diff --git a/mm/slub.c b/mm/slub.c
index dbd06618082ca6b90c237bb2f34d7c7d67390c97..11874052572fdf0500babb42b2204403be86281d 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -2925,11 +2925,13 @@ static __always_inline void do_slab_free(struct kmem_cache *s,
 	barrier();
 
 	if (likely(page == c->page)) {
-		set_freepointer(s, tail_obj, c->freelist);
+		void **freelist = READ_ONCE(c->freelist);
+
+		set_freepointer(s, tail_obj, freelist);
 
 		if (unlikely(!this_cpu_cmpxchg_double(
 				s->cpu_slab->freelist, s->cpu_slab->tid,
-				c->freelist, tid,
+				freelist, tid,
 				head, next_tid(tid)))) {
 
 			note_cmpxchg_failure("slab_free", s, tid);