapper/cups2016--vg-root ro
SourcePackage: cups
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 01/01/2011
dmi.bios.vendor: Bochs
dmi.bios.version: Bochs
dmi.chassis.type: 1
dmi.chassis.vendor: Bochs
dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2011:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-trusty:cvnBochs:ct1:cvr:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-trusty
dmi.sys.vendor: QEMU

Revision history for this message
Ian Gordon (ian-gordon) wrote :
Revision history for this message
gf (gf-interlinks-deactivatedaccount) wrote :

Hello Ian,
Thank you for submitting this bug and reporting a problem with cups. You made this bug report some time ago and Ubuntu has been updated since then.

Could you confirm that this is no longer a problem and that we can close the ticket?
If it is still a problem, are you still interested in finding a solution to this bug?
If you are, could you let us know, and in the current version, run the following (only once):
apport-collect BUGNUMBER
and upload the updated logs and and any other logs that are relevant for this particular issue.

Thank you again for helping make Ubuntu better.
G
[Ubuntu Bug Squad volunteer triager]

Changed in cups (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for cups (Ubuntu) because there has been no activity for 60 days.]

Changed in cups (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.