Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
06195 Crash/Freeze Critical (emulator) Always Apr 30, 2016, 10:23 May 26, 2016, 23:36
Tester Tourniquet View Status Public Platform MAME (Official Binary)
Assigned To Resolution Fixed OS Other
Status [?] Resolved Driver
Version 0.173 Fixed in Version 0.175 Build 64-bit
Fixed in Git Commit Github Pull Request #
Summary 06195: -video BGFX is crashing after selecting 'Select New Machine' and launching another machine
Description Either throws a bad_alloc() or sometimes crashes with a stacktrace.
Doesn't happen if you hit 'Escape' (when no game param), only using the menu option.

This is on Win10 64-bit, with official 64-bit binaries, and clean install. Only change is to use BGFX.
On a Surface Pro 3 (Intel video).
Steps To Reproduce Run 'mame64,.exe -video bgfx'
Select a game/machine
Menu->"Select New Machine"
Select another game/machine
Additional Information C:\Projects\mame0173b_64bit>mame64.exe -video bgfx s1945iii
Average speed: 58.76% (5 seconds)
terminate called after throwing an instance of 'std::bad_alloc'
  what(): std::bad_alloc

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.





C:\Projects\mame0173b_64bit>mame64.exe -video bgfx s1945iii
Average speed: 53.70% (5 seconds)
Average speed: 67.38% (8 seconds)
4-u59.bin NOT FOUND (NO GOOD DUMP KNOWN) (tried in s1945 s1945)
WARNING: the machine might not run correctly.
Average speed: 43.25% (4 seconds)

-----------------------------------------------------
Exception at EIP=00007FFB5B553BC0 (register_frame_ctor+0x567713a0): ACCESS VIOLATION
While attempting to read memory at FFFFFFFFFFFFFFFF
-----------------------------------------------------
RAX=0000000000000008 RBX=0000000026D012B0 RCX=000000003625A040 RDX=003B363E841C0A6A
RSI=0000000027C47CA0 RDI=000000000A9D6CC8 RBP=0000000008A18050 RSP=0000000008A17FC8
 R8=0000000026D012B0 R9=0000000001368095 R10=0000000000000000 R11=000000003625A040
R12=0000000008A18010 R13=000000000A9D6CC8 R14=0000000000000000 R15=003B363EBA41AAAA
-----------------------------------------------------
Stack crawl:
  0000000008A17FC0: 00007FFB5B553BC0 (memcpy+0x0140)
  0000000008A18070: 000000000176EF69 (bgfx_chain::~bgfx_chain()+0x0279)
  0000000008A180C0: 000000000173E2C1 (chain_manager::~chain_manager()+0x0041)
  0000000008A18120: 0000000001734904 (renderer_bgfx::~renderer_bgfx()+0x0064)
  0000000008A18160: 0000000001734B26 (renderer_bgfx::~renderer_bgfx()+0x0016)
  0000000008A18250: 000000000171A7FD (win_window_info::video_window_proc(HWND__*, unsigned int, unsigned long long, long long)+0x06ed)
  0000000008A18280: 000000000171C0ED (winwindow_video_window_proc_ui(HWND__*, unsigned int, unsigned long long, long long)+0x000d)
  0000000008A18370: 00007FFB5B391169 (DispatchMessageW+0x0689)
  0000000008A183D0: 00007FFB5B390EE2 (DispatchMessageW+0x0402)
  0000000008A18430: 00007FFB5B3A098E (GetMenuItemInfoW+0x076e)
  0000000008A184B8: 00007FFB5DB38B94 (KiUserCallbackDispatcher+0x0024)
  0000000008A184C0: 00007FFB5B3B3234 (DestroyWindow+0x0014)
  0000000008A185B0: 000000000171A6AD (win_window_info::video_window_proc(HWND__*, unsigned int, unsigned long long, long long)+0x059d)
  0000000008A185E0: 000000000171C0ED (winwindow_video_window_proc_ui(HWND__*, unsigned int, unsigned long long, long long)+0x000d)
  0000000008A186D0: 00007FFB5B391169 (DispatchMessageW+0x0689)
  0000000008A18730: 00007FFB5B390EE2 (DispatchMessageW+0x0402)
  0000000008A18790: 00007FFB5B3A098E (GetMenuItemInfoW+0x076e)
  0000000008A18818: 00007FFB5DB38B94 (KiUserCallbackDispatcher+0x0024)
  0000000008A18820: 00007FFB5B3B1F94 (InvalidateRect+0x0074)
  0000000008A188B0: 00007FFB5B390804 (SendMessageW+0x02a4)
  0000000008A18910: 00007FFB5B39065B (SendMessageW+0x00fb)
  0000000008A189A0: 000000000171625D (win_window_info::destroy()+0x014d)
  0000000008A189E0: 000000000171ADB3 (windows_osd_interface::window_exit()+0x00f3)
  0000000008A18A20: 00000000017145AE (windows_osd_interface::video_exit()+0x001e)
  0000000008A18A60: 00000000016F2C45 (osd_common_t::osd_exit()+0x00b5)
  0000000008A18AA0: 00000000016F2339 (windows_osd_interface::osd_exit()+0x0029)
  0000000008A18B00: 00000000029D313F (running_machine::run(bool)+0x01ef)
  0000000008A1F4F0: 000000000178F2FA (mame_machine_manager::execute()+0x015a)
  0000000008A1F960: 000000000180A9D2 (cli_frontend::execute(int, char**)+0x1092)
  0000000008A1F9D0: 000000000178E555 (emulator_info::start_frontend(emu_options&, osd_interface&, int, char**)+0x0035)
  0000000008A1FDF0: 00000000016F1834 (utf8_main(int, char**)+0x0124)
  0000000008A1FE50: 0000000002E9085F (wmain+0x007f)
  0000000008A1FF20: 000000000040140C (__tmainCRTStartup+0x025c)
  0000000008A1FF50: 000000000040153B (mainCRTStartup+0x001b)
  0000000008A1FF80: 00007FFB5B7C8102 (BaseThreadInitThunk+0x0022)
  0000000008A1FFD0: 00007FFB5DAEC5B4 (RtlUserThreadStart+0x0034)
Github Commit
Flags
Regression Version
Affected Sets / Systems
Attached Files
 
