[Xen-devel] Xen crashing when killing a domain with no VCPUs allocated

Hi all,

I've been played with the function alloc_vcpu on ARM. And I hit one case
where this function can failed.

During domain creation, the toolstack will call DOMCTL_max_vcpus which may
fail, for instance because alloc_vcpu didn't succeed. In this case, the
toolstack will call DOMCTL_domaindestroy. And I got the below stack trace.

It can be reproduced on Xen 4.5 (and I also suspect Xen 4.4) by returning
in an error in vcpu_initialize.

I'm not sure how to correctly fix it.


(XEN) Assertion '!cpumask_empty(dom_cpumask)' failed at domain.c:452
(XEN) ----[ Xen-4.5-unstable  arm32  debug=y  Tainted:    C ]----
(XEN) CPU:    1
(XEN) PC:     00207bd8 domain_update_node_affinity+0x10c/0x238
(XEN) CPSR:   2007015a MODE:Hypervisor
(XEN)      R0: 00000001 R1: 00000080 R2: 7ffce7c4 R3: 00000004
(XEN)      R4: 00000000 R5: 7ffce7b8 R6: 7ffce7a8 R7: 7ffce7d0
(XEN)      R8: 7ffce7b8 R9: 7ffcf000 R10:4000ed08 R11:7ffd7d64 R12:00000000
(XEN) HYP: SP: 7ffd7d34 LR: 00000004
(XEN)   VTCR_EL2: 80003558
(XEN)  VTTBR_EL2: 00010002f9ffc000
(XEN)  SCTLR_EL2: 30cd187f
(XEN)    HCR_EL2: 000000000038643f
(XEN)  TTBR0_EL2: 00000000fdfe5000
(XEN)    ESR_EL2: 00000000
(XEN)  HPFAR_EL2: 0000000000fff110
(XEN)      HDFAR: a0800f00
(XEN)      HIFAR: 00000000
(XEN) Xen stack trace from sp=7ffd7d34:
(XEN)    00207bd0 00000004 7ffcf6a8 4000ece0 00000000 00000000 7ffce7a8 4000ece0
(XEN)    00000ea1 9cd1e000 7ecc0ff8 7ffd7dac 00226870 00305000 7ffce758 9cd1e000
(XEN)    7ecc0ff8 00270e00 0024ec44 00000000 7ffcf000 fffff000 7ffcf000 76efb004
(XEN)    00000000 00305000 00000ea1 9cd1e000 7ecc0ff8 7ffd7dc4 0020925c 7ffcf000
(XEN)    76efb004 00000000 00305000 7ffd7edc 00206a0c 7ffd7e0c 7ffd7e50 00000004
(XEN)    7ffd7dec 7ffd7e0c 00001800 774623f9 00000000 00000000 00000000 00007747
(XEN)    0000bc4e 7ffd7ea4 00000000 00000000 00008f0d 00001800 00000000 40021578
(XEN)    40021000 40021560 400218e4 40021948 00000001 00000002 0000000a ffff0001
(XEN)    00000000 76e32110 76f01680 7ecc10dc 76eeea11 76efd140 00000001 00000001
(XEN)    00000000 00000000 76d24228 00000000 00031dd8 00037840 00000000 76efc000
(XEN)    76e57000 0006f73c 00000000 00000001 00031330 7ecc111c 76eeea11 00000000
(XEN)    00000001 00000001 00000000 7ecc10cc 76e32110 00000001 00037840 00030030
(XEN)    00000001 7ffd7f58 7ffd7f58 8000dcb4 00000005 00305000 00000ea1 9cd1e000
(XEN)    7ecc0ff8 7ffd7f54 002529c0 5a962879 002f7594 7ffd7f3c 7ffd7f3c 002c1ff4
(XEN)    200e01da 00000004 00270b80 002c1ff0 002f4244 7ffd7f3c 7ffd7f3c 00000004
(XEN)    40021000 1f680000 002be000 002f7594 30c23c7d 80599e7c 20003010 413fc0f2
(XEN)    5a962879 9e9ac400 00000005 00305000 00000005 9cd1e000 7ecc0ff8 7ffd7f58
(XEN)    002559f0 76efb004 00000001 000000f6 00000000 5a962879 9e9ac400 00000005
(XEN)    00305000 00000005 9cd1e000 7ecc0ff8 9f1309b8 00000024 ffffffff 76e4b130
(XEN)    8000dcb4 60070013 00000000 7ecc0fc4 80599d40 8001ebe0 9cd1feb4 80210604
(XEN) Xen call trace:
(XEN)    [<00207bd8>] domain_update_node_affinity+0x10c/0x238 (PC)
(XEN)    [<00000004>] 00000004 (LR)
(XEN)    [<00226870>] sched_move_domain+0x3cc/0x42c
(XEN)    [<0020925c>] domain_kill+0xc8/0x178
(XEN)    [<00206a0c>] do_domctl+0xaac/0x15e4
(XEN)    [<002529c0>] do_trap_hypervisor+0xc5c/0xf94
(XEN)    [<002559f0>] return_from_trap+0/0x4
(XEN) ****************************************
(XEN) Panic on CPU 1:
(XEN) Assertion '!cpumask_empty(dom_cpumask)' failed at domain.c:452
(XEN) ****************************************

Julien Grall

