page_referenced() counts only references of mm's that are associated with the memcg hierarchy that is being reclaimed. However, if it races with the owner of the mm exiting, mm->owner may be NULL. Don't crash, just ignore the reference. Signed-off-by: Johannes Weiner <hannes@xxxxxxxxxxx> Cc: stable@xxxxxxxxxx [3.5] --- include/linux/memcontrol.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/memcontrol.h b/include/linux/memcontrol.h index 8d9489f..8686294 100644 --- a/include/linux/memcontrol.h +++ b/include/linux/memcontrol.h @@ -91,7 +91,7 @@ int mm_match_cgroup(const struct mm_struct *mm, const struct mem_cgroup *cgroup) rcu_read_lock(); memcg = mem_cgroup_from_task(rcu_dereference((mm)->owner)); - match = __mem_cgroup_same_or_subtree(cgroup, memcg); + match = memcg && __mem_cgroup_same_or_subtree(cgroup, memcg); rcu_read_unlock(); return match; } -- 1.7.11.4 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>