Relationships
There are no relationship linked to this issue.
Notes
12
User avatar
No.12565
Robbbert
Senior Tester
Apr 30, 2016, 12:12
No crash for me, using bgfx, win7 64bit os, 32 bit build.
User avatar
No.12567
Tafoid
Administrator
Apr 30, 2016, 16:57
Same using 64-bit 0.173, Win 7 64-bit OS - no repro
User avatar
No.12570
B2K24
Senior Tester
Apr 30, 2016, 20:55
I can reproduce this on Windows 10 Pro X64.

The first game you run must be vertical orientation which fits the example of s1945iii Tourniquet has listed. Once you select New Machine and choose a raster game you'll hit the error message.
User avatar
No.12572
B2K24
Senior Tester
May 1, 2016, 03:47
Actually the above statement about vertical is incorrect. It seems now any games selected will present the error regardless what they are.

http://imgur.com/yAVqd8X
User avatar
No.12574
Tourniquet
Developer
May 1, 2016, 07:58
It feels like a double-free, so the symptoms of when/where it crashes will be highly variable.

B2K24: Out of interest, what's your video? Intel? Or NV/ATi?
User avatar
No.12578
B2K24
Senior Tester
May 1, 2016, 18:42
I have a Nvidia GTX 970 with latest Driver installed here.
User avatar
No.12630
Tourniquet
Developer
May 6, 2016, 14:10
Possibly related to this - I get a similar stacktrace when attempting to use the artwork layout in conjunction with the bgfx chains on startup as per http://www.mameworld.info/ubbthreads/showflat.php?Cat=&Number=353114

