hmm_range_fault may return NULL pages because some of pfns are equal to HMM_PFN_NONE. This happens randomly under memory pressure. The reason is for swapped out page pte path, hmm_vma_handle_pte doesn't update fault variable from cpu_flags, so it failed to call hmm_vam_do_fault to swap the page in. The fix is to call hmm_pte_need_fault to update fault variable. Change-Id: I2e8611485563d11d938881c18b7935fa1e7c91ee Signed-off-by: Philip Yang <Philip.Yang@xxxxxxx> --- mm/hmm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mm/hmm.c b/mm/hmm.c index 9f22562e2c43..7ca4fb39d3d8 100644 --- a/mm/hmm.c +++ b/mm/hmm.c @@ -544,6 +544,9 @@ static int hmm_vma_handle_pte(struct mm_walk *walk, unsigned long addr, swp_entry_t entry = pte_to_swp_entry(pte); if (!non_swap_entry(entry)) { + cpu_flags = pte_to_hmm_pfn_flags(range, pte); + hmm_pte_need_fault(hmm_vma_walk, orig_pfn, cpu_flags, + &fault, &write_fault); if (fault || write_fault) goto fault; return 0; -- 2.17.1