diff --git a/src/kernel/objects/thread.cpp b/src/kernel/objects/thread.cpp
index 003de68..1cbc0e2 100644
--- a/src/kernel/objects/thread.cpp
+++ b/src/kernel/objects/thread.cpp
@@ -8,20 +8,6 @@
 extern "C" void kernel_to_user_trampoline();
 static constexpr j6_signal_t thread_default_signals = 0;
 
-thread::thread(process &parent, uint8_t pri, bool user) :
-	kobject(kobject::type::thread, thread_default_signals),
-	m_parent(parent),
-	m_state(state::loading),
-	m_wait_type(wait_type::none),
-	m_wait_data(0),
-	m_wait_obj(0)
-{
-	m_tcb.pml4 = parent.pml4();
-	m_tcb.priority = pri;
-	setup_kernel_stack();
-	set_state(state::ready);
-}
-
 thread::thread(process &parent, uint8_t pri, uintptr_t rsp0) :
 	kobject(kobject::type::thread, thread_default_signals),
 	m_parent(parent),
@@ -32,7 +18,12 @@ thread::thread(process &parent, uint8_t pri, uintptr_t rsp0) :
 {
 	m_tcb.pml4 = parent.pml4();
 	m_tcb.priority = pri;
-	m_tcb.rsp0 = rsp0;
+
+	if (!rsp0)
+		setup_kernel_stack();
+	else
+		m_tcb.rsp0 = rsp0;
+
 	set_state(state::ready);
 }
 
diff --git a/src/kernel/objects/thread.h b/src/kernel/objects/thread.h
index 73ba3a3..7eaf2d6 100644
--- a/src/kernel/objects/thread.h
+++ b/src/kernel/objects/thread.h
@@ -139,17 +139,11 @@ private:
 	thread(const thread &&other) = delete;
 	friend class process;
 
-	/// Constructor.
-	/// \arg parent  The process which owns this thread
-	/// \arg pri     Initial priority level of this thread
-	/// \arg user    True if this is a userspace thread
-	thread(process &parent, uint8_t pri, bool user = true);
-
 	/// Constructor. Used when a kernel stack already exists.
 	/// \arg parent  The process which owns this thread
 	/// \arg pri     Initial priority level of this thread
-	/// \arg rsp0    The existing kernel stack rsp
-	thread(process &parent, uint8_t pri, uintptr_t rsp0);
+	/// \arg rsp0    The existing kernel stack rsp, 0 for none
+	thread(process &parent, uint8_t pri, uintptr_t rsp0 = 0);
 
 	/// Set up a new empty kernel stack for this thread.
 	void setup_kernel_stack();
diff --git a/src/libraries/kutil/vm_space.cpp b/src/libraries/kutil/vm_space.cpp
index 8a08e18..07d11a6 100644
--- a/src/libraries/kutil/vm_space.cpp
+++ b/src/libraries/kutil/vm_space.cpp
@@ -81,6 +81,7 @@ vm_space::split_out(node_type *node, uintptr_t start, size_t size, vm_state stat
 		node_type *next = new node_type;
 		next->address = start;
 		next->size = node->size - leading;
+		next->state = state;
 
 		node->size = leading;
 		node->state = old_state;
@@ -97,7 +98,7 @@ vm_space::split_out(node_type *node, uintptr_t start, size_t size, vm_state stat
 
 	if (node->end() > start + size) {
 		// Split off remaining into new node
-		size_t trailing =  node->size - size;
+		size_t trailing = node->size - size;
 		node->size -= trailing;
 
 		node_type *next = new node_type;
@@ -227,7 +228,7 @@ vm_space::commit(uintptr_t start, size_t size)
 {
 	if (start == 0) {
 		log::debug(logs::vmem, "Committing any region of size %llx", size);
-		node_type *node = find_empty(m_ranges.root(), size, vm_state::reserved);
+		node_type *node = find_empty(m_ranges.root(), size, vm_state::committed);
 		if (!node) {
 			log::debug(logs::vmem, "  found no large enough region");
 			return 0;