C:\Projects\mame0173b_64bit>mame64.exe -video bgfx -view0 Vertical -bgfx_screen_chains "hlsl,pillarbox_left_vertical,pillarbox_right_vertical" s1945ii

-----------------------------------------------------
Exception at EIP=000000000176E937 (bgfx_chain::process(render_primitive*, int, int, texture_manager&, osd_window&, unsigned long long)+0x0137): ACCESS VIOLATION
While attempting to read memory at 00000000000002F0
-----------------------------------------------------
RAX=0000000000000000 RBX=0000000000000001 RCX=0000000000000000 RDX=0000000000000000
RSI=0000000000000003 RDI=000000000AA630A0 RBP=0000000008A17F60 RSP=0000000008A17EE0
 R8=0000000000000003 R9=0000000000000001 R10=0000000002EE3FC0 R11=0000000000000000
R12=000000000AA68740 R13=0000000000000007 R14=000000000AA24B00 R15=0000000008A18090
-----------------------------------------------------
Stack crawl:
  0000000008A17F80: 000000000176E937 (bgfx_chain::process(render_primitive*, int, int, texture_manager&, osd_window&, unsigned long long)+0x0137)
  0000000008A18140: 000000000173EBFA (chain_manager::process_screen_quad(unsigned int, unsigned int, render_primitive*, osd_window&)+0x02aa)
  0000000008A18220: 0000000001743389 (chain_manager::handle_screen_chains(unsigned int, render_primitive*, osd_window&)+0x0149)
  0000000008A18350: 0000000001737A8D (renderer_bgfx::draw(int)+0x013d)
  0000000008A183B0: 00000000017169D7 (win_window_info::draw_video_contents(HDC__*, int)+0x0057)
  0000000008A184A0: 000000000171AA02 (win_window_info::video_window_proc(HWND__*, unsigned int, unsigned long long, long long)+0x08f2)
  0000000008A184D0: 000000000171C0ED (winwindow_video_window_proc_ui(HWND__*, unsigned int, unsigned long long, long long)+0x000d)
  0000000008A185C0: 00007FFB23261169 (DispatchMessageW+0x0689)
  0000000008A18620: 00007FFB23260EE2 (DispatchMessageW+0x0402)
  0000000008A18680: 00007FFB2327098E (GetMenuItemInfoW+0x076e)
  0000000008A18708: 00007FFB25208B94 (KiUserCallbackDispatcher+0x0024)
  0000000008A18710: 00007FFB23281F94 (InvalidateRect+0x0074)
  0000000008A187A0: 00007FFB23260804 (SendMessageW+0x02a4)
  0000000008A18800: 00007FFB2326065B (SendMessageW+0x00fb)
  0000000008A18850: 0000000001716486 (win_window_info::update()+0x0126)
  0000000008A188A0: 000000000171573F (windows_osd_interface::update(bool)+0x004f)
  0000000008A18930: 0000000002A2E265 (video_manager::frame_update(bool)+0x00b5)
  0000000008A18990: 0000000002A0FB60 (screen_device::vblank_begin()+0x02a0)
  0000000008A18A00: 0000000002A102B5 (screen_device::device_timer(emu_timer&, unsigned int, int, void*)+0x0275)
  0000000008A18AA0: 0000000002A09026 (device_scheduler::timeslice()+0x0466)
  0000000008A18B00: 00000000029D3088 (running_machine::run(bool)+0x0138)
  0000000008A1F4F0: 000000000178F2FA (mame_machine_manager::execute()+0x015a)
  0000000008A1F960: 000000000180A9D2 (cli_frontend::execute(int, char**)+0x1092)
  0000000008A1F9D0: 000000000178E555 (emulator_info::start_frontend(emu_options&, osd_interface&, int, char**)+0x0035)
  0000000008A1FDF0: 00000000016F1834 (utf8_main(int, char**)+0x0124)
  0000000008A1FE50: 0000000002E9085F (wmain+0x007f)
  0000000008A1FF20: 000000000040140C (__tmainCRTStartup+0x025c)
  0000000008A1FF50: 000000000040153B (mainCRTStartup+0x001b)
  0000000008A1FF80: 00007FFB22A58102 (BaseThreadInitThunk+0x0022)
  0000000008A1FFD0: 00007FFB251BC5B4 (RtlUserThreadStart+0x0034)
User avatar
No.12690
Tourniquet
Developer
May 21, 2016, 10:00
These crashes are no longer happening for me with local builds from master or Tafoid's nightlies.
They do still happen with the 0.173 release build, and were happening with local builds from that time...
User avatar
No.12692
Jezze
Developer
May 21, 2016, 12:17
I still can reproduce this issue with the latest github/master build (make -j2 SUBTARGET=nl DEBUG=1 SYMBOLS=1).

