Readv failed on accessing calendars

calendar

#1

Steps to reproduce
1. Access owncloud calendars via CalDav

Expected behaviour
Calendars shows

Actual behaviour
Http connection fails, nginx error logs a readv failed when request is passed to php-fpm

Server configuration
Operating system: Debian jessie
Web server: Nginx
Database: MySQL
PHP version:

PHP 5.6.30-0+deb8u1 (cli) (built: Feb  8 2017 08:50:21) 
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies

ownCloud version (see ownCloud admin page): 9.0.8.2
Updated from an older ownCloud or fresh install: Updated from Onwcloud 8.0
Special configuration (external storage, external authentication, reverse proxy, server-side-encryption): None

ownCloud log (data/owncloud.log)

{"reqId":"yjOlKc30tt97smP928OT","remoteAddr":"82.227.51.91","app":"webdav","message":"Exception: {\"Message\":\"HTTP\\\/1.1 401 No 'Authorization: Basic' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is mis-configured\",\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\NotAuthenticated\",\"Code\":0,\"Trace\":\"#0 [internal function]: Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#1 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#2 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(446): Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#3 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(248): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#4 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/server.php(152): Sabre\\\\DAV\\\\Server->exec()\\n#5 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v2\\\/remote.php(30): OCA\\\\DAV\\\\Server->exec()\\n#6 \\\/var\\\/www\\\/owncloud\\\/remote.php(138): require_once('\\\/var\\\/www\\\/ownclo...')\\n#7 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php\",\"Line\":188,\"User\":false}","level":0,"time":"2017-04-19T13:24:45+00:00","method":"PROPFIND","url":"\/remote.php\/dav\/calendars\/admin\/new-test\/","user":"--"}
{"reqId":"GyHhpjApXlUxzJ1us8bi","remoteAddr":"82.227.51.91","app":"core","message":"Login failed: 'admin' (Remote IP: '82.227.51.91')","level":2,"time":"2017-04-19T13:24:46+00:00","method":"PROPFIND","url":"\/remote.php\/dav\/calendars\/admin\/hello-world\/","user":"--"}
{"reqId":"GyHhpjApXlUxzJ1us8bi","remoteAddr":"82.227.51.91","app":"webdav","message":"Exception: {\"Message\":\"HTTP\\\/1.1 401 Username or password was incorrect, Username or password was incorrect\",\"Exception\":\"Sabre\\\\DAV\\\\Exception\\\\NotAuthenticated\",\"Code\":0,\"Trace\":\"#0 [internal function]: Sabre\\\\DAV\\\\Auth\\\\Plugin->beforeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#1 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#2 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(446): Sabre\\\\Event\\\\EventEmitter->emit('beforeMethod', Array)\\n#3 \\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(248): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#4 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/lib\\\/server.php(152): Sabre\\\\DAV\\\\Server->exec()\\n#5 \\\/var\\\/www\\\/owncloud\\\/apps\\\/dav\\\/appinfo\\\/v2\\\/remote.php(30): OCA\\\\DAV\\\\Server->exec()\\n#6 \\\/var\\\/www\\\/owncloud\\\/remote.php(138): require_once('\\\/var\\\/www\\\/ownclo...')\\n#7 {main}\",\"File\":\"\\\/var\\\/www\\\/owncloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Auth\\\/Plugin.php\",\"Line\":188,\"User\":false}","level":0,"time":"2017-04-19T13:24:46+00:00","method":"PROPFIND","url":"\/remote.php\/dav\/calendars\/admin\/hello-world\/","user":"--"}

Integrity status for oC9+

No errors have been found.

