Hi Trond, unfortunately the same result. Here the output of gdb, if it helps. (gdb) list *0x00000000000252be 0x252be is in _shift_data_right_pages (net/sunrpc/xdr.c:344). 339 if (*pgto != *pgfrom) { 340 vfrom = kmap_atomic(*pgfrom); 341 memcpy(vto + pgto_base, vfrom + pgfrom_base, copy); 342 kunmap_atomic(vfrom); 343 } else 344 memmove(vto + pgto_base, vto + pgfrom_base, copy); 345 flush_dcache_page(*pgto); 346 kunmap_atomic(vto); 347 348 } while ((len -= copy) != 0); (gdb) Tigran. ----- Original Message ----- > From: "trondmy" <trondmy@xxxxxxxxxxxxxxx> > To: "Tigran Mkrtchyan" <tigran.mkrtchyan@xxxxxxx>, "linux-nfs" <linux-nfs@xxxxxxxxxxxxxxx> > Cc: "Frank van der Linden" <fllinden@xxxxxxxxxx> > Sent: Thursday, 3 December, 2020 16:07:53 > Subject: Re: Kernel OPS when using xattr > Hi Tigran, > > On Thu, 2020-12-03 at 09:20 +0100, Mkrtchyan, Tigran wrote: >> >> Dear NFS folk, >> >> this is I got while accessing xattrs over NFS with 5.10.0-rc6 kernel >> from Trond's testing tree (8102e956f22e710eecb3913cdd236282213812cf). >> The 5.9 kernel works as expected. >> >> Tigran. >> >> [ 2803.765467] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver >> Registering... >> [59837.811426] general protection fault, probably for non-canonical >> address 0x5088000000ffc: 0000 [#1] SMP PTI >> [59837.811433] CPU: 3 PID: 3858 Comm: attr Not tainted 5.10.0-rc6+ >> #60 >> [59837.811435] Hardware name: Dell Inc. Latitude E6520/0J4TFW, BIOS >> A06 07/11/2011 >> [59837.811442] RIP: 0010:__memmove+0xe2/0x1a0 >> [59837.811445] Code: 1f 84 00 00 00 00 00 90 48 83 fa 20 72 50 48 81 >> fa a8 02 00 00 72 05 40 38 fe 74 bc 48 01 d6 48 01 d7 48 83 ea 20 48 >> 83 ea 20 <4c> 8b 5e f8 4c 8b 56 f0 4c 8b 4e e8 4c 8b 46 e0 48 8d 76 >> e0 4c 89 >> [59837.811447] RSP: 0018:ffffc90002b4f870 EFLAGS: 00010202 >> [59837.811451] RAX: 0005088000000004 RBX: 0000000000000000 RCX: >> 000000000000fffc >> [59837.811453] RDX: 0000000000000fbc RSI: 0005088000000ffc RDI: >> 0005088000001000 >> [59837.811455] RBP: ffff88810be80000 R08: 0005088000000ffc R09: >> ffff888235aec550 >> [59837.811457] R10: 0000000000000356 R11: 000000000000016c R12: >> 0000000000000004 >> [59837.811459] R13: 000000000000fffc R14: ffff88810be80000 R15: >> ffffc90002b4fc58 >> [59837.811462] FS: 00007fd9303ff740(0000) GS:ffff888235ac0000(0000) >> knlGS:0000000000000000 >> [59837.811465] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >> [59837.811467] CR2: 00007fd9305d2000 CR3: 000000011fc10005 CR4: >> 00000000000606e0 >> [59837.811469] Call Trace: >> [59837.811505] _shift_data_right_pages+0x11e/0x150 [sunrpc] >> [59837.811531] xdr_shrink_bufhead+0x151/0x170 [sunrpc] >> [59837.811555] xdr_realign_pages+0x4c/0xa0 [sunrpc] >> [59837.811578] xdr_align_pages+0x49/0x120 [sunrpc] >> [59837.811601] xdr_read_pages+0x23/0xb0 [sunrpc] >> [59837.811626] nfs4_xdr_dec_getxattr+0xfa/0x120 [nfsv4] >> [59837.811643] call_decode+0x199/0x1f0 [sunrpc] >> [59837.811659] ? rpc_decode_header+0x4e0/0x4e0 [sunrpc] >> [59837.811678] __rpc_execute+0x71/0x420 [sunrpc] >> [59837.811700] ? xprt_iter_default_rewind+0x10/0x10 [sunrpc] >> [59837.811721] ? xprt_iter_get_next+0x4a/0x60 [sunrpc] >> [59837.811737] rpc_run_task+0x14c/0x180 [sunrpc] >> [59837.811756] nfs4_do_call_sync+0x6e/0xb0 [nfsv4] >> [59837.811785] _nfs42_proc_getxattr+0xb7/0x170 [nfsv4] >> [59837.811809] ? xprt_iter_get_next+0x4a/0x60 [sunrpc] >> [59837.811830] nfs42_proc_getxattr+0x86/0xb0 [nfsv4] >> [59837.811844] nfs4_xattr_get_nfs4_user+0xc9/0xe0 [nfsv4] >> [59837.811849] vfs_getxattr+0x161/0x1a0 >> [59837.811852] getxattr+0x14f/0x230 >> [59837.811856] ? filename_lookup+0x123/0x1b0 >> [59837.811861] ? _cond_resched+0x16/0x40 >> [59837.811864] ? kmem_cache_alloc+0x3c4/0x4b0 >> [59837.811866] ? getname_flags.part.0+0x45/0x1a0 >> [59837.811869] path_getxattr+0x62/0xb0 >> [59837.811873] do_syscall_64+0x33/0x40 >> [59837.811876] entry_SYSCALL_64_after_hwframe+0x44/0xa9 >> [59837.811879] RIP: 0033:0x7fd93050162e >> [59837.811883] Code: 48 8b 0d 4d 48 0c 00 f7 d8 64 89 01 48 83 c8 ff >> c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 c0 00 00 >> 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1a 48 0c 00 f7 d8 64 >> 89 01 48 >> [59837.811884] RSP: 002b:00007ffe178ad1c8 EFLAGS: 00000202 ORIG_RAX: >> 00000000000000c0 >> [59837.811887] RAX: ffffffffffffffda RBX: 00007ffe178ad330 RCX: >> 00007fd93050162e >> [59837.811889] RDX: 0000000000000000 RSI: 00007ffe178ad330 RDI: >> 00007ffe178bf525 >> [59837.811890] RBP: 0000000000000000 R08: 00007ffe178ad210 R09: >> 0000000000000000 >> [59837.811892] R10: 0000000000000000 R11: 0000000000000202 R12: >> 0000000000000001 >> [59837.811894] R13: 00007ffe178ad210 R14: 00007ffe178bf525 R15: >> 0000000000000000 >> [59837.811896] Modules linked in: nfs_layout_flexfiles >> rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace >> nfs_ssc fscache nf_conntrack_netbios_ns nf_conntrack_broadcast nft_ct >> nf_tables ebtable_nat ebtable_broute ip6table_nat ip6table_mangle >> ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack >> nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_raw >> iptable_security ip_set nfnetlink ebtable_filter ebtables >> ip6table_filter ip6_tables sunrpc snd_hda_codec_idt >> snd_hda_codec_generic ledtrig_audio nouveau i915 iwldvm mac80211 >> btrfs snd_hda_codec_hdmi snd_hda_intel snd_intel_ds > > Does this fix it? > > 8<--------------------------------------------- > From 013ee77c43a4dcd468becaf2f234624433cc6fb2 Mon Sep 17 00:00:00 2001 > From: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx> > Date: Thu, 3 Dec 2020 09:16:15 -0500 > Subject: [PATCH] SUNRPC: xs_alloc_sparse_pages() should set buf- >>page_len > > If the page buffer allocated in xs_alloc_sparse_pages() ends up being > shorter than the predicted buf->page_len, then we should truncate the > latter so that later calls to xdr_read_pages() doesn't get confused and > trigger an Oops. > > Reported-by: "Mkrtchyan, Tigran" <tigran.mkrtchyan@xxxxxxx> > Signed-off-by: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx> > --- > net/sunrpc/xprtsock.c | 21 ++++++++++++++------- > 1 file changed, 14 insertions(+), 7 deletions(-) > > diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c > index c93ff70da3f9..32054176786e 100644 > --- a/net/sunrpc/xprtsock.c > +++ b/net/sunrpc/xprtsock.c > @@ -327,21 +327,28 @@ static void xs_free_peer_addresses(struct > rpc_xprt *xprt) > static size_t > xs_alloc_sparse_pages(struct xdr_buf *buf, size_t want, gfp_t gfp) > { > - size_t i,n; > + size_t i,n, len; > > - if (!want || !(buf->flags & XDRBUF_SPARSE_PAGES)) > + if (!(buf->flags & XDRBUF_SPARSE_PAGES)) > return want; > n = (buf->page_base + want + PAGE_SIZE - 1) >> PAGE_SHIFT; > for (i = 0; i < n; i++) { > if (buf->pages[i]) > continue; > buf->bvec[i].bv_page = buf->pages[i] = > alloc_page(gfp); > - if (!buf->pages[i]) { > - i *= PAGE_SIZE; > - return i > buf->page_base ? i - buf->page_base > : 0; > - } > + if (!buf->pages[i]) > + break; > + } > + len = i << PAGE_SHIFT; > + if (len > buf->page_base) > + len -= buf->page_base; > + else > + len = 0; > + if (buf->page_len > len) { > + buf->buflen -= buf->page_len - len; > + buf->page_len = len; > } > - return want; > + return want <= len ? want : len; > } > > static ssize_t > -- > 2.28.0 > > > -- > Trond Myklebust > Linux NFS client maintainer, Hammerspace > trond.myklebust@xxxxxxxxxxxxxxx