The per-CPU initialization code is copying in bogus data into thread->tls_array. Note that it copies &per_cpu(cpu_gdt_table, cpu), not &per_cpu(cpu_gdt_table, cpu)[GDT_ENTRY_TLS_MIN). That is totally broken and unnecessary. Make the initialization explicitly NULL. Patch-base: 2.6.13-rc5-mm1 Patch-keys: i386 cleanup Signed-off-by: Zachary Amsden <zach@vmware.com Index: linux-2.6.13/include/asm-i386/processor.h ==================================================================--- linux-2.6.13.orig/include/asm-i386/processor.h 2005-08-09 18:37:48.000000000 -0700 +++ linux-2.6.13/include/asm-i386/processor.h 2005-08-10 20:42:20.000000000 -0700 @@ -366,6 +366,7 @@ }; #define INIT_THREAD { \ + .tls_array = { [ 0 ... GDT_ENTRY_TLS_ENTRIES-1 ] = { 0,0 } }, \ .vm86_info = NULL, \ .sysenter_cs = __KERNEL_CS, \ .io_bitmap_ptr = NULL, \ Index: linux-2.6.13/arch/i386/kernel/cpu/common.c ==================================================================--- linux-2.6.13.orig/arch/i386/kernel/cpu/common.c 2005-08-09 18:37:48.000000000 -0700 +++ linux-2.6.13/arch/i386/kernel/cpu/common.c 2005-08-10 20:42:04.000000000 -0700 @@ -607,12 +607,6 @@ cpu_gdt_descr[cpu].address (unsigned long)&per_cpu(cpu_gdt_table, cpu); - /* - * Set up the per-thread TLS descriptor cache: - */ - memcpy(thread->tls_array, &per_cpu(cpu_gdt_table, cpu), - GDT_ENTRY_TLS_ENTRIES * 8); - load_gdt(&cpu_gdt_descr[cpu]); load_idt(&idt_descr);