Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
06148 Crash/Freeze Critical (emulator) Always Mar 3, 2016, 21:16 May 3, 2018, 16:33
Tester NekoEd View Status Public Platform SDLMAME
Assigned To Resolution Fixed OS
Status [?] Resolved Driver model2.cpp
Version 0.171 Fixed in Version 0.197 Build 64-bit
Summary 06148: All games in model2.cpp: Segmentation Fault
Description daytona will segfault during the second loop of attract mode.
Steps To Reproduce Boot, wait.
Additional Information Clones not tested.
Gameplay causes MAME to hardlock shortly after the game hands control to the player.

UPDATE: As of 0.192, MAME will either hardlock or segfault as soon as polygons appear.

UPDATE: As of 0.194, MAME will crash randomly or not display polygons at all as reported in 06862 (closed as duplicate).
Flags
Regression Version
Affected Sets / Systems All games in model2.cpp
Attached Files
png file icon 0000.png (67,354 bytes) Mar 3, 2016, 21:34 Uploaded by Tafoid
0.171 Snapshot just before Exception/Crash
Tafoid
Relationships
has duplicate 06862Closed all sets in model2.cpp: Machine can crash at start 
related to 05530Resolved daytona: Test Mode crash on TGP test. 
Notes
8
User avatar
No.12419
Tafoid
Administrator
Mar 3, 2016, 21:32
Took a snapshot a moment before it crashes with the following stack crawl
-----------------------------------------------------
Exception at EIP=0000000000B802FB (model2_state::screen_update_model2(screen_device&, bitmap_rgb32&, rectangle const&)+0x076b): ACCESS VIOLATION
While attempting to write memory at 000000001F6147B4

Stack crawl:
  0000000000229910: 0000000000B802FB (model2_state::screen_update_model2(screen_device&, bitmap_rgb32&, rectangle const&)+0x076b)
  00000000002299E0: 00000000025D9F0C (screen_device::update_partial(int)+0x011c)
  0000000000229A50: 0000000002641792 (video_manager::finish_screen_updates()+0x0182)
  0000000000229AE0: 0000000002642E05 (video_manager::frame_update(bool)+0x01a5)
  0000000000229B50: 00000000025DB1D7 (screen_device::device_timer(emu_timer&, unsigned int, int, void*)+0x0337)
  0000000000229BF0: 00000000025D79FD (device_scheduler::timeslice()+0x012d)
  0000000000229C50: 0000000002596BF8 (running_machine::run(bool)+0x0148)
  000000000022F740: 000000000258F048 (machine_manager::execute()+0x0128)
  000000000022F930: 00000000024DBDD2 (cli_frontend::execute(int, char**)+0x08e2)
  000000000022FDF0: 0000000001518EF6 (utf8_main(int, char**)+0x0176)
  000000000022FE50: 0000000002A5C7DF (wmain+0x007f)
  000000000022FF20: 000000000040140C (__tmainCRTStartup+0x025c)
  000000000022FF50: 000000000040153B (mainCRTStartup+0x001b)
  000000000022FF80: 00000000779059ED (BaseThreadInitThunk+0x000d)
  000000000022FFD0: 0000000077B3B371 (RtlUserThreadStart+0x0021)
User avatar
No.12422
Osso
Developer
Mar 4, 2016, 10:59
I went as far back as 0.131 and it was already happening. Don't have older builds at hand to find regression version.
User avatar
No.13712
M.A.S.H.
Senior Tester
Mar 18, 2017, 09:14
Daytona doesn't crashed when you set in menu 'GAME SYSTEM' - 'LINK ID' -> to SINGLE with keys F2 and 9.
User avatar
No.14488
NekoEd
Senior Tester
Dec 3, 2017, 01:25
As of MAME 0.192, it will do one of two things after displaying the game settings, either segfault or hardlock MAME.
User avatar
No.14531
wuemura
Viewer
Dec 15, 2017, 21:40
This happens before crash or freeze.
Direct3D: resetting device
Direct3D: Initialize HLSL
Direct3D: Unable to find D3DXCreateEffectFromFileW
User avatar
No.14580
NekoEd
Senior Tester
Dec 27, 2017, 21:00
No, the crash isn't related to initalizing Direct3D; it happens on a Linux system with no capability of ever using it.
User avatar
No.14591
Firewave
Senior Tester
Dec 31, 2017, 23:40
==116437==ERROR: AddressSanitizer: heap-use-after-free on address 0x7feb18b29278 at pc 0x000003f3bca4 bp 0x7ffed2157df0 sp 0x7ffed2157de8
READ of size 4 at 0x7feb18b29278 thread T0
    #0 0x3f3bca3 in geo_parse_np_ns /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/video/model2.cpp:1217:17
    #1 0x3f3bca3 in geo_object_data(geo_state*, unsigned int, unsigned int*) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/video/model2.cpp:1974
    #2 0x3f32250 in geo_parse /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/video/model2.cpp
    #3 0x3f32250 in model2_state::screen_update_model2(screen_device&, bitmap_rgb32&, rectangle const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/video/model2.cpp:2622
    #4 0xe7ac0e2 in operator() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:544:11
    #5 0xe7ac0e2 in screen_device::update_partial(int) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1220
    #6 0xe833c67 in video_manager::finish_screen_updates() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:694:10
    #7 0xe8332a0 in video_manager::frame_update(bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:208:27
    #8 0xe7a9f66 in vblank_end /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1556:21
    #9 0xe7a9f66 in screen_device::device_timer(emu_timer&, unsigned int, int, void*) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1002
    #10 0xe795168 in timer_expired /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/device.h:520:83
    #11 0xe795168 in device_scheduler::execute_timers() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:906
    #12 0xe78ea0f in device_scheduler::timeslice() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:530:2
    #13 0xe6a324b in running_machine::run(bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:357:17
    #14 0x8cd10e0 in mame_machine_manager::execute() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:236:19
    #15 0x8e1e0d3 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:257:22
    #16 0x8e20ee0 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:273:3
    #17 0x8cd3717 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:336:18
    #18 0x8acddf2 in main /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:216:9
    #19 0x7feb56dd182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #20 0x1431838 in _start (/mnt/mame/mame64+0x1431838)

