diff --git a/mm/memory.c b/mm/memory.c
index 70f4b1222e5d..55ac9cdfd398 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -5266,6 +5266,15 @@ retry:
 	if (!vma_start_read(vma))
 		goto inval;
 
+	/*
+	 * Due to the possibility of userfault handler dropping mmap_lock, avoid
+	 * it for now and fall back to page fault handling under mmap_lock.
+	 */
+	if (userfaultfd_armed(vma)) {
+		vma_end_read(vma);
+		goto inval;
+	}
+
 	/* Check since vm_start/vm_end might change before we lock the VMA */
 	if (unlikely(address < vma->vm_start || address >= vma->vm_end)) {
 		vma_end_read(vma);