https://github.com/torvalds/linux/commit/89a3c9f5b9f0bcaa9aea3e8b2a616fcaea9aad78 SUNRPC: Properly set the @Subbuf parameter of xdr_buf_subsegment()
When I apply that patch to 5.4.0-40-generic the original bug disappears, however I sometimes still get:
[Mo Jul 13 20:22:53 2020] BUG: unable to handle page fault for address: ffff98fd15cd0000 [Mo Jul 13 20:22:53 2020] #PF: supervisor write access in kernel mode [Mo Jul 13 20:22:53 2020] #PF: error_code(0x0003) - permissions violation [Mo Jul 13 20:22:53 2020] PGD 214c01067 P4D 214c01067 PUD 214c05067 PMD 455d94063 PTE 8000000455cd0061 [Mo Jul 13 20:22:53 2020] Oops: 0003 [#1] SMP PTI [Mo Jul 13 20:22:53 2020] CPU: 0 PID: 1428 Comm: update-desktop- Tainted: G OE 5.4.0-40-generic #44 [Mo Jul 13 20:22:53 2020] Hardware name: XXXXXXXXXXX [Mo Jul 13 20:22:53 2020] RIP: 0010:memcpy_erms+0x6/0x10 [Mo Jul 13 20:22:53 2020] Code: ff 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe [Mo Jul 13 20:22:53 2020] RSP: 0018:ffffb4f780bdb610 EFLAGS: 00010286 [Mo Jul 13 20:22:53 2020] RAX: ffff98fd15ccffc4 RBX: ffffb4f780bdba08 RCX: 0000000000000004 [Mo Jul 13 20:22:53 2020] RDX: 0000000000000040 RSI: ffff98fd132eb064 RDI: ffff98fd15cd0000 [Mo Jul 13 20:22:53 2020] RBP: ffffb4f780bdb640 R08: 0000000000000000 R09: 000000000000015b [Mo Jul 13 20:22:53 2020] R10: ffffb4f780bdb5e0 R11: ffff98fd10f14850 R12: 0000000000000028 [Mo Jul 13 20:22:53 2020] R13: 0000000000000040 R14: ffff98fd188be280 R15: 0000000000000040 [Mo Jul 13 20:22:53 2020] FS: 00007fea854dcb80(0000) GS:ffff98fd1da00000(0000) knlGS:0000000000000000 [Mo Jul 13 20:22:53 2020] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [Mo Jul 13 20:22:53 2020] CR2: ffff98fd15cd0000 CR3: 00000004532e0003 CR4: 00000000003606f0 [Mo Jul 13 20:22:53 2020] Call Trace: [Mo Jul 13 20:22:53 2020] ? _copy_from_pages+0x6f/0xa0 [sunrpc] [Mo Jul 13 20:22:53 2020] xdr_shrink_pagelen+0x83/0xb0 [sunrpc] [Mo Jul 13 20:22:53 2020] xdr_align_pages+0x8e/0x1c0 [sunrpc] [Mo Jul 13 20:22:53 2020] xdr_read_pages+0x18/0x80 [sunrpc] [Mo Jul 13 20:22:53 2020] nfs4_xdr_dec_readlink+0xea/0x140 [nfsv4] [Mo Jul 13 20:22:53 2020] rpcauth_unwrap_resp_decode+0x27/0x30 [sunrpc] [Mo Jul 13 20:22:53 2020] gss_unwrap_resp+0x358/0x5a0 [auth_rpcgss] [Mo Jul 13 20:22:53 2020] ? call_bind_status+0x290/0x290 [sunrpc] [Mo Jul 13 20:22:53 2020] rpcauth_unwrap_resp+0x24/0x30 [sunrpc] [Mo Jul 13 20:22:53 2020] call_decode+0x158/0x1d0 [sunrpc] [Mo Jul 13 20:22:53 2020] __rpc_execute+0x8c/0x3a0 [sunrpc] [Mo Jul 13 20:22:53 2020] rpc_execute+0xa0/0xb0 [sunrpc] [Mo Jul 13 20:22:53 2020] rpc_run_task+0x120/0x150 [sunrpc] [Mo Jul 13 20:22:53 2020] nfs4_call_sync_custom+0x10/0x30 [nfsv4] [Mo Jul 13 20:22:53 2020] nfs4_call_sync_sequence+0x65/0x80 [nfsv4] [Mo Jul 13 20:22:53 2020] _nfs4_proc_readlink+0xa3/0xc0 [nfsv4] [Mo Jul 13 20:22:53 2020] nfs4_proc_readlink+0x6e/0x100 [nfsv4] [Mo Jul 13 20:22:53 2020] nfs_symlink_filler+0x33/0x70 [nfs] [Mo Jul 13 20:22:53 2020] do_read_cache_page+0x2f6/0x830 [Mo Jul 13 20:22:53 2020] ? nfs_get_link+0x120/0x120 [nfs] [Mo Jul 13 20:22:53 2020] ? xas_load+0xd/0x80 [Mo Jul 13 20:22:53 2020] ? find_get_entry+0x5e/0x170 [Mo Jul 13 20:22:53 2020] ? nfs4_do_check_delegation+0x1d/0x40 [nfsv4] [Mo Jul 13 20:22:53 2020] ? nfs4_have_delegation+0x13/0x20 [nfsv4] [Mo Jul 13 20:22:53 2020] ? nfs_check_cache_invalid+0x38/0xa0 [nfs] [Mo Jul 13 20:22:53 2020] read_cache_page+0x12/0x20 [Mo Jul 13 20:22:53 2020] nfs_get_link+0x47/0x120 [nfs] [Mo Jul 13 20:22:53 2020] trailing_symlink+0x21d/0x280 [Mo Jul 13 20:22:53 2020] ? nfs_destroy_readpagecache+0x20/0x20 [nfs] [Mo Jul 13 20:22:53 2020] path_lookupat.isra.0+0x8c/0x230 [Mo Jul 13 20:22:53 2020] ? rpc_free_task+0x64/0x70 [sunrpc] [Mo Jul 13 20:22:53 2020] ? rpc_do_put_task+0x6a/0x70 [sunrpc] [Mo Jul 13 20:22:53 2020] filename_lookup+0xae/0x170 [Mo Jul 13 20:22:53 2020] ? strncpy_from_user+0x4c/0x150 [Mo Jul 13 20:22:53 2020] user_path_at_empty+0x3a/0x50 [Mo Jul 13 20:22:53 2020] vfs_statx+0x7d/0xe0 [Mo Jul 13 20:22:53 2020] __do_sys_newstat+0x3e/0x80 [Mo Jul 13 20:22:53 2020] ? _cond_resched+0x19/0x30 [Mo Jul 13 20:22:53 2020] ? exit_to_usermode_loop+0xea/0x160 [Mo Jul 13 20:22:53 2020] __x64_sys_newstat+0x16/0x20 [Mo Jul 13 20:22:53 2020] do_syscall_64+0x57/0x190 [Mo Jul 13 20:22:53 2020] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [Mo Jul 13 20:22:53 2020] RIP: 0033:0x7fea8568449a
https:/ /github. com/torvalds/ linux/commit/ 89a3c9f5b9f0bca a9aea3e8b2a616f caea9aad78 subsegment( )
SUNRPC: Properly set the @Subbuf parameter of xdr_buf_
When I apply that patch to 5.4.0-40-generic the original bug disappears, however I sometimes still get:
[Mo Jul 13 20:22:53 2020] BUG: unable to handle page fault for address: ffff98fd15cd0000 erms+0x6/ 0x10 bdb610 EFLAGS: 00010286 0(0000) GS:ffff98fd1da0 0000(0000) knlGS:000000000 0000000 pages+0x6f/ 0xa0 [sunrpc] pagelen+ 0x83/0xb0 [sunrpc] pages+0x8e/ 0x1c0 [sunrpc] pages+0x18/ 0x80 [sunrpc] dec_readlink+ 0xea/0x140 [nfsv4] unwrap_ resp_decode+ 0x27/0x30 [sunrpc] resp+0x358/ 0x5a0 [auth_rpcgss] status+ 0x290/0x290 [sunrpc] unwrap_ resp+0x24/ 0x30 [sunrpc] 0x158/0x1d0 [sunrpc] 0x8c/0x3a0 [sunrpc] 0xa0/0xb0 [sunrpc] task+0x120/ 0x150 [sunrpc] sync_custom+ 0x10/0x30 [nfsv4] sync_sequence+ 0x65/0x80 [nfsv4] readlink+ 0xa3/0xc0 [nfsv4] readlink+ 0x6e/0x100 [nfsv4] filler+ 0x33/0x70 [nfs] cache_page+ 0x2f6/0x830 link+0x120/ 0x120 [nfs] entry+0x5e/ 0x170 check_delegatio n+0x1d/ 0x40 [nfsv4] delegation+ 0x13/0x20 [nfsv4] cache_invalid+ 0x38/0xa0 [nfs] page+0x12/ 0x20 link+0x47/ 0x120 [nfs] symlink+ 0x21d/0x280 readpagecache+ 0x20/0x20 [nfs] isra.0+ 0x8c/0x230 task+0x64/ 0x70 [sunrpc] put_task+ 0x6a/0x70 [sunrpc] lookup+ 0xae/0x170 from_user+ 0x4c/0x150 at_empty+ 0x3a/0x50 newstat+ 0x3e/0x80 0x19/0x30 usermode_ loop+0xea/ 0x160 newstat+ 0x16/0x20 64+0x57/ 0x190 64_after_ hwframe+ 0x44/0xa9
[Mo Jul 13 20:22:53 2020] #PF: supervisor write access in kernel mode
[Mo Jul 13 20:22:53 2020] #PF: error_code(0x0003) - permissions violation