0x7feb18b29278 is located 162424 bytes inside of 2097152-byte region [0x7feb18b01800,0x7feb18d01800)
freed by thread T0 here:
    #0 0x14fe342 in operator delete(void*) /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:137:3
    #1 0xe75ce8a in deallocate /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/ext/new_allocator.h:110:9
    #2 0xe75ce8a in deallocate /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/alloc_traits.h:517
    #3 0xe75ce8a in _M_deallocate /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_vector.h:178
    #4 0xe75ce8a in ~_Vector_base /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_vector.h:160
    #5 0xe75ce8a in ~vector /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_vector.h:425
    #6 0xe75ce8a in rom_load_manager::read_rom_data(rom_entry const*, rom_entry const*) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/romload.cpp:799
    #7 0xe75eb44 in rom_load_manager::process_rom_entries(char const*, rom_entry const*, rom_entry const*, device_t*, bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/romload.cpp:931:24
    #8 0xe76933e in rom_load_manager::process_region_list() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/romload.cpp:1461:5
    #9 0xe76b8ef in rom_load_manager::rom_load_manager(running_machine&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/romload.cpp:1533:2
    #10 0xe69f947 in make_unique_clear<rom_load_manager, running_machine &> /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/corealloc.h:74:38
    #11 0xe69f947 in running_machine::start() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:238
    #12 0xe6a2a41 in running_machine::run(bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:310:3
    #13 0x8cd10e0 in mame_machine_manager::execute() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:236:19
    #14 0x8e1e0d3 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:257:22
    #15 0x8e20ee0 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:273:3
    #16 0x8cd3717 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:336:18
    #17 0x8acddf2 in main /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:216:9
    #18 0x7feb56dd182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

previously allocated by thread T0 here:
    #0 0x14fd722 in operator new(unsigned long) /opt/media/clang_nightly/llvm/utils/release/final/llvm.src/projects/compiler-rt/lib/asan/asan_new_delete.cc:92:3
    #1 0xe75b8a4 in allocate /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/ext/new_allocator.h:104:27
    #2 0xe75b8a4 in allocate /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/alloc_traits.h:491
    #3 0xe75b8a4 in _M_allocate /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_vector.h:170
    #4 0xe75b8a4 in _M_create_storage /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_vector.h:185
    #5 0xe75b8a4 in _Vector_base /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_vector.h:136
    #6 0xe75b8a4 in vector /usr/lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_vector.h:278
    #7 0xe75b8a4 in rom_load_manager::read_rom_data(rom_entry const*, rom_entry const*) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/romload.cpp:724
    #8 0xe75eb44 in rom_load_manager::process_rom_entries(char const*, rom_entry const*, rom_entry const*, device_t*, bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/romload.cpp:931:24
    #9 0xe76933e in rom_load_manager::process_region_list() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/romload.cpp:1461:5
    #10 0xe76b8ef in rom_load_manager::rom_load_manager(running_machine&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/romload.cpp:1533:2
    #11 0xe69f947 in make_unique_clear<rom_load_manager, running_machine &> /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/corealloc.h:74:38
    #12 0xe69f947 in running_machine::start() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:238
    #13 0xe6a2a41 in running_machine::run(bool) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:310:3
    #14 0x8cd10e0 in mame_machine_manager::execute() /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:236:19
    #15 0x8e1e0d3 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:257:22
    #16 0x8e20ee0 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:273:3
    #17 0x8cd3717 in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:336:18
    #18 0x8acddf2 in main /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:216:9
    #19 0x7feb56dd182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: heap-use-after-free /mnt/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/mame/video/model2.cpp:1217:17 in geo_parse_np_ns
Shadow bytes around the buggy address:
  0x0ffde315d1f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ffde315d200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ffde315d210: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ffde315d220: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ffde315d230: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0ffde315d240: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd]
  0x0ffde315d250: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ffde315d260: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ffde315d270: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ffde315d280: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0ffde315d290: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable: 00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone: fa
  Freed heap region: fd
  Stack left redzone: f1
  Stack mid redzone: f2
  Stack right redzone: f3
  Stack after return: f5
  Stack use after scope: f8
  Global redzone: f9
  Global init order: f6
  Poisoned by user: f7
  Container overflow: fc
  Array cookie: ac
  Intra object redzone: bb
  ASan internal: fe
  Left alloca redzone: ca
  Right alloca redzone: cb
==116437==ABORTING
User avatar
No.14999
Tafoid
Administrator
May 3, 2018, 16:33
All texture based crashing issues should be gone as of 0.197. Resolving.