Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
05871 Crash/Freeze Major Always Mar 7, 2015, 22:11 May 5, 2016, 05:04
Tester mfeingol View Status Public Platform MAME (Official Binary)
Assigned To Robbbert Resolution Fixed OS Windows Vista/7/8 (64-bit)
Status [?] Resolved Driver
Version 0.159 Fixed in Version 0.174 Build 64-bit
Fixed in Git Commit Github Pull Request #
Summary 05871: puckman: Double-free starting up puckman when using -mt
Description The 64-bit Windows build of Mame 0.159 is corrupting the heap and crashing due to a double-free.

Heap verification flags disabled:

D:\Operations\Games\Emulate\Mame>cdb -g mame64.exe puckman
[...]
(2858.2a80): Unknown exception - code 20474343 (first chance)
Critical error detected c0000374
(2858.2740): Break instruction exception - code 80000003 (first chance)
ntdll!RtlReportCriticalFailure+0x4b:
00007ffd`4b1e11ff cc int 3
0:001> k
Child-SP RetAddr Call Site
00000000`0852f730 00007ffd`4b1e4482 ntdll!RtlReportCriticalFailure+0x4b
00000000`0852f840 00007ffd`4b1e5080 ntdll!RtlpHeapHandleError+0x12
00000000`0852f870 00007ffd`4b198edb ntdll!RtlpLogHeapFailure+0xa4
00000000`0852f8a0 00000000`01ea0245 ntdll!RtlFreeHeap+0x77c3b
00000000`0852f940 00000000`00fd0aa7 image00000000_00400000+0x1aa0245


Heap verification flags enabled:

D:\Operations\Games\Emulate\Mame>cdb -g mame64.exe puckman
[...]
(179c.418c): Unknown exception - code 20474343 (first chance)

===========================================================
VERIFIER STOP 0000000000000007: pid 0x179C: block already freed

        0000000007BD1000 : Heap handle
        0000000016ADDBF0 : Heap block
        000000000000000D : Block size
        0000000000000000 :
===========================================================
This verifier stop is not continuable. Process will be terminated
when you use the `go' debugger command.
===========================================================

(179c.418c): Break instruction exception - code 80000003 (first chance)
verifier!VerifierStopMessage+0x2a4:
00007ffd`3cababd4 cc int 3
0:000> k
Child-SP RetAddr Call Site
00000000`00238100 00007ffd`3cab986b verifier!VerifierStopMessage+0x2a4
00000000`002381a0 00007ffd`3cab9c70 verifier!AVrfpDphReportCorruptedBlock+0x157
00000000`00238260 00007ffd`3cabec3b verifier!AVrfpDphCheckNormalHeapBlock+0xc8
00000000`002382c0 00007ffd`3cad4ac1 verifier!VerifierCheckPageHeapAllocation+0x6b
00000000`002382f0 00000000`01ea0245 verifier!AVrfpHeapFree+0x71
00000000`00238380 00000000`00fd0b51 image00000000_00400000+0x1aa0245
0:000> dd 16ADDBF0
00000000`16addbf0 f0f0f0f0 f0f0f0f0 f0f0f0f0 a0a0a0f0
00000000`16addc00 a0a0a0a0 a0a0a0a0 a0a0a0a0 f0f0f0a0
00000000`16addc10 00000000 00000000 00000000 00000000
00000000`16addc20 f0f0f0f0 f0f0f0f0 2077c1ae 2845ac8a
00000000`16addc30 abcdaaaa 00000000 07bd1000 80000000
00000000`16addc40 00000058 00000000 000000a8 00000000
00000000`16addc50 16b54fa0 00000000 16b54f00 00000000
00000000`16addc60 065108d0 00000000 f0f0f0f0 dcbaaaaa
Steps To Reproduce mame64 -mt -debug puckman

It will crash after 5-10 seconds.
Additional Information
Github Commit
Flags 64-bit specific
Regression Version 0.159
Affected Sets / Systems puckman
Attached Files
? file icon mame.ini (8,105 bytes) Mar 9, 2015, 04:06 Uploaded by mfeingol
[Show Content]
Relationships
There are no relationship linked to this issue.
Notes
9
User avatar
No.11497
Osso
Moderator
Mar 8, 2015, 06:19
Can't reproduce on WIN8 64bit with MAME64 0.159.
User avatar
No.11498
B2K24
Senior Tester
Mar 8, 2015, 22:17
Doesn't seem to repo here either using -debug and pressing F5 to run it.
User avatar
No.11499
mfeingol
Tester
Mar 9, 2015, 04:07
Hi. Can you please retry with the mame.ini I just uploaded? If I run puckman without this mame.ini, it appears to work alright. But if I use this mame.ini, it crashes.
User avatar
No.11500
Mamesick
Senior Tester
Mar 9, 2015, 07:42
multithreading    1

It crashes with -mt enabled here. WIN7 64-bit. Also have a look here:
http://mame32fx.altervista.org/forum/viewtopic.php?f=3&t=170
It seems we have a serious issue with multithreading enabled in 0.159
User avatar
No.11501
Osso
Moderator
Mar 9, 2015, 08:54
even using mt, I still can't reproduce it.
User avatar
No.11502
mfeingol
Tester
Mar 9, 2015, 16:49
Confirmed the crash occurs with multithreading 1, and does not occur with multithreading 0.

Is there a PDB file for mame64.exe available somewhere?
User avatar
No.11503
B2K24
Senior Tester
Mar 10, 2015, 01:50
I get a crash now when inserting -mt at the command line and using a debug build

mamed -mt -debug puckman

-----------------------------------------------------
Exception at EIP=026F60FA (osd_free(void*)+0x000a): ACCESS VIOLATION
While attempting to read memory at 08AC1FEF
-----------------------------------------------------
EAX=08AC1FF3 EBX=08AC1FF3 ECX=06D70A70 EDX=00000000
ESI=00320338 EDI=00000000 EBP=0028BA98 ESP=0028BA80
-----------------------------------------------------
Stack crawl:
  0028BA98: 026F60FA (osd_free(void*)+0x000a)
  0028BB18: 015E7A01 (win_monitor_info::aspect()+0x0081)
  0028BB78: 0160A589 (d3d::renderer::get_primitives()+0x0109)
  0028BBE8: 015ECEE7 (win_window_info::update()+0x0147)
  0028BC68: 015E7C6F (windows_osd_interface::update(bool)+0x006f)
  0028BD18: 023C8E70 (video_manager::frame_update(bool)+0x0140)
  0028BDF8: 02350E35 (ui_manager::display_startup_screens(bool, bool)+0x0275)
  0028BE98: 0229F6D5 (running_machine::run(bool)+0x01f5)
  0028F898: 022BAAE5 (machine_manager::execute()+0x03d5)
  0028FA78: 0238978F (cli_frontend::execute(int, char**)+0x156f)
  0028FE98: 015E648F (utf8_main(int, char**)+0x029f)
  0028FEC8: 026F52F1 (wmain+0x0071)
  0028FF88: 004013F0 (__tmainCRTStartup+0x0270)
  0028FF94: 760B339A (BaseThreadInitThunk+0x0012)
  0028FFD4: 776FBF32 (RtlInitializeExceptionChain+0x0063)
  0028FFEC: 776FBF05 (RtlInitializeExceptionChain+0x0036)
User avatar
No.11533
mfeingol
Tester
Mar 21, 2015, 18:30
Hi.

Any updates on tracking down the issue?

Thanks.
User avatar
No.12602
Robbbert
Senior Tester
May 5, 2016, 05:04
-mt no longer exists, so resolving.