I was just wondering about this.

So I'm running Hubris on a Cortex-M0+ ARM with an MPU

Threads run in unprivileged mode and use PSP
The kernel runs in privileged mode and uses MSP
( I think )

Suppose a hardfault happens.

My understanding is that the exception gets pushed to PSP automatically.
But what if PSP got set to an invalid address before the hardfault?

My hardfault handler looks at the thread's PSP in order to print the value of PC that triggered the fault

I have to wonder if this double fault is possible. And if so, does it cause a lockup?