On Fri, Jan 27, 2023 at 10:56:26PM +1100, Alexey Kardashevskiy wrote: > Here is the complete output of that VM (200k so not in the email): > > https://github.com/aik/linux/commit/d0d6bbb58fcd927ddd1f8e9d42ab121920c7eafc Thanks. So looking at the code in the traces: Code starting with the faulting instruction =========================================== 0: 65 48 8b 04 25 c0 db mov %gs:0x2dbc0,%rax 7: 02 00 9: 48 8b 80 a8 08 00 00 mov 0x8a8(%rax),%rax 10: 0f 0d 48 70 prefetchw 0x70(%rax) 14: e8 .byte 0xe8 15: 82 .byte 0x82 I think the fault in the page-fault handler happens here: DEFINE_IDTENTRY_RAW_ERRORCODE(exc_page_fault) { unsigned long address = read_cr2(); irqentry_state_t state; prefetchw(¤t->mm->mmap_lock); <--- Here To be precise, it faults while dereferencing current. That means that GS_BASE is likely broken, need to find out why... This at least explains why it page-faults in a loop until the stack overflows and the guard page is hit. Regards, Joerg