[PATCH] fuse: fix panic in __readahead_batch()

[Wonhyuk Yang <vvghjk1234@xxxxxxxxx>]

According to xarray.h, xas_for_each's entry can be RETRY_ENTRY.
RETRY_ENTRY is defined as 0x402 and accessing that address
results in panic.

BUG: kernel NULL pointer dereference, address: 0000000000000402
kernel: RIP: 0010:fuse_readahead+0x152/0x470 [fuse]
CR2: 0000000000000402

Call Trace:
read_pages+0x83/0x270
page_cache_readahead_unbounded+0x197/0x230
generic_file_buffered_read+0x57a/0xa20
new_sync_read+0x112/0x1a0
vfs_read+0xf8/0x180
ksys_read+0x5f/0xe0
do_syscall_64+0x33/0x80
entry_SYSCALL_64_after_hwframe+0x44/0xa9

Signed-off-by: Wonhyuk Yang <vvghjk1234@xxxxxxxxx>
---
 include/linux/pagemap.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h
index c77b7c31b2e4..4c9f29bbdace 100644
--- a/include/linux/pagemap.h
+++ b/include/linux/pagemap.h
@@ -906,6 +906,12 @@ static inline unsigned int __readahead_batch(struct readahead_control *rac,
 	xas_set(&xas, rac->_index);
 	rcu_read_lock();
 	xas_for_each(&xas, page, rac->_index + rac->_nr_pages - 1) {
+		if (xas_retry(&xas, page))
+			continue;
+
+		if (!xa_is_value(page))
+			continue;
+
 		VM_BUG_ON_PAGE(!PageLocked(page), page);
 		VM_BUG_ON_PAGE(PageTail(page), page);
 		array[i++] = page;
-- 
2.25.1