--- x/mm/userfaultfd.c
+++ y/mm/userfaultfd.c
@@ -217,6 +217,7 @@ static int mfill_get_vma(struct mfill_st
 	dst_vma = uffd_mfill_lock(ctx->mm, state->dst_start, state->len);
 	if (IS_ERR(dst_vma))
 		return PTR_ERR(dst_vma);
+	state->vma = dst_vma;
 
 	/*
 	 * If memory mappings are changing because of non-cooperative