Hi Konrad, This seems to happen only on a intel machine i'm trying to setup as a development machine (haven't seen it on my amd). It boots fine, i have dom0_mem=1024M,max:1024M set, the machine has 2G of mem. Dom0 and guest kernel are 3.6.0-rc4 with config: [*] Xen memory balloon driver [*] Scrub pages before returning them to system From http://wiki.xen.org/wiki/Do%EF%BB%BFm0_Memory_%E2%80%94_Where_It_Has_Not_Gone , I thought this should be okay But when trying to start a PV guest with 512MB mem, the machine (dom0) crashes with the stacktrace below (complete serial-log.txt attached). From the: "mapping kernel into physical memory about to get started..." I would almost say it's trying to reload dom0 ? [ 897.161119] device vif1.0 entered promiscuous mode mapping kernel into physical memory about to get started... [ 897.696619] xen_bridge: port 1(vif1.0) entered forwarding state [ 897.716219] xen_bridge: port 1(vif1.0) entered forwarding state [ 898.129465] ------------[ cut here ]------------ [ 898.132209] kernel BUG at drivers/xen/balloon.c:359! [ 898.132209] invalid opcode: 0000 [#1] PREEMPT SMP [ 898.132209] Modules linked in: [ 898.132209] CPU 0 [ 898.132209] Pid: 3338, comm: kworker/0:1 Not tainted 3.6.0-rc4-20120830+ #66 System manufacturer System Product Name/P5Q-EM DO [ 898.132209] RIP: e030:[] [] balloon_process+0x336/0x340 [ 898.132209] RSP: e02b:ffff880037b4dce0 EFLAGS: 00010213 [ 898.132209] RAX: 00000000242b0000 RBX: ffffea0000dfadc0 RCX: 0000000000000000 [ 898.132209] RDX: 0000000000037eb7 RSI: 00000000deadbeef RDI: 00000000000000b7 [ 898.132209] RBP: ffff880037b4dd40 R08: ffffea0000dfade0 R09: 2222222222222222 [ 898.132209] R10: 2222222222222222 R11: 2222222222222222 R12: 0000000000000000 [ 898.132209] R13: ffffea0000dfade0 R14: 0000160000000000 R15: 0000000000000001 [ 898.132209] FS: 00007fd4bd0ec740(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000 [ 898.132209] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b [ 898.132209] CR2: 00007fd4b387d000 CR3: 000000003920a000 CR4: 0000000000042660 [ 898.132209] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 898.132209] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 898.132209] Process kworker/0:1 (pid: 3338, threadinfo ffff880037b4c000, task ffff8800398fe180) [ 898.132209] Stack: [ 898.132209] 0000000000037eb7 0000000000000001 ffffffff8286c540 0000000000000001 [ 898.132209] 0000000000000000 0000000000007ff0 ffff880037b4dd20 ffffffff81e42a60 [ 898.132209] ffff88003799c6c0 ffff88003fc16700 ffff88003fc0e000 ffff880037b4dd90 [ 898.132209] Call Trace: [ 898.132209] [] process_one_work+0x1bf/0x4a0 [ 898.132209] [] ? process_one_work+0x160/0x4a0 [ 898.132209] [] ? __schedule+0x471/0x8a0 [ 898.132209] [] ? decrease_reservation+0x2d0/0x2d0 [ 898.132209] [] worker_thread+0x152/0x470 [ 898.132209] [] ? _raw_spin_unlock_irqrestore+0x75/0xa0 [ 898.132209] [] ? trace_hardirqs_on+0xd/0x10 [ 898.132209] [] ? _raw_spin_unlock_irqrestore+0x53/0xa0 [ 898.132209] [] ? manage_workers+0x290/0x290 [ 898.132209] [] kthread+0x96/0xa0 [ 898.132209] [] kernel_thread_helper+0x4/0x10 [ 898.132209] [] ? retint_restore_args+0x13/0x13 [ 898.132209] [] ? gs_change+0x13/0x13 [ 898.132209] Code: ff 0f 1f 40 00 48 89 d8 e9 22 fe ff ff 0f 0b eb fe 48 89 d7 48 89 55 a0 e8 18 e7 cc ff 48 83 f8 ff 48 8b 55 a0 0f 84 74 fe ff ff <0f> 0b eb fe 66 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 89 d6 [ 898.132209] RIP [] balloon_process+0x336/0x340 [ 898.132209] RSP [ 898.738233] ---[ end trace 3f7af50285edb7bb ]--- [ 898.749003] BUG: unable to handle kernel paging request at fffffffffffffff8 [ 898.752237] IP: [] kthread_data+0xb/0x20 [ 898.752237] PGD 1e0d067 PUD 1e0e067 PMD 0 [ 898.752237] Oops: 0000 [#2] PREEMPT SMP [ 898.752237] Modules linked in: [ 898.752237] CPU 0 [ 898.752237] Pid: 3338, comm: kworker/0:1 Tainted: G D 3.6.0-rc4-20120830+ #66 System manufacturer System Product Name/P5Q-EM DO [ 898.752237] RIP: e030:[] [] kthread_data+0xb/0x20 [ 898.752237] RSP: e02b:ffff880037b4d898 EFLAGS: 00010082 [ 898.752237] RAX: 0000000000000000 RBX: ffff88003fc12e80 RCX: 0000000000000000 [ 898.752237] RDX: ffffffff820057a0 RSI: 0000000000000000 RDI: ffff8800398fe180 [ 898.752237] RBP: ffff880037b4d898 R08: ffff8800398fe1f0 R09: 0000000000000400 [ 898.752237] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 898.752237] R13: 0000000000000000 R14: ffff880037b4d7b8 R15: ffff880037b4da90 [ 898.752237] FS: 00007fd4bd0ec740(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000 [ 898.752237] CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b [ 898.752237] CR2: fffffffffffffff8 CR3: 000000003920a000 CR4: 0000000000042660 [ 898.752237] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 898.752237] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 898.752237] Process kworker/0:1 (pid: 3338, threadinfo ffff880037b4c000, task ffff8800398fe180) [ 898.752237] Stack: [ 898.752237] ffff880037b4d8c8 ffffffff8108306c 0000000000000000 ffff88003fc12e80 [ 898.752237] 0000000000000000 ffff8800398fe528 ffff880037b4da18 ffffffff8184931f [ 898.752237] 0000000000000000 ffffffff81083bb8 ffff8800398fe180 0000000000012e80 [ 898.752237] Call Trace: [ 898.752237] [] wq_worker_sleeping+0x1c/0x90 [ 898.752237] [] __schedule+0x5ff/0x8a0 [ 898.752237] [] ? free_pid+0x18/0xc0 [ 898.752237] [] ? sha1_transform_ssse3+0x187/0xd00 [ 898.752237] [] ? lock_acquire+0xe4/0x110 [ 898.752237] [] ? do_exit+0x4e7/0x8e0 [ 898.752237] [] ? call_rcu+0x12/0x20 [ 898.752237] [] ? lock_release+0x111/0x260 [ 898.752237] [] schedule+0x24/0x70 [ 898.752237] [] do_exit+0x5b4/0x8e0 [ 898.752237] [] oops_end+0xb0/0xf0 [ 898.752237] [] die+0x56/0x90 [ 898.752237] [] do_trap+0xc4/0x170 [ 898.752237] [] ? do_invalid_op+0x72/0xc0 [ 898.752237] [] do_invalid_op+0xa6/0xc0 [ 898.752237] [] ? balloon_process+0x336/0x340 [ 898.752237] [] ? trace_hardirqs_off_caller+0x78/0x150 [ 898.752237] [] ? trace_hardirqs_off_thunk+0x3a/0x3c [ 898.752237] [] ? restore_args+0x30/0x30 [ 898.752237] [] invalid_op+0x1b/0x20 [ 898.752237] [] ? balloon_process+0x336/0x340 [ 898.752237] [] process_one_work+0x1bf/0x4a0 [ 898.752237] [] ? process_one_work+0x160/0x4a0 [ 898.752237] [] ? __schedule+0x471/0x8a0 [ 898.752237] [] ? decrease_reservation+0x2d0/0x2d0 [ 898.752237] [] worker_thread+0x152/0x470 [ 898.752237] [] ? _raw_spin_unlock_irqrestore+0x75/0xa0 [ 898.752237] [] ? trace_hardirqs_on+0xd/0x10 [ 898.752237] [] ? _raw_spin_unlock_irqrestore+0x53/0xa0 [ 898.752237] [] ? manage_workers+0x290/0x290 [ 898.752237] [] kthread+0x96/0xa0 [ 898.752237] [] kernel_thread_helper+0x4/0x10 [ 898.752237] [] ? retint_restore_args+0x13/0x13 [ 898.752237] [] ? gs_change+0x13/0x13 [ 898.752237] Code: 55 65 48 8b 04 25 80 c6 00 00 48 8b 80 50 03 00 00 48 89 e5 8b 40 f0 c9 c3 0f 1f 80 00 00 00 00 48 8b 87 50 03 00 00 55 48 89 e5 <48> 8b 40 f8 c9 c3 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 [ 898.752237] RIP [] kthread_data+0xb/0x20 [ 898.752237] RSP [ 898.752237] CR2: fffffffffffffff8 [ 898.752237] ---[ end trace 3f7af50285edb7bc ]--- [ 898.752237] Fixing recursive fault but reboot is needed! [ 912.746625] xen_bridge: port 1(vif1.0) entered forwarding state