Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
08505 Misc. Critical (emulator) Always Nov 5, 2022, 12:21 11 days ago
Tester Wampa View Status Public Platform MAME (Self-compiled)
Assigned To Resolution Open OS Linux (64-bit)
Status [?] Confirmed Driver
Version 0.249 Fixed in Version Build 64-bit
Fixed in Git Commit Github Pull Request #
Summary 08505: eggventr: Segfault on startup
Description I have tested as far back as 0.245 and I see the same result. Possible it's an nVidia library issue, but no other systems are currently affected. From the dumped core I see:

```
[New LWP 523127]
[New LWP 523124]
[New LWP 523128]
[New LWP 523129]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `mame.bin -uifont ui/ui.bdf eggventr'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f51884664e4 in ?? () from /lib/x86_64-linux-gnu/libnvidia-glcore.so.470.141.03
[Current thread is 1 (Thread 0x7f5183bd3700 (LWP 523127))]
(gdb) bt
#0 0x00007f51884664e4 in ?? () from /lib/x86_64-linux-gnu/libnvidia-glcore.so.470.141.03
#1 0x00007f518844aaac in ?? () from /lib/x86_64-linux-gnu/libnvidia-glcore.so.470.141.03
#2 0x0000556dd9e8535f in ?? ()
#3 0x0000556dd9e94884 in ?? ()
#4 0x0000556dd9e628b5 in ?? ()
#5 0x0000556dd9e6c866 in ?? ()
#6 0x0000556dd9f14e43 in ?? ()
#7 0x00007f518ed12609 in start_thread (arg=<optimised out>) at pthread_create.c:477
#8 0x00007f518d335133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb)
```
Steps To Reproduce Start eggventr:

mame eggventr
Additional Information
Github Commit
Flags
Regression Version
Affected Sets / Systems eggventr
Attached Files
 
Relationships
There are no relationship linked to this issue.
Notes
9
User avatar
No.20756
Firewave
Senior Tester
31 days ago
edited on: 31 days ago
0.249 on Linux reports:

==7051==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fd263aa7068 at pc 0x7fd2ca2f9de4 bp 0x7fd27af3f790 sp 0x7fd27af3ef58
READ of size 1402 at 0x7fd263aa7068 thread T2
    #0 0x7fd2ca2f9de3 in memcpy (/mnt/s/GitHub/mame/mame+0x24d79de3) (BuildId: e793b6d6aa7d9772)
    #1 0x7fd284a3b339  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0x9b339) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #2 0x7fd284bad05a  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0x20d05a) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #3 0x7fd2849fd403  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0x5d403) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #4 0x7fd284a008e3  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0x608e3) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #5 0x7fd284a03ed4  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0x63ed4) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #6 0x7fd2849f66f5  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0x566f5) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #7 0x7fd284a8dd95  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0xedd95) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #8 0x7fd284a8e013  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0xee013) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #9 0x7fd284a81796  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0xe1796) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #10 0x7fd2a36e7849 in start_thread nptl/./nptl/pthread_create.c:442:8
    #11 0x7fd2a376a52f in __clone misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:100

0x7fd263aa7068 is located 0 bytes to the right of 282728-byte region [0x7fd263a62000,0x7fd263aa7068)
allocated by thread T1 here:
    #0 0x7fd2ca363557 in posix_memalign (/mnt/s/GitHub/mame/mame+0x24de3557) (BuildId: e793b6d6aa7d9772)
    #1 0x7fd284bfe14f  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0x25e14f) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)

Thread T2 created by T1 here:
    #0 0x7fd2ca34be5c in pthread_create (/mnt/s/GitHub/mame/mame+0x24dcbe5c) (BuildId: e793b6d6aa7d9772)
    #1 0x7fd284a8199f  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0xe199f) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)

