Linus Torvalds writes: (Summary) wrote:
So it looks to me like the tear-down of the page tables first found a page that is indeed a page table, and cleared the page table bit (well, it set it - the bits are reversed).
(well, it set it - the bits are reversed).
Then it took an exception (that "interrupt: 700") and that causes do_exit() again, and it tries to free the same page table - and now it's no longer marked as a page table, because it already went through the __ClearPageTable() dance once.
the __ClearPageTable() dance once.
So on the second path through, it catches that "the bit already said it wasn't a page table" and does the BUG.
it wasn't a page table" and does the BUG.
But the real question is what the problem was the *first* time around.
[...]
0xffffffff, which led to the BUG.So it looks to me like the tear-down of the page tables first found a page that is indeed a page table, and cleared the page table bit (well, it set it - the bits are reversed).
(well, it set it - the bits are reversed).
Then it took an exception (that "interrupt: 700") and that causes do_exit() again, and it tries to free the same page table - and now it's no longer marked as a page table, because it already went through the __ClearPageTable() dance once.
the __ClearPageTable() dance once.
So on the second path through, it catches that "the bit already said it wasn't a page table" and does the BUG.
it wasn't a page table" and does the BUG.
But the real question is what the problem was the *first* time around.