Menu
▾
▴
Re: [Freemint-discuss] XaAES often crashes during boot after a reboot
|
From: Miro K. <mir...@gm...> - 2025-08-22 23:07:51
|
This took some time to track down but it should be fixed now: https://github.com/freemint/freemint/commit/a7befbe369f4560020a0fd884bd53c6acf545fd2 . Introduced after FreeMiNT 1.18 release and worked totally by chance even with clear memory (route_get() got 0x00000000 there which was interpreted as any IP address while 0x55555555 made it crash sooner or later). Interestingly, after this fix I see following lines in the log: pid 5 (aesthred): if_send(lo): >= HWTYPE_NONE pid 5 (aesthred): route_get: daddr = 0xC0A80002 pid 5 (aesthred): route_get: try: mask=0xFFFFFFFF daddr=0xC0A80002 net=0xC0A80002 *pid 5 (aesthred): igmp_input: bad checksum from 0xC0A80002 8 0xC0A80002* Not sure how or why, it could be some bug in Alan's IGMP implementation. Seems harmless (as it's related to the localhost routing) but perhaps should be investigated at some point. Btw the reason why the crashes happened at various places (gluestik, bash, xaaes, ...) is that this code was executed from FreeMiNT's timer (scheduler), i.e. within an interrupt. Basically igmp_tmr -> igmp_timeout -> igmp_send -> ip_send. Also, sometimes the kernel was able to recover from the first (and following) crashes and let the system boot as far as the desktop. On Wed, 20 Aug 2025 at 00:29, Miro Kropáček <mir...@gm...> wrote: > A bit of progress on this one. I have noticed that the crash occurs just > after allocating 32 KiB of (kernel) memory and that happens only at one > place: > https://github.com/freemint/freemint/blob/244fa78f65e823ce540ee70b42e994d60d2fed42/sys/sockets/buf.c#L69C17-L69C31. > And indeed, when adding > > memset(new, 0, BUF_BLOCK_SIZE); > > just after the kmalloc(), the crashes are gone (still with Jo Even's > memset.prg). > > However, it's not so simple. When replacing the memset with: > > new->dstart = NULL; > new->dend = NULL; > new->next = NULL; > new->prev = NULL; > new->link3 = NULL; > new->info = 0; > > i.e. basically zeroing out all other elements in > https://github.com/freemint/freemint/blob/master/sys/sockets/buf.h#L17, > the crash still occurs. So the uninitialised content is actually inside > "data", used by buf_alloc, buf_reserve and buf_clone, basically just > forwarding the problem one layer higher. > > So further investigation is still needed. > -- http://mikro.atari.org |
