Linus Torvalds writes: (Summary)
It's
It's
next->pprev = pprev;
next->pprev = pprev;
in __hlist_del(), and the trapping instruction decodes as in __hlist_del(), and the trapping instruction decodes as mov %rdx,0x8(%rax)
mov %rdx,0x8(%rax)
It's
next->pprev = pprev;
next->pprev = pprev;
in __hlist_del(), and the trapping instruction decodes as in __hlist_del(), and the trapping instruction decodes as mov %rdx,0x8(%rax)
mov %rdx,0x8(%rax)
with %rax having the value dead000000000200, Which is just LIST_POISON2. So we've deleted that entry twice - LIST_POISON2 is what hlist_del() sets pprev to after already deleting it once. Nobody cares, except for the list entry debugging code, which isn't run on the hlist cases.