--- x/mm/userfaultfd.c
+++ y/mm/userfaultfd.c
@@ -1442,9 +1442,9 @@ static int uffd_move_lock(struct mm_stru
 		 * See comment in lock_vma() as to why not using
 		 * vma_start_read() here.
 		 */
-		down_read(&(*dst_vmap)->vm_lock->lock);
+		down_read_nested(&(*dst_vmap)->vm_lock->lock, 1);
 		if (*dst_vmap != *src_vmap)
-			down_read(&(*src_vmap)->vm_lock->lock);
+			down_read_nested(&(*src_vmap)->vm_lock->lock, 2);
 	}
 	mmap_read_unlock(mm);
 	return err;