Nginx log

2017/04/19 15:24:22 [error] 27494#27494: *144013 readv() failed (104: Connection reset by peer) while reading upstream, client: 82.227.51.91, server: cloud.andromede-france.com, request: "PROPFIND /remote.php/dav/calendars/admin/test-calendar/ HTTP/2.0", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "cloud.andromede-france.com"
2017/04/19 15:24:22 [error] 27494#27494: *144013 readv() failed (104: Connection reset by peer) while reading upstream, client: 82.227.51.91, server: cloud.andromede-france.com, request: "PROPFIND /remote.php/dav/calendars/admin/new-test/ HTTP/2.0", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "cloud.andromede-france.com"
2017/04/19 15:24:32 [error] 27494#27494: *144013 readv() failed (104: Connection reset by peer) while reading upstream, client: 82.227.51.91, server: cloud.andromede-france.com, request: "PROPFIND /remote.php/dav/calendars/admin/hello-world/ HTTP/2.0", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "cloud.andromede-france.com"
2017/04/19 15:24:34 [error] 27494#27494: *144013 readv() failed (104: Connection reset by peer) while reading upstream, client: 82.227.51.91, server: cloud.andromede-france.com, request: "PROPFIND /remote.php/dav/calendars/admin/test-calendar/ HTTP/2.0", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "cloud.andromede-france.com"
2017/04/19 15:24:34 [error] 27494#27494: *144013 readv() failed (104: Connection reset by peer) while reading upstream, client: 82.227.51.91, server: cloud.andromede-france.com, request: "PROPFIND /remote.php/dav/calendars/admin/new-test/ HTTP/2.0", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "cloud.andromede-france.com"
2017/04/19 15:24:34 [error] 27494#27494: *144013 readv() failed (104: Connection reset by peer) while reading upstream, client: 82.227.51.91, server: cloud.andromede-france.com, request: "PROPFIND /remote.php/dav/calendars/admin/hello-world/ HTTP/2.0", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "cloud.andromede-france.com"
2017/04/19 15:24:45 [error] 27494#27494: *144013 readv() failed (104: Connection reset by peer) while reading upstream, client: 82.227.51.91, server: cloud.andromede-france.com, request: "PROPFIND /remote.php/dav/calendars/admin/test-calendar/ HTTP/2.0", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "cloud.andromede-france.com"
2017/04/19 15:24:45 [error] 27494#27494: *144013 readv() failed (104: Connection reset by peer) while reading upstream, client: 82.227.51.91, server: cloud.andromede-france.com, request: "PROPFIND /remote.php/dav/calendars/admin/new-test/ HTTP/2.0", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "cloud.andromede-france.com"
2017/04/19 15:24:46 [error] 27494#27494: *144013 readv() failed (104: Connection reset by peer) while reading upstream, client: 82.227.51.91, server: cloud.andromede-france.com, request: "PROPFIND /remote.php/dav/calendars/admin/hello-world/ HTTP/2.0", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "cloud.andromede-france.com"

Php-fpm log is empty, while logging is enabled and logs other php errors.

Other website on the server that uses PHP don't have any particular problems, that could be related to a bad php install.

Thunderbird give those errors when trying to access the calendars :

Timestamp: 19/04/2017, 15:39:41
Warning: There has been an error reading data for calendar: test.  However, this error is believed to be minor, so the program will attempt to continue. Error code: DAV_NOT_DAV. Description: The resource at https://cloud.andromede-france.com/remote.php/dav/calendars/admin/hello-world/ is either not a DAV collection or not available
Source File: file:///Users/nowahe/Library/Thunderbird/Profiles/v8exvezp.default/extensions/%7Be2fda1a4-762b-4020-b5ad-a41df1933103%7D/calendar-js/calCalendarManager.js
Line: 962
Timestamp: 19/04/2017, 15:39:41
Warning: There has been an error reading data for calendar: test.  However, this error is believed to be minor, so the program will attempt to continue. Error code: READ_FAILED. Description: 
Source File: file:///Users/nowahe/Library/Thunderbird/Profiles/v8exvezp.default/extensions/%7Be2fda1a4-762b-4020-b5ad-a41df1933103%7D/calendar-js/calCalendarManager.js
Line: 962
Timestamp: 19/04/2017, 15:39:41
Error: [calCachedCalendar] replay action failed: null, uri=https://cloud.andromede-france.com/remote.php/dav/calendars/admin/hello-world/, result=2147500037, op=[xpconnect wrapped calIOperation]
Source File: file:///Users/nowahe/Library/Thunderbird/Profiles/v8exvezp.default/extensions/%7Be2fda1a4-762b-4020-b5ad-a41df1933103%7D/calendar-js/calCachedCalendar.js
Line: 327

When restarting the php-fpm service some requests get through, but rapidly (5-10 minutes) fails again. Dmesg and syslog are both empty of any issue relating to php

EDIT :

Nginx config

upstream php-handler {
    #server 127.0.0.1:9000;
    server unix:/var/run/php5-fpm.sock;
}
server {
    server_name cloud.andromede-france.com;
    listen 443 ssl;
    ssl on;
    ssl_certificate     /etc/letsencrypt/live/cloud.andromede-france.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/cloud.andromede-france.com/privkey.pem;
    ssl_session_timeout 5m;
    ssl_ciphers               'AES128+EECDH:AES128+EDH:!aNULL';
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    access_log /var/log/nginx/cloud.andromede-france.access.com rt_cache;
error_log /var/log/nginx/cloud.andromede-france.error.com;

# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this
# topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

# Path to the root of your installation
root /var/www/cloud.andromede-france.com/htdocs;

location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
# last;

location = /.well-known/carddav { return 301
 $scheme://$host/remote.php/dav; }
location = /.well-known/caldav { return 301
 $scheme://$host/remote.php/dav; }

location ^~ /.well-known/acme-challenge { }

# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location / {
    rewrite ^ /index.php$uri;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
    deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
    deny all;
}

location ~
^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
    include fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    #Avoid sending the security headers twice
    fastcgi_param modHeadersAvailable true;
    fastcgi_param front_controller_active true;
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
    fastcgi_request_buffering off;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
    try_files $uri/ =404;
    index index.php;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
    try_files $uri /index.php$uri$is_args$args;
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers (It is intended to
    # have those duplicated to the ones above)
    # Before enabling Strict-Transport-Security headers please read into
    # this topic first.
    # add_header Strict-Transport-Security "max-age=15768000;
    #  includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
    # Optional: Don't log access to assets
    access_log off;
}

location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
    try_files $uri /index.php$uri$is_args$args;
    # Optional: Don't log access to other assets
    access_log off;
}
}

Php-fpm config

; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[www]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
user = www-data
group = www-data
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
;                            a specific port;
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all IPv4 addresses on a
;                            specific port;
;   '[::]:port'            - to listen on a TCP socket to all addresses
;                            (IPv6 and IPv4-mapped) on a specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php5-fpm.sock
; Set listen(2) backlog.
; Default Value: 65535 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 65535
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. 
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = www-data
listen.group = www-data
;listen.mode = 0660
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
;       - The pool processes will inherit the master process priority
;         unless it specified otherwise
; Default Value: no set
; process.priority = -19
; Choose how the process manager will control the number of child processes.
; Possible Values:
;   static  - a fixed number (pm.max_children) of child processes;
;   dynamic - the number of child processes are set dynamically based on the
;             following directives. With this process management, there will be
;             always at least 1 children.
;             pm.max_children      - the maximum number of children that can
;                                    be alive at the same time.
;             pm.start_servers     - the number of children created on startup.
;             pm.min_spare_servers - the minimum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is less than this
;                                    number then some children will be created.
;             pm.max_spare_servers - the maximum number of children in 'idle'
;                                    state (waiting to process). If the number
;                                    of 'idle' processes is greater than this
;                                    number then some children will be killed.
;  ondemand - no children are created at startup. Children will be forked when
;             new requests will connect. The following parameter are used:
;             pm.max_children           - the maximum number of children that
;                                         can be alive at the same time.
;             pm.process_idle_timeout   - The number of seconds after which
;                                         an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 20
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 2
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 1
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 3
[...]
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
chdir = /
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
catch_workers_output = yes
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
;   php_value/php_flag             - you can set classic ini defines which can
;                                    be overwritten from PHP call 'ini_set'. 
;   php_admin_value/php_admin_flag - these directives won't be overwritten by
;                                     PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
;                specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M