mm/numa: Remove BUG_ON() in __handle_mm_fault()

commit 107437febd495a50e2cd09c81bbaa84d30e57b07 upstream.

Changing PTEs and PMDs to pte_numa & pmd_numa is done with the
mmap_sem held for reading, which means a pmd can be instantiated
and turned into a numa one while __handle_mm_fault() is examining
the value of old_pmd.

If that happens, __handle_mm_fault() should just return and let
the page fault retry, instead of throwing an oops. This is
handled by the test for pmd_trans_huge(*pmd) below.

Signed-off-by: Rik van Riel <>
Reviewed-by: Naoya Horiguchi <>
Reported-by: Sunil Pandey <>
Signed-off-by: Peter Zijlstra <>
Cc: Andrew Morton <>
Cc: Johannes Weiner <>
Cc: Kirill A. Shutemov <>
Cc: Linus Torvalds <>
Cc: Mel Gorman <>
Signed-off-by: Ingo Molnar <>
Patrick McLean <>
Signed-off-by: Greg Kroah-Hartman <>

1 file changed