Thread T1 created by T0 here:
    #0 0x7fd2ca34be5c in pthread_create (/mnt/s/GitHub/mame/mame+0x24dcbe5c) (BuildId: e793b6d6aa7d9772)
    #1 0x7fd2f3b4df1b in bx::Thread::init(int (*)(bx::Thread*, void*), void*, unsigned int, char const*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bx/src/thread.cpp:181:12
    #2 0x7fd2f38f29d8 in bgfx::Context::init(bgfx::Init const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/bgfx.cpp:1919:13
    #3 0x7fd2f38fea36 in bgfx::init(bgfx::Init const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/bgfx.cpp:3538:14
    #4 0x7fd2f0afe7fd in renderer_bgfx::init_bgfx_library() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawbgfx.cpp:196:2
    #5 0x7fd2f0aff59c in renderer_bgfx::create() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawbgfx.cpp:311:3
    #6 0x7fd2f0c029ab in sdl_window_info::complete_create() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:853:17
    #7 0x7fd2f0c0593a in sdl_window_info::window_init() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:446:15
    #8 0x7fd2f0a2c2b0 in sdl_osd_interface::video_init() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/video.cpp:79:12
    #9 0x7fd2f095df0f in osd_common_t::init_subsystems() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/lib/osdobj_common.cpp:665:7
    #10 0x7fd2f095171e in sdl_osd_interface::init(running_machine&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:483:16
    #11 0x7fd2f06556fc in running_machine::start() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:151:18
    #12 0x7fd2f065904c in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:281:3
    #13 0x7fd2e876905f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #14 0x7fd2e9b203d6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #15 0x7fd2e9b23f1f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #16 0x7fd2e876de3f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #17 0x7fd2f094f4ab in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #18 0x7fd2a3689209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: heap-buffer-overflow (/mnt/s/GitHub/mame/mame+0x24d79de3) (BuildId: e793b6d6aa7d9772) in memcpy
Shadow bytes around the buggy address:
  0x0ffacc74cdb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffacc74cdc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffacc74cdd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffacc74cde0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffacc74cdf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ffacc74ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00[fa]fa fa
  0x0ffacc74ce10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ffacc74ce20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ffacc74ce30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ffacc74ce40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ffacc74ce50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
User avatar
No.20757
Firewave
Senior Tester
31 days ago
edited on: 31 days ago
It does not happen with "-video none", "-video soft" or "-video opengl" so this might indicate a bgfx or graphics driver issue.
User avatar
No.20759
Firewave
Senior Tester
31 days ago
Also occurs with "genesis -cart xinqig1":
=6227==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f2ebfbfb000 at pc 0x7f2f2d0bc374 bp 0x7f2edc95f790 sp 0x7f2edc95ef58
READ of size 2048 at 0x7f2ebfbfb000 thread T2
    #0 0x7f2f2d0bc373 in memcpy (/mnt/s/GitHub/mame/mame+0x24d7a373) (BuildId: 7b7aeda5846ab501)
    #1 0x7f2ee5e3b339  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0x9b339) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #2 0x7f2ee5fad05a  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0x20d05a) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #3 0x7f2ee5dfd403  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0x5d403) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #4 0x7f2ee5e008e3  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0x608e3) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #5 0x7f2ee5e03ed4  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0x63ed4) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #6 0x7f2ee5df66f5  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0x566f5) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #7 0x7f2ee5e8dd95  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0xedd95) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #8 0x7f2ee5e8e013  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0xee013) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #9 0x7f2ee5e81796  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0xe1796) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)
    #10 0x7f2f064b7849 in start_thread nptl/./nptl/pthread_create.c:442:8
    #11 0x7f2f0653a52f in __clone misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:100

0x7f2ebfbfb000 is located 0 bytes to the right of 430080-byte region [0x7f2ebfb92000,0x7f2ebfbfb000)
allocated by thread T1 here:
    #0 0x7f2f2d125ae7 in posix_memalign (/mnt/s/GitHub/mame/mame+0x24de3ae7) (BuildId: 7b7aeda5846ab501)
    #1 0x7f2ee5ffe14f  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0x25e14f) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)

Thread T2 created by T1 here:
    #0 0x7f2f2d10e3ec in pthread_create (/mnt/s/GitHub/mame/mame+0x24dcc3ec) (BuildId: 7b7aeda5846ab501)
    #1 0x7f2ee5e8199f  (/usr/lib/x86_64-linux-gnu/libvulkan_lvp.so+0xe199f) (BuildId: 99445f14bee7b60ff39e9452caf6b3f3f586179b)