But it happens very rarely and not always on the first new machine selection.

1. mamenl64d.exe -window -video bgfx (without mame.ini)
2. load pong
3. select new machine and load 1942
4. repeat 2 and 3 until it crashes

The console output does not provide any usefull stack trace information, only:

terminate called after throwing an instance of 'std::bad_alloc'
  what(): std::bad_alloc

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
User avatar
No.12693
Jezze
Developer
May 21, 2016, 12:57
I've got some more information from a MSVC build

f:\mame\3rdparty\bgfx\src\bgfx_p.h (2134): BGFX WARN Frame buffer resolution width or height cannot be 0 (width 0, height 0).
Ausnahme ausgelöst bei 0x765FDAE8 in mamenld.exe: Microsoft C++-Ausnahme: std::bad_alloc bei Speicherort 0x00188E48.
Ausnahme ausgelöst bei 0x765FDAE8 in mamenld.exe: Microsoft C++-Ausnahme: std::bad_alloc bei Speicherort 0x0018870C.
Ausnahme ausgelöst bei 0x765FDAE8 in mamenld.exe: Microsoft C++-Ausnahme: [rethrow] bei Speicherort 0x00000000.
Debug Error!

Program: ...ild\projects\windows\mamenl\vs2015\..\..\..\..\..\mamenld.exe

abort() has been called

(Press Retry to debug the application)
Der Thread 0x1b28 hat mit Code 3 (0x3) geendet.
Der Thread 0x2c10 hat mit Code 3 (0x3) geendet.
Der Thread 0x23dc hat mit Code 3 (0x3) geendet.
Der Thread 0x32c0 hat mit Code 3 (0x3) geendet.
Der Thread 0x6cc hat mit Code 3 (0x3) geendet.
Der Thread 0x2c4c hat mit Code 3 (0x3) geendet.
Der Thread 0x10c0 hat mit Code 3 (0x3) geendet.
Der Thread 0x1b70 hat mit Code 3 (0x3) geendet.
Der Thread 0x2fec hat mit Code 3 (0x3) geendet.
Der Thread 0x1bb4 hat mit Code 3 (0x3) geendet.
Der Thread 0xed8 hat mit Code 3 (0x3) geendet.
Der Thread 0x710 hat mit Code 3 (0x3) geendet.
Der Thread 0x1808 hat mit Code 3 (0x3) geendet.
User avatar
No.12702
Tourniquet
Developer
May 21, 2016, 22:06
edited on: May 21, 2016, 22:40
So I repro'd in an MSVC build too.

It's a crash inside ~bgfx_chain(), destroying the list of bgfx_target.
The bgfx_target.m_name is corrupt/invalid, though the rest of the class looks legit.

<Tourniquet> in the bgfx_chain constructor things all look good. In the destructor the bgfx_target's m_name looks kaput.
<Tourniquet> Actually, it looks like an ownership problem - the chain_manager seems to own the 'targets', but then the bgfx_chain takes a copy of the ptr and tries to destruct it.
<Tourniquet> Maybe there should be some deep copying or shared_ptrs going on ?
User avatar
No.12719
Tourniquet
Developer
May 26, 2016, 20:23
Fixed by MooglyGuy in https://github.com/mamedev/mame/commit/1f1ccd9b7d14d84a13d3950c2de7dfa3afaef638