[Mo Jul 13 20:22:53 2020] PGD 214c01067 P4D 214c01067 PUD 214c05067 PMD 455d94063 PTE 8000000455cd0061
[Mo Jul 13 20:22:53 2020] Oops: 0003 [#1] SMP PTI
[Mo Jul 13 20:22:53 2020] CPU: 0 PID: 1428 Comm: update-desktop- Tainted: G OE 5.4.0-40-generic #44
[Mo Jul 13 20:22:53 2020] Hardware name: XXXXXXXXXXX
[Mo Jul 13 20:22:53 2020] RIP: 0010:memcpy_
[Mo Jul 13 20:22:53 2020] Code: ff 90 90 90 eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 <f3> a4 c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa
20 72 7e 40 38 fe
[Mo Jul 13 20:22:53 2020] RSP: 0018:ffffb4f780
[Mo Jul 13 20:22:53 2020] RAX: ffff98fd15ccffc4 RBX: ffffb4f780bdba08 RCX: 0000000000000004
[Mo Jul 13 20:22:53 2020] RDX: 0000000000000040 RSI: ffff98fd132eb064 RDI: ffff98fd15cd0000
[Mo Jul 13 20:22:53 2020] RBP: ffffb4f780bdb640 R08: 0000000000000000 R09: 000000000000015b
[Mo Jul 13 20:22:53 2020] R10: ffffb4f780bdb5e0 R11: ffff98fd10f14850 R12: 0000000000000028
[Mo Jul 13 20:22:53 2020] R13: 0000000000000040 R14: ffff98fd188be280 R15: 0000000000000040
[Mo Jul 13 20:22:53 2020] FS: 00007fea854dcb8
[Mo Jul 13 20:22:53 2020] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[Mo Jul 13 20:22:53 2020] CR2: ffff98fd15cd0000 CR3: 00000004532e0003 CR4: 00000000003606f0
[Mo Jul 13 20:22:53 2020] Call Trace:
[Mo Jul 13 20:22:53 2020] ? _copy_from_
[Mo Jul 13 20:22:53 2020] xdr_shrink_
[Mo Jul 13 20:22:53 2020] xdr_align_
[Mo Jul 13 20:22:53 2020] xdr_read_
[Mo Jul 13 20:22:53 2020] nfs4_xdr_
[Mo Jul 13 20:22:53 2020] rpcauth_
[Mo Jul 13 20:22:53 2020] gss_unwrap_
[Mo Jul 13 20:22:53 2020] ? call_bind_
[Mo Jul 13 20:22:53 2020] rpcauth_
[Mo Jul 13 20:22:53 2020] call_decode+
[Mo Jul 13 20:22:53 2020] __rpc_execute+
[Mo Jul 13 20:22:53 2020] rpc_execute+
[Mo Jul 13 20:22:53 2020] rpc_run_
[Mo Jul 13 20:22:53 2020] nfs4_call_
[Mo Jul 13 20:22:53 2020] nfs4_call_
[Mo Jul 13 20:22:53 2020] _nfs4_proc_
[Mo Jul 13 20:22:53 2020] nfs4_proc_
[Mo Jul 13 20:22:53 2020] nfs_symlink_
[Mo Jul 13 20:22:53 2020] do_read_
[Mo Jul 13 20:22:53 2020] ? nfs_get_
[Mo Jul 13 20:22:53 2020] ? xas_load+0xd/0x80
[Mo Jul 13 20:22:53 2020] ? find_get_
[Mo Jul 13 20:22:53 2020] ? nfs4_do_
[Mo Jul 13 20:22:53 2020] ? nfs4_have_
[Mo Jul 13 20:22:53 2020] ? nfs_check_
[Mo Jul 13 20:22:53 2020] read_cache_
[Mo Jul 13 20:22:53 2020] nfs_get_
[Mo Jul 13 20:22:53 2020] trailing_
[Mo Jul 13 20:22:53 2020] ? nfs_destroy_
[Mo Jul 13 20:22:53 2020] path_lookupat.
[Mo Jul 13 20:22:53 2020] ? rpc_free_
[Mo Jul 13 20:22:53 2020] ? rpc_do_
[Mo Jul 13 20:22:53 2020] filename_
[Mo Jul 13 20:22:53 2020] ? strncpy_
[Mo Jul 13 20:22:53 2020] user_path_
[Mo Jul 13 20:22:53 2020] vfs_statx+0x7d/0xe0
[Mo Jul 13 20:22:53 2020] __do_sys_
[Mo Jul 13 20:22:53 2020] ? _cond_resched+
[Mo Jul 13 20:22:53 2020] ? exit_to_
[Mo Jul 13 20:22:53 2020] __x64_sys_
[Mo Jul 13 20:22:53 2020] do_syscall_
[Mo Jul 13 20:22:53 2020] entry_SYSCALL_
[Mo Jul 13 20:22:53 2020] RIP: 0033:0x7fea8568449a