Thread T1 created by T0 here:
    #0 0x7f2f2d10e3ec in pthread_create (/mnt/s/GitHub/mame/mame+0x24dcc3ec) (BuildId: 7b7aeda5846ab501)
    #1 0x7f2f56910b6b in bx::Thread::init(int (*)(bx::Thread*, void*), void*, unsigned int, char const*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bx/src/thread.cpp:181:12
    #2 0x7f2f566b5628 in bgfx::Context::init(bgfx::Init const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/bgfx.cpp:1919:13
    #3 0x7f2f566c1686 in bgfx::init(bgfx::Init const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/bgfx.cpp:3538:14
    #4 0x7f2f538c144d in renderer_bgfx::init_bgfx_library() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawbgfx.cpp:196:2
    #5 0x7f2f538c21ec in renderer_bgfx::create() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawbgfx.cpp:311:3
    #6 0x7f2f539c55fb in sdl_window_info::complete_create() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:853:17
    #7 0x7f2f539c858a in sdl_window_info::window_init() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:446:15
    #8 0x7f2f537eef00 in sdl_osd_interface::video_init() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/video.cpp:79:12
    #9 0x7f2f53720b5f in osd_common_t::init_subsystems() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/lib/osdobj_common.cpp:665:7
    #10 0x7f2f5371436e in sdl_osd_interface::init(running_machine&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:483:16
    #11 0x7f2f5341834c in running_machine::start() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:151:18
    #12 0x7f2f5341bc9c in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:281:3
    #13 0x7f2f4b52bcaf in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #14 0x7f2f4c8e3026 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #15 0x7f2f4c8e6b6f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #16 0x7f2f4b530a8f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #17 0x7f2f537120fb in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #18 0x7f2f06459209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: heap-buffer-overflow (/mnt/s/GitHub/mame/mame+0x24d7a373) (BuildId: 7b7aeda5846ab501) in memcpy
Shadow bytes around the buggy address:
  0x0fe657f775b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe657f775c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe657f775d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe657f775e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe657f775f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fe657f77600:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe657f77610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe657f77620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe657f77630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe657f77640: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe657f77650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
User avatar
No.20761
Firewave
Senior Tester
31 days ago
"eggventr -video bgfx -bgfx_backend opengl" also fails:
==7184==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fbefc6b6878 at pc 0x7fbf5f747de4 bp 0x7fbf1c6bef70 sp 0x7fbf1c6be738
READ of size 1402 at 0x7fbefc6b6878 thread T1
    #0 0x7fbf5f747de3 in memcpy (/mnt/s/GitHub/mame/mame+0x24d79de3) (BuildId: e793b6d6aa7d9772)
    #1 0x7fbf19375e19  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x105e19) (BuildId: 4e95adf66021ab275c019c57d5b8d98b6ce8c35d)
    #2 0x7fbf1986d43a  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x5fd43a) (BuildId: 4e95adf66021ab275c019c57d5b8d98b6ce8c35d)
    #3 0x7fbf19da2dce  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0xb32dce) (BuildId: 4e95adf66021ab275c019c57d5b8d98b6ce8c35d)
    #4 0x7fbf193e1e39  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x171e39) (BuildId: 4e95adf66021ab275c019c57d5b8d98b6ce8c35d)
    #5 0x7fbf193a3ffc  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x133ffc) (BuildId: 4e95adf66021ab275c019c57d5b8d98b6ce8c35d)
    #6 0x7fbf193a737c  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x13737c) (BuildId: 4e95adf66021ab275c019c57d5b8d98b6ce8c35d)
    #7 0x7fbf193ad987  (/usr/lib/x86_64-linux-gnu/dri/swrast_dri.so+0x13d987) (BuildId: 4e95adf66021ab275c019c57d5b8d98b6ce8c35d)
    #8 0x7fbf88da45e5 in texSubImage /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/renderer_gl.cpp:1354:4
    #9 0x7fbf88da45e5 in bgfx::gl::TextureGL::update(unsigned char, unsigned char, bgfx::Rect const&, unsigned short, unsigned short, unsigned short, bgfx::Memory const*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/renderer_gl.cpp:5759:4
    #10 0x7fbf88ddb7ea in bgfx::gl::RendererContextGL::updateTexture(bgfx::TextureHandle, unsigned char, unsigned char, bgfx::Rect const&, unsigned short, unsigned short, unsigned short, bgfx::Memory const*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/renderer_gl.cpp:3297:28
    #11 0x7fbf88d4b241 in bgfx::Context::flushTextureUpdateBatch(bgfx::CommandBuffer&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/bgfx.cpp:2561:18
    #12 0x7fbf88d49adc in bgfx::Context::rendererExecCommands(bgfx::CommandBuffer&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/bgfx.cpp:3349:3
    #13 0x7fbf88d3f45e in bgfx::Context::renderFrame(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/bgfx.cpp:2431:5
    #14 0x7fbf88d3f343 in bgfx::renderFrame(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/bgfx.cpp:1475:38
    #15 0x7fbf88d65c09 in bgfx::Context::renderThread(bx::Thread*, void*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/bgfx_p.h:3012:35
    #16 0x7fbf88f9b480 in bx::Thread::entry() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bx/src/thread.cpp:325:20
    #17 0x7fbf88f9b334 in bx::ThreadInternal::threadFunc(void*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bx/src/thread.cpp:92:20
    #18 0x7fbf38b37849 in start_thread nptl/./nptl/pthread_create.c:442:8
    #19 0x7fbf38bba52f in __clone misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:100

