Viewing Issue Advanced Details
Jump to Notes ]
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
07525 Crash/Freeze Major Always Dec 20, 2019, 03:59 Dec 22, 2019, 09:25
Tester GeorgeMcMullen View Status Public Platform MAME (Self-compiled)
Assigned To Resolution Invalid report OS Other
Status [?] Closed Driver
Version 0.216 Fixed in Version Build 32-bit
Fixed in Git Commit Github Pull Request #
Summary 07525: Raspberry Pi (RetroPie): MAME Crashes when used with Arduino based joystick controller
Description Hello,

I've got a Raspberry Pi 3B running RetroPie 4.5.1 on Raspbian Stretch and I am compiling MAME v0.216 on it. Attached to it is the Pimoroni Picade, which is an Arduino Leonardo based joystick controller. When attempting to use it with MAME v0.216, MAME will consistently crash on the 5th button press event. More precisely, it crashes on the 9th joystick event (button down and button up are two separate events). So far I've found that having a second joystick or keyboard connected via USB will SOMETIMES prevent the crash from occurring. I've also found that using "-joystickprovider none" will prevent the crash from occurring, but then I can't use any other joysticks. The Picade can be configured as both a keyboard or a joystick. Using the Picade in keyboard mode (with "-joystickprovider none") works fine.

This is the error message I get:

     *** Error in `./mame': free(): invalid pointer: 0x0cb8c8c0 ***

When traced through GDB is as follows:

     #5 0x04bde09c in event_based_device<SDL_Event>::poll() ()

See below for a crash log. I traced the crash to src/osd/modules/input/input_common.h line 270 (https://github.com/mamedev/mame/blob/d4285be9009172fe54aacaf0ea4ce905607567b3/src/osd/modules/input/input_common.h#L282), which is as follows:

     m_event_queue.pop();

The variable m_event_queue is private to this class and is only accessed within two methods within this class, both which use a scope_lock mutex to make sure nothing is getting popped/pushed at the same time. I've put in extra debugging lines to check that the queue is not empty and MAME still crashes even though there is still an event in the queue to pop.

I also print out the address for the queue and the event at the front of the queue. Interestingly, the memory address given in the crash message is not the same as the address of the queue or the event at the front of the queue.

     poll(): ArduinoLLCArduinoLeonardo (Queue address: 0xcb8c66c) (Event address: 0xcb8ca80)
     *** Error in `./mame': free(): invalid pointer: 0x0cb8c8c0 ***

I found a couple of other issues on GitHub that seem to be related, but don't seem to have the same cause as this issue:
     https://github.com/mamedev/mame/issues/5253
     https://github.com/mamedev/mame/issues/4981

I've actually been experiencing the issue for quite some time (since perhaps v0.200), but have only just started to be able to look into it.

Any pointers (no pun intended) on further troubleshooting are appreciated. Thanks!

- George

---Edited to clarify that I am compiling the binary myself using v0.216 source code
Steps To Reproduce
Additional Information GDB Backtrace

Thread 1 "mame" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) where
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x759ac824 in __GI_abort () at abort.c:89
#2 0x759e5f78 in __libc_message (do_abort=do_abort@entry=2, fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:175
#3 0x759ecad4 in malloc_printerr (action=<optimized out>, str=0x75a9f040 "free(): invalid pointer", ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5049
#4 0x759ed514 in _int_free (av=0x75abb794 <main_arena>, p=0xc0c20c0, have_lock=<optimized out>) at malloc.c:3905
#5 0x04bde09c in event_based_device<SDL_Event>::poll() ()
#6 0x04b74e28 in sdl_osd_interface::poll_inputs(running_machine&) ()
#7 0x04b6acd4 in sdl_osd_interface::update(bool) ()
#8 0x07f8b61c in video_manager::frame_update(bool) ()
#9 0x07f052c8 in running_machine::run(bool) ()
#10 0x04c4ba18 in mame_machine_manager::execute() ()
#11 0x04cc95d8 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) ()
#12 0x04cc97f0 in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) ()
#13 0x04c49d3c in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) ()
#14 0x01099508 in main ()
Github Commit
Flags
Regression Version
Affected Sets / Systems Raspberry Pi (RetroPie)
Attached Files
  
Relationships
There are no relationship linked to this issue.
Notes
5
User avatar
No.17284
Stiletto
Developer
Dec 20, 2019, 06:15
 Er, RetroPie? That ships with "mame2003" and "mame4all" RetroArch cores and the like? That's not supported here.
The only libretro core that might be supported is "mame" and according to RetroPie's github, that RetroArch core does not ship with it.
But in general, RetroArch/Libretro modifies MAME and tries to keep old versions running (ie. "mame2003" etc.).

In general, MAMEdev will not support old versions.

Now, if you compiled your own MAME 0.216 for Pi2/Pi3, or downloaded a pre-built package, we -might- support that.
User avatar
No.17285
GeorgeMcMullen
Tester
Dec 20, 2019, 13:14
 You are correct. That is a crucial detail I did not mention. Thanks.

I am in fact compiling the latest version of MAME (v0.216) for Raspberry Pi, and thus, the issues I see are for the most recent source code. I've actually experienced this issue for several versions (perhaps as early as v0.200), though I've only just been able to start to debug it. I will edit the ticket appropriately.
User avatar
No.17286
GeorgeMcMullen
Tester
Dec 20, 2019, 13:22
 I did some additional logging in the code and have found that the address that is mentioned in the crash message ( *** Error in `./mame': free(): invalid pointer: ...) is actually the address for the first event that is triggered by the joystick. Also, I checked that TEvent and SDL_Event both have a sizeof 56. When I subtract the address of the last event that MAME is trying to pop and the address in the crash message, I get 448, which is 56 * 8.

Seems like when the Pop is being performed, it may not automatically attempt to free the address, but when it tries later on, the address may have been freed by some other mechanism. Just a guess at this point though.
User avatar
No.17287
Tafoid
Administrator
Dec 20, 2019, 15:38
 Not sure of a way to test this. I'll simple mark acknowledged and hope that something can get figured out.
User avatar
No.17290
Fujix
Administrator
Dec 22, 2019, 09:24
edited on: Dec 23, 2019, 10:33
 I think RetroPie depends on HID interface on its original OS, we should not accept this report.
btw I'm working on my RetroPie and my bluetooth controller works in the GUI not in a game, I think this could be a problem of RetroArch or something like that, not MAME itself.