I've just reproduced this crash using the stock 3.2.0-24-39 kernel on VirtualBox on OS X (Lion). I created a 2-CPU VM using the latest VirtualBox (4.1.16 r78094), for Ubuntu 64-bit, default 8GB disk. The steps I followed were: * Install 64-bit 12.04 Server LTS, minimal install from ISO downloaded from ubuntu.com/download/server * apt-get dist-upgrade and reboot * apt-get install ruby1.9.3 screen * gem install chef * In a screen session: * while true; do ohai; done After a while (less than an hour) I had reproduced the stack trace from this bug. I added "console=ttyS0" to the startup parameters and had VirtualBox log the serial output to a file so I could capture the stack trace (below). This means this bug is nothing to do with Xen, and hopefully can be reproduced by developers more easily. Stefan: If you could build a regular kernel I would be happy to try and capture more info for you. Thanks, Gavin. [ 1119.141743] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 [ 1119.145307] IP: [] rb_next+0x1/0x50 [ 1119.145307] PGD 1be80067 PUD 1f17d067 PMD 0 [ 1119.145307] Oops: 0000 [#1] SMP [ 1119.145307] CPU 0 [ 1119.145307] Modules linked in: vesafb ext2 snd_intel8x0 psmouse snd_ac97_codec ac97_bus snd_pcm snd_timer ppdev snd soundcore joydev snd_page_alloc serio_raw i2c_piix4 parport_pc mac_hid lp parport usbhid hid e1000 [ 1119.145307] [ 1119.145307] Pid: 6768, comm: ohai Not tainted 3.2.0-24-generic #39-Ubuntu innotek GmbH VirtualBox [ 1119.145307] RIP: 0010:[] [] rb_next+0x1/0x50 [ 1119.145307] RSP: 0018:ffff88001bd8dc18 EFLAGS: 00010046 [ 1119.145307] RAX: 0000000000000000 RBX: ffff88001f232400 RCX: 0000000000000000 [ 1119.145307] RDX: fffffffffffffff0 RSI: 0000000000000000 RDI: 0000000000000010 [ 1119.145307] RBP: ffff88001bd8dc48 R08: 0000000000000001 R09: 0000000000000000 [ 1119.145307] R10: ffff88001fd13780 R11: 0000000000000001 R12: 0000000000000000 [ 1119.145307] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000015010f8 [ 1119.145307] FS: 00007f6a721d7700(0000) GS:ffff88001fc00000(0000) knlGS:0000000000000000 [ 1119.145307] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1119.145307] CR2: 0000000000000010 CR3: 000000001ce72000 CR4: 00000000000006f0 [ 1119.145307] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1119.145307] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1119.145307] Process ohai (pid: 6768, threadinfo ffff88001bd8c000, task ffff88001cafdbc0) [ 1119.145307] Stack: [ 1119.145307] ffff88001bd8dc48 ffffffff8104ff39 ffff88001f232400 ffff88001fc13780 [ 1119.145307] ffff88001f233a00 0000000000000000 ffff88001bd8dc78 ffffffff810561d8 [ 1119.145307] ffff88001bd8dc78 ffff88001fc13780 0000000000000000 ffff88001cafdf80 [ 1119.145307] Call Trace: [ 1119.145307] [] ? pick_next_entity+0xb9/0xe0 [ 1119.145307] [] pick_next_task_fair+0x38/0x70 [ 1119.145307] [] __schedule+0x14c/0x6f0 [ 1119.145307] [] ? flush_tlb_page+0x48/0xb0 [ 1119.145307] [] schedule+0x3f/0x60 [ 1119.145307] [] pipe_wait+0x59/0x80 [ 1119.145307] [] ? add_wait_queue+0x60/0x60 [ 1119.145307] [] pipe_read+0x1da/0x330 [ 1119.145307] [] do_sync_read+0xd2/0x110 [ 1119.145307] [] ? security_file_permission+0x93/0xb0 [ 1119.145307] [] ? rw_verify_area+0x61/0xf0 [ 1119.145307] [] vfs_read+0xb0/0x180 [ 1119.145307] [] sys_read+0x4a/0x90 [ 1119.145307] [] system_call_fastpath+0x16/0x1b [ 1119.145307] Code: 89 06 48 8b 47 08 48 89 46 08 48 8b 47 10 48 89 46 10 c3 0f 1f 80 00 00 00 00 48 89 32 eb b2 0f 1f 00 48 89 70 10 eb a9 66 90 55 <48> 8b 17 48 89 e5 48 89 d0 48 83 e0 fc 48 39 c7 74 34 48 8b 47 [ 1119.145307] RIP [] rb_next+0x1/0x50 [ 1119.145307] RSP [ 1119.145307] CR2: 0000000000000010 [ 1119.145307] ---[ end trace 787431227c69a127 ]---