0x7fbefc6b6878 is located 0 bytes to the right of 282744-byte region [0x7fbefc671800,0x7fbefc6b6878)
allocated by thread T0 here:
    #0 0x7fbf5f7b09de in malloc (/mnt/s/GitHub/mame/mame+0x24de29de) (BuildId: e793b6d6aa7d9772)
    #1 0x7fbf88d8b875 in bgfx::AllocatorStub::realloc(void*, unsigned long, unsigned long, char const*, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/bgfx.cpp:215:13
    #2 0x7fbf88d32cc1 in alloc /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bx/include/bx/inline/allocator.inl:37:22
    #3 0x7fbf88d32cc1 in bgfx::alloc(unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/bgfx.cpp:4014:26
    #4 0x7fbf88d4ec16 in bgfx::copy(void const*, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/bgfx.cpp:4023:23
    #5 0x7fbf85f83281 in bgfx_util::mame_texture_data_to_bgfx_texture_data(bgfx::TextureFormat::Enum&, unsigned int, int, int, rgb_t const*, void*, unsigned short&, int&, int&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/bgfxutil.cpp
    #6 0x7fbf85f8d205 in chain_manager::update_screen_textures(unsigned int, render_primitive*, osd_window&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/bgfx/chainmanager.cpp:483:29
    #7 0x7fbf85f5f55e in renderer_bgfx::draw(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawbgfx.cpp:875:35
    #8 0x7fbf86056b9e in sdl_window_info::update() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:627:17
    #9 0x7fbf85e7d6e3 in sdl_osd_interface::update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/video.cpp:108:12
    #10 0x7fbf85d3003d in video_manager::frame_update(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/video.cpp:238:18
    #11 0x7fbf85c26f28 in screen_device::vblank_begin(int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/screen.cpp:1646:21
    #12 0x7fbf85c0fa64 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #13 0x7fbf85c0fa64 in device_scheduler::execute_timers() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:951:5
    #14 0x7fbf85c0a9a8 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:505:2
    #15 0x7fbf85aa7417 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17
    #16 0x7fbf7dbb705f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #17 0x7fbf7ef6e3d6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #18 0x7fbf7ef71f1f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #19 0x7fbf7dbbbe3f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #20 0x7fbf85d9d4ab in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #21 0x7fbf38ad9209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

Thread T1 created by T0 here:
    #0 0x7fbf5f799e5c in pthread_create (/mnt/s/GitHub/mame/mame+0x24dcbe5c) (BuildId: e793b6d6aa7d9772)
    #1 0x7fbf88f9bf1b in bx::Thread::init(int (*)(bx::Thread*, void*), void*, unsigned int, char const*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bx/src/thread.cpp:181:12
    #2 0x7fbf88d409d8 in bgfx::Context::init(bgfx::Init const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/bgfx.cpp:1919:13
    #3 0x7fbf88d4ca36 in bgfx::init(bgfx::Init const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../3rdparty/bgfx/src/bgfx.cpp:3538:14
    #4 0x7fbf85f4c7fd in renderer_bgfx::init_bgfx_library() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawbgfx.cpp:196:2
    #5 0x7fbf85f4d59c in renderer_bgfx::create() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/render/drawbgfx.cpp:311:3
    #6 0x7fbf860509ab in sdl_window_info::complete_create() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:853:17
    #7 0x7fbf8605393a in sdl_window_info::window_init() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/window.cpp:446:15
    #8 0x7fbf85e7a2b0 in sdl_osd_interface::video_init() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/video.cpp:79:12
    #9 0x7fbf85dabf0f in osd_common_t::init_subsystems() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/modules/lib/osdobj_common.cpp:665:7
    #10 0x7fbf85d9f71e in sdl_osd_interface::init(running_machine&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:483:16
    #11 0x7fbf85aa36fc in running_machine::start() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:151:18
    #12 0x7fbf85aa704c in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:281:3
    #13 0x7fbf7dbb705f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #14 0x7fbf7ef6e3d6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #15 0x7fbf7ef71f1f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #16 0x7fbf7dbbbe3f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #17 0x7fbf85d9d4ab in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #18 0x7fbf38ad9209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: heap-buffer-overflow (/mnt/s/GitHub/mame/mame+0x24d79de3) (BuildId: e793b6d6aa7d9772) in memcpy
Shadow bytes around the buggy address:
  0x0ff85f8cecb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff85f8cecc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff85f8cecd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff85f8cece0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff85f8cecf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff85f8ced00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[fa]
  0x0ff85f8ced10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff85f8ced20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff85f8ced30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff85f8ced40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff85f8ced50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
User avatar
No.20763
Firewave
Senior Tester
31 days ago
edited on: 31 days ago
"genesis -cart xinqig1 -video bgfx -bgfx_backend opengl" does not experience the issue.
User avatar
No.20777
Wampa
Tester
31 days ago
Closing this down as apparently I'm too fscking stupid to have an understanding of every Vulkan issue related to MAME, despite explicitly stating a related point in the OP.

Oh Muy, what a Googley I dropped.

For any future readers: apparently Vulkan is as "dogshite" as the Khronos Group itself.
User avatar
No.20778
Firewave
Senior Tester
31 days ago
Don't believe the hype. It does not look like a Vulkan-related issue and also not like a vendor-specific one since I can reproduce it with the swrast and lavapipe software drivers. I will do some more tests in the coming days to find more affected sets and how to get detailed information about what it is trying to draw.
User avatar
No.20828
Firewave
Senior Tester
22 days ago
See also https://github.com/mamedev/mame/issues/8563
User avatar
No.20860
Firewave
Senior Tester
11 days ago
edited on: 8 days ago
Running "eggventr -video bgfx -bgfx_backend opengl" with 0.249 within valgrind reports (related debian package: libgl1-mesa-dri 22.2.0-1):
==30441== Invalid read of size 2
==30441==    at 0x11AE6600: memcpy@GLIBC_2.2.5 (vg_replace_strmem.c:1134)
==30441==    by 0x1DB07E19: UnknownInlinedFun (string_fortified.h:29)
==30441==    by 0x1DB07E19: util_copy_rect (u_format.c:89)
==30441==    by 0x1DFFF43A: util_copy_box (u_surface.c:78)
==30441==    by 0x1E534DCE: u_default_texture_subdata (u_transfer.c:103)
==30441==    by 0x1DB73E39: st_TexSubImage (st_cb_texture.c:1946)
==30441==    by 0x1DB35FFC: texture_sub_image (teximage.c:3564)
==30441==    by 0x1DB3937C: texsubimage_err (teximage.c:3622)
==30441==    by 0x1DB3F987: _mesa_TexSubImage2D (teximage.c:3844)
==30441==    by 0xED3C76F: texSubImage (../../../../../3rdparty/bgfx/src/renderer_gl.cpp:1354)
==30441==    by 0xED3C76F: bgfx::gl::TextureGL::update(unsigned char, unsigned char, bgfx::Rect const&, unsigned short, unsigned short, unsigned short, bgfx::Memory const*) (???:5759)
==30441==    by 0xED492B3: bgfx::gl::RendererContextGL::updateTexture(bgfx::TextureHandle, unsigned char, unsigned char, bgfx::Rect const&, unsigned short, unsigned short, unsigned short, bgfx::Memory const*) (../../../../../3rdparty/bgfx/src/renderer_gl.cpp:3297)
==30441==    by 0xED2123C: bgfx::Context::flushTextureUpdateBatch(bgfx::CommandBuffer&) (../../../../../3rdparty/bgfx/src/bgfx.cpp:2561)
==30441==    by 0xED20DF0: bgfx::Context::rendererExecCommands(bgfx::CommandBuffer&) (../../../../../3rdparty/bgfx/src/bgfx.cpp:3349)
==30441==    by 0xED1DDE5: bgfx::Context::renderFrame(int) (../../../../../3rdparty/bgfx/src/bgfx.cpp:2431)
==30441==    by 0xED1DC8B: bgfx::renderFrame(int) (../../../../../3rdparty/bgfx/src/bgfx.cpp:1475)
==30441==    by 0xED2CE69: bgfx::Context::renderThread(bx::Thread*, void*) (bgfx_p.h:3012)
==30441==    by 0xEDB6403: entry (../../../../../3rdparty/bx/src/thread.cpp:325)
==30441==    by 0xEDB6403: bx::ThreadInternal::threadFunc(void*) (???:92)
==30441==    by 0x137B4FD3: start_thread (pthread_create.c:442)
==30441==    by 0x1383480F: clone (clone.S:100)
==30441==  Address 0x3d3c1618 is 0 bytes after a block of size 282,744 alloc'd
==30441==    at 0x11ADF79B: malloc (vg_replace_malloc.c:393)
==30441==    by 0xED365D1: bgfx::AllocatorStub::realloc(void*, unsigned long, unsigned long, char const*, unsigned int) (../../../../../3rdparty/bgfx/src/bgfx.cpp:215)
==30441==    by 0xED229DE: alloc (allocator.inl:37)
==30441==    by 0xED229DE: alloc (???:4014)
==30441==    by 0xED229DE: bgfx::copy(void const*, unsigned int) (???:4023)
==30441==    by 0xE4012E1: bgfx_util::mame_texture_data_to_bgfx_texture_data(bgfx::TextureFormat::Enum&, unsigned int, int, int, rgb_t const*, void*, unsigned short&, int&, int&) (../../../../../src/osd/modules/render/bgfxutil.cpp:0)
==30441==    by 0xE40617C: chain_manager::update_screen_textures(unsigned int, render_primitive*, osd_window&) (../../../../../src/osd/modules/render/bgfx/chainmanager.cpp:488)
==30441==    by 0xE3F8C8C: renderer_bgfx::draw(int) (../../../../../src/osd/modules/render/drawbgfx.cpp:875)
==30441==    by 0xE4447AA: sdl_window_info::update() (../../../../../src/osd/sdl/window.cpp:627)
==30441==    by 0xE3D3B2E: sdl_osd_interface::update(bool) (../../../../../src/osd/sdl/video.cpp:108)
==30441==    by 0xE38CF4E: video_manager::frame_update(bool) (../../../../../src/emu/video.cpp:238)
==30441==    by 0xE355C42: screen_device::vblank_begin(int) (../../../../../src/emu/screen.cpp:1646)
==30441==    by 0xE351039: operator() (delegate.h:765)
==30441==    by 0xE351039: device_scheduler::execute_timers() (???:951)
==30441==    by 0xE34FA8B: device_scheduler::timeslice() (../../../../../src/emu/schedule.cpp:505)
==30441==    by 0xE2F5147: running_machine::run(bool) (../../../../../src/emu/machine.cpp:329)
==30441==    by 0xCC25759: mame_machine_manager::execute() (../../../../../src/frontend/mame/mame.cpp:290)
==30441==    by 0xD27ACA8: cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) (../../../../../src/frontend/mame/clifront.cpp:275)
==30441==    by 0xD27BE5E: cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/clifront.cpp:291)
==30441==    by 0xCC2660A: emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) (../../../../../src/frontend/mame/mame.cpp:454)
==30441==    by 0xE3A3CEF: main (../../../../../src/osd/sdl/sdlmain.cpp:191)

Running "eggventr -video bgfx -bgfx_backend vulkan" with 0.249 within valgrind reports (related debian package: mesa-vulkan-drivers 22.2.0-1):
==30617== Invalid read of size 2
==30617==    at 0x11AE6600: memcpy@GLIBC_2.2.5 (vg_replace_strmem.c:1134)
==30617==    by 0x1E29D339: UnknownInlinedFun (string_fortified.h:29)
==30617==    by 0x1E29D339: util_copy_rect (u_format.c:89)
==30617==    by 0x1E40F05A: util_copy_box (u_surface.c:78)
==30617==    by 0x1E25F403: handle_copy_buffer_to_image.isra.0 (lvp_execute.c:2469)
==30617==    by 0x1E2628E3: lvp_execute_cmd_buffer (lvp_execute.c:3993)
==30617==    by 0x1E265ED4: lvp_execute_cmds (lvp_execute.c:4184)
==30617==    by 0x1E2586F5: lvp_queue_submit (lvp_device.c:1452)
==30617==    by 0x1E2586F5: lvp_queue_submit (lvp_device.c:1437)
==30617==    by 0x1E2EFD95: vk_queue_submit_final (vk_queue.c:377)
==30617==    by 0x1E2F0013: vk_queue_submit_thread_func (vk_queue.c:490)
==30617==    by 0x1E2E3796: impl_thrd_routine (threads_posix.c:67)
==30617==    by 0x137B4FD3: start_thread (pthread_create.c:442)
==30617==    by 0x1383480F: clone (clone.S:100)
==30617==  Address 0x406de068 is 0 bytes after a block of size 282,728 alloc'd
==30617==    at 0x11AE459B: memalign (vg_replace_malloc.c:1531)
==30617==    by 0x11AE46AB: posix_memalign (vg_replace_malloc.c:1703)
==30617==    by 0x1E46014F: UnknownInlinedFun (os_memory_aligned.h:58)
==30617==    by 0x1E46014F: llvmpipe_allocate_memory (lp_texture.c:960)
==30617==    by 0x1E25A3A0: lvp_AllocateMemory (lvp_device.c:1713)
==30617==    by 0xED6882A: allocateMemory (../../../../../3rdparty/bgfx/src/renderer_vk.cpp:4260)
==30617==    by 0xED6882A: bgfx::vk::RendererContextVK::createHostBuffer(unsigned int, unsigned int, VkBuffer_T**, VkDeviceMemory_T**, void const*) (???:4293)
==30617==    by 0xED55ECA: createStagingBuffer (../../../../../3rdparty/bgfx/src/renderer_vk.cpp:4337)
==30617==    by 0xED55ECA: bgfx::vk::TextureVK::update(VkCommandBuffer_T*, unsigned char, unsigned char, bgfx::Rect const&, unsigned short, unsigned short, unsigned short, bgfx::Memory const*) (???:6114)
==30617==    by 0xED6645A: bgfx::vk::RendererContextVK::updateTexture(bgfx::TextureHandle, unsigned char, unsigned char, bgfx::Rect const&, unsigned short, unsigned short, unsigned short, bgfx::Memory const*) (../../../../../3rdparty/bgfx/src/renderer_vk.cpp:2224)
==30617==    by 0xED2123C: bgfx::Context::flushTextureUpdateