https://github.com/torvalds/linux/commit/89a3c9f5b9f0bcaa9aea3e8b2a616fcaea9aad78
SUNRPC: Properly set the @Subbuf parameter of xdr_buf_subsegment()

When I apply that patch to 5.4.0-40-generic the original bug disappears, however I sometimes still get:

[Mo Jul 13 20:22:53 2020] BUG: unable to handle page fault for address: ffff98fd15cd0000
[Mo Jul 13 20:22:53 2020] #PF: supervisor write access in kernel mode
[Mo Jul 13 20:22:53 2020] #PF: error_code(0x0003) - permissions violation
[Mo Jul 13 20:22:53 2020] PGD 214c01067 P4D 214c01067 PUD 214c05067 PMD 455d94063 PTE 8000000455cd0061
[Mo Jul 13 20:22:53 2020] Oops: 0003 [#1] SMP PTI
[Mo Jul 13 20:22:53 2020] CPU: 0 PID: 1428 Comm: update-desktop- Tainted: G           OE     5.4.0-40-generic #44
[Mo Jul 13 20:22:53 2020] Hardware name: XXXXXXXXXXX
[Mo Jul 13 20:22:53 2020] RIP: 0010:memcpy_erms+0x6/0x10
[Mo Jul 13 20:22:53 2020] Code: ff 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 
20 72 7e 40 38 fe
[Mo Jul 13 20:22:53 2020] RSP: 0018:ffffb4f780bdb610 EFLAGS: 00010286
[Mo Jul 13 20:22:53 2020] RAX: ffff98fd15ccffc4 RBX: ffffb4f780bdba08 RCX: 0000000000000004
[Mo Jul 13 20:22:53 2020] RDX: 0000000000000040 RSI: ffff98fd132eb064 RDI: ffff98fd15cd0000
[Mo Jul 13 20:22:53 2020] RBP: ffffb4f780bdb640 R08: 0000000000000000 R09: 000000000000015b
[Mo Jul 13 20:22:53 2020] R10: ffffb4f780bdb5e0 R11: ffff98fd10f14850 R12: 0000000000000028
[Mo Jul 13 20:22:53 2020] R13: 0000000000000040 R14: ffff98fd188be280 R15: 0000000000000040
[Mo Jul 13 20:22:53 2020] FS:  00007fea854dcb80(0000) GS:ffff98fd1da00000(0000) knlGS:0000000000000000
[Mo Jul 13 20:22:53 2020] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[Mo Jul 13 20:22:53 2020] CR2: ffff98fd15cd0000 CR3: 00000004532e0003 CR4: 00000000003606f0
[Mo Jul 13 20:22:53 2020] Call Trace:
[Mo Jul 13 20:22:53 2020]  ? _copy_from_pages+0x6f/0xa0 [sunrpc]
[Mo Jul 13 20:22:53 2020]  xdr_shrink_pagelen+0x83/0xb0 [sunrpc]
[Mo Jul 13 20:22:53 2020]  xdr_align_pages+0x8e/0x1c0 [sunrpc]
[Mo Jul 13 20:22:53 2020]  xdr_read_pages+0x18/0x80 [sunrpc]
[Mo Jul 13 20:22:53 2020]  nfs4_xdr_dec_readlink+0xea/0x140 [nfsv4]
[Mo Jul 13 20:22:53 2020]  rpcauth_unwrap_resp_decode+0x27/0x30 [sunrpc]
[Mo Jul 13 20:22:53 2020]  gss_unwrap_resp+0x358/0x5a0 [auth_rpcgss]
[Mo Jul 13 20:22:53 2020]  ? call_bind_status+0x290/0x290 [sunrpc]
[Mo Jul 13 20:22:53 2020]  rpcauth_unwrap_resp+0x24/0x30 [sunrpc]
[Mo Jul 13 20:22:53 2020]  call_decode+0x158/0x1d0 [sunrpc]
[Mo Jul 13 20:22:53 2020]  __rpc_execute+0x8c/0x3a0 [sunrpc]
[Mo Jul 13 20:22:53 2020]  rpc_execute+0xa0/0xb0 [sunrpc]
[Mo Jul 13 20:22:53 2020]  rpc_run_task+0x120/0x150 [sunrpc]
[Mo Jul 13 20:22:53 2020]  nfs4_call_sync_custom+0x10/0x30 [nfsv4]
[Mo Jul 13 20:22:53 2020]  nfs4_call_sync_sequence+0x65/0x80 [nfsv4]
[Mo Jul 13 20:22:53 2020]  _nfs4_proc_readlink+0xa3/0xc0 [nfsv4]
[Mo Jul 13 20:22:53 2020]  nfs4_proc_readlink+0x6e/0x100 [nfsv4]
[Mo Jul 13 20:22:53 2020]  nfs_symlink_filler+0x33/0x70 [nfs]
[Mo Jul 13 20:22:53 2020]  do_read_cache_page+0x2f6/0x830
[Mo Jul 13 20:22:53 2020]  ? nfs_get_link+0x120/0x120 [nfs]
[Mo Jul 13 20:22:53 2020]  ? xas_load+0xd/0x80
[Mo Jul 13 20:22:53 2020]  ? find_get_entry+0x5e/0x170
[Mo Jul 13 20:22:53 2020]  ? nfs4_do_check_delegation+0x1d/0x40 [nfsv4]
[Mo Jul 13 20:22:53 2020]  ? nfs4_have_delegation+0x13/0x20 [nfsv4]
[Mo Jul 13 20:22:53 2020]  ? nfs_check_cache_invalid+0x38/0xa0 [nfs]
[Mo Jul 13 20:22:53 2020]  read_cache_page+0x12/0x20
[Mo Jul 13 20:22:53 2020]  nfs_get_link+0x47/0x120 [nfs]
[Mo Jul 13 20:22:53 2020]  trailing_symlink+0x21d/0x280
[Mo Jul 13 20:22:53 2020]  ? nfs_destroy_readpagecache+0x20/0x20 [nfs]
[Mo Jul 13 20:22:53 2020]  path_lookupat.isra.0+0x8c/0x230
[Mo Jul 13 20:22:53 2020]  ? rpc_free_task+0x64/0x70 [sunrpc]
[Mo Jul 13 20:22:53 2020]  ? rpc_do_put_task+0x6a/0x70 [sunrpc]
[Mo Jul 13 20:22:53 2020]  filename_lookup+0xae/0x170
[Mo Jul 13 20:22:53 2020]  ? strncpy_from_user+0x4c/0x150
[Mo Jul 13 20:22:53 2020]  user_path_at_empty+0x3a/0x50
[Mo Jul 13 20:22:53 2020]  vfs_statx+0x7d/0xe0
[Mo Jul 13 20:22:53 2020]  __do_sys_newstat+0x3e/0x80
[Mo Jul 13 20:22:53 2020]  ? _cond_resched+0x19/0x30
[Mo Jul 13 20:22:53 2020]  ? exit_to_usermode_loop+0xea/0x160
[Mo Jul 13 20:22:53 2020]  __x64_sys_newstat+0x16/0x20
[Mo Jul 13 20:22:53 2020]  do_syscall_64+0x57/0x190
[Mo Jul 13 20:22:53 2020]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[Mo Jul 13 20:22:53 2020] RIP: 0033:0x7fea8568449a