TIF_MEMDIE should not be set on a process if it does not have a valid ->mm, and this is protected by task_lock(). If TIF_MEMDIE gets set after the mm has detached, and the process fails to exit, then the oom killer will defer forever waiting for it to exit. Make sure that the mm is still valid before setting TIF_MEMDIE by way of mark_tsk_oom_victim(). Cc: "Arve Hjønnevåg" <arve@xxxxxxxxxxx> Cc: Riley Andrews <riandrews@xxxxxxxxxxx> Acked-by: Michal Hocko <mhocko@xxxxxxx> Signed-off-by: David Rientjes <rientjes@xxxxxxxxxx> --- drivers/staging/android/lowmemorykiller.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/drivers/staging/android/lowmemorykiller.c b/drivers/staging/android/lowmemorykiller.c --- a/drivers/staging/android/lowmemorykiller.c +++ b/drivers/staging/android/lowmemorykiller.c @@ -156,20 +156,27 @@ static unsigned long lowmem_scan(struct shrinker *s, struct shrink_control *sc) p->pid, p->comm, oom_score_adj, tasksize); } if (selected) { - lowmem_print(1, "send sigkill to %d (%s), adj %hd, size %d\n", - selected->pid, selected->comm, - selected_oom_score_adj, selected_tasksize); - lowmem_deathpending_timeout = jiffies + HZ; + task_lock(selected); + if (!selected->mm) { + /* Already exited, cannot do mark_tsk_oom_victim() */ + task_unlock(selected); + goto out; + } /* * FIXME: lowmemorykiller shouldn't abuse global OOM killer * infrastructure. There is no real reason why the selected * task should have access to the memory reserves. */ mark_tsk_oom_victim(selected); + task_unlock(selected); + lowmem_print(1, "send sigkill to %d (%s), adj %hd, size %d\n", + selected->pid, selected->comm, + selected_oom_score_adj, selected_tasksize); + lowmem_deathpending_timeout = jiffies + HZ; send_sig(SIGKILL, selected, 0); rem += selected_tasksize; } - +out: lowmem_print(4, "lowmem_scan %lu, %x, return %lu\n", sc->nr_to_scan, sc->gfp_mask, rem); rcu_read_unlock();