Bug#900821: linux-image-4.9.0-6-amd64: apache reads wrong data over cifs filesystems served by samba

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#900821: linux-image-4.9.0-6-amd64: apache reads wrong data over cifs filesystems served by samba
From: Santiago García Mantiñán <manty@debian.org>
Date: Tue, 05 Jun 2018 14:58:45 +0200
Message-id: <[🔎] 152820352576.13128.4747933616352360627.reportbug@duo.dinformatica.aytolacoruna.es>
Reply-to: Santiago García Mantiñán <manty@debian.org>, 900821@bugs.debian.org

Package: src:linux
Version: 4.9.88-1+deb9u1
Severity: important

Dear Maintainer,

I've found that when you mount a filesystem being served by samba on a host
running apache and serve the files on this filesystem over apache, you'll
get garbage mixed with the file content.

This means that you get the right length but the file's content gets
corrupted.

This only happens when serving the files from samba, if you serve them from
Windows the problem doesn't appear.

I have found this problem in a pure Debian stable installation (Stretch),
but I have tested this on a pure testing (Buster) installation with even
worst results, the download breaks and the kernel shows this:

[  649.547840] WARNING: CPU: 6 PID: 1573 at /build/linux-43CEzF/linux-4.16.12/lib/iov_iter.c:695 copy_page_to_iter+0x1dd/0x2f0
[  649.547844] Modules linked in: cmac arc4 md4 nls_utf8 cifs ccm dns_resolver fscache amd64_edac_mod edac_mce_amd radeon ccp rng_core joydev kvm sg evdev ttm k10temp drm_kms_helper serio_raw pcspkr shpchp drm irqbypass i2c_algo_bit hpilo hpwdt ipmi_si ipmi_devintf button ipmi_msghandler ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 crc32c_generic fscrypto ecb crypto_simd cryptd glue_helper aes_x86_64 hid_generic usbhid hid sd_mod ohci_pci qla2xxx hpsa nvme_fc scsi_transport_fc scsi_transport_sas psmouse uhci_hcd ohci_hcd ehci_pci nvme_fabrics ehci_hcd scsi_mod nvme_core usbcore bnx2 i2c_piix4 usb_common
[  649.547943] CPU: 6 PID: 1573 Comm: wget Tainted: G        W        4.16.0-2-amd64 #1 Debian 4.16.12-1
[  649.547945] Hardware name: HP ProLiant BL465c G6  , BIOS A13 12/08/2009
[  649.547953] RIP: 0010:copy_page_to_iter+0x1dd/0x2f0
[  649.547956] RSP: 0018:ffffad6602defc58 EFLAGS: 00010297
[  649.547960] RAX: 0000000000008000 RBX: ffffd65a085b1000 RCX: 0000000000000003
[  649.547963] RDX: 0000000000008075 RSI: 017fffc000008000 RDI: 00000000085b1000
[  649.547965] RBP: 000000000000148b R08: 0000000000002000 R09: ffff9ca6e457cd24
[  649.547968] R10: ffff9ca6e20df8e8 R11: 000000000000548b R12: ffffad6602defdf0
[  649.547970] R13: 0000000000006bea R14: 0000000000000040 R15: 0000000000000001
[  649.547974] FS:  00007f0978403780(0000) GS:ffff9ca6e7cc0000(0000) knlGS:0000000000000000
[  649.547977] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  649.547980] CR2: 00005592e97b3078 CR3: 0000000223f6c000 CR4: 00000000000006e0
[  649.547983] Call Trace:
[  649.548001]  skb_copy_datagram_iter+0x175/0x280
[  649.548010]  tcp_recvmsg+0x279/0xb90
[  649.548019]  ? set_fd_set+0x38/0x50
[  649.548024]  ? core_sys_select+0x2a4/0x2d0
[  649.548032]  inet_recvmsg+0x58/0xd0
[  649.548038]  sock_read_iter+0x94/0xf0
[  649.548047]  new_sync_read+0xe9/0x140
[  649.548060]  vfs_read+0x89/0x130
[  649.548066]  SyS_read+0x52/0xc0
[  649.548075]  do_syscall_64+0x6c/0x130
[  649.548082]  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[  649.548089] RIP: 0033:0x7f0976eb7061
[  649.548091] RSP: 002b:00007ffec8800db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  649.548095] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f0976eb7061
[  649.548097] RDX: 0000000000002000 RSI: 00005592e97afc70 RDI: 0000000000000003
[  649.548100] RBP: 000000000010113b R08: 00007ffec8800cd0 R09: 00007f0978403780
[  649.548102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000002000
[  649.548105] R13: 00005592e97afc70 R14: 0000000000000000 R15: 00005592e97b1c80
[  649.548108] Code: ff ff 48 89 c5 41 83 ae 28 0a 00 00 01 48 83 c4 10 48 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f b6 49 69 48 d3 e0 e9 a6 fe ff ff <0f> 0b 31 ed eb dc 85 c9 0f 84 ad 00 00 00 31 ed eb d0 4d 01 f5 
[  649.548180] ---[ end trace 5c988a789d68247f ]---

Doing several md5sums of the files directly on the cifs filesystem will
allways result in the same md5, also doing dd if=file|md5sum, however
wget http://localhost/file -O -|md5sum
will result on a different code each time.

The same tests running the same Stretch machine with Jessie's kernel will
work Ok.

Like I've said I've been able to replicate this on standard Stretch and
Buster configs. These are the steps to replicate...

install:
	apt-get install samba apache2 cifs-utils
add to smb.conf to create a ftp share and then: service smbd reload
[ftp]
   writable = no
   locking = no
   path = /srv/ftp
   public = yes
   browseable = no
generate a file to be served:
	dd if=/dev/zero of=/srv/ftp/100Mzero bs=1024k count=100
mount the share on the web directory to serve it:
	mount.cifs //localhost/ftp /var/www/html/
test the local access of the cifs:
	md5sum /srv/ftp/100Mzero 
2f282b84e7e608d5852449ed940bfc51  /srv/ftp/100Mzero
Acces the file over apache:
	wget http://localhost/100Mzero -O - 2>/dev/null|md5sum
2b0ac997ed705924db55cf5f45ad3c88  -

Like I said, changing to a Jessie's kernel this works ok, changing to a
Buster 4.16 kernel or testing on a full Buster setup gives similar problem
but http transfer is interrupted and kernel shows previous message.  Also
serving the file from Windows works ok.  So this is a problem when serving
from Samba (both Stretch or Buster versions) to a Apache ( md5sum or dd of
the file directily over cifs mount works ok).

If you need any other info to replicate don't hesitate to ask.

Thanks in advance.

Regards.

Reply to:

Prev by Date: Bug#864642: Still getting the warning
Next by Date: Processed: tagging 893845
Previous by thread: Bug#864642: Still getting the warning
Next by thread: Processed: tagging 893845
Index(es):
- Date
- Thread