On Fri, 28 Dec 2018 12:51:04 -0800 syzbot <syzbot+b437b5a429d680cf2217@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> Hello,
>
> syzbot found the following crash on:
uh-oh. Josef, could you please take a look?
: page = find_get_page(mapping, offset);
: if (likely(page) && !(vmf->flags & FAULT_FLAG_TRIED)) {
: /*
: * We found the page, so try async readahead before
: * waiting for the lock.
: */
: fpin = do_async_mmap_readahead(vmf, page);
: } else if (!page) {
: /* No page in the page cache at all */
: fpin = do_sync_mmap_readahead(vmf);
: count_vm_event(PGMAJFAULT);
: count_memcg_event_mm(vmf->vma->vm_mm, PGMAJFAULT);
vmf->vma has been freed at this point.
: ret = VM_FAULT_MAJOR;
: retry_find:
: page = pagecache_get_page(mapping, offset,
: FGP_CREAT|FGP_FOR_MMAP,
: vmf->gfp_mask);
: if (!page) {
: if (fpin)
: goto out_retry;
: return vmf_error(-ENOMEM);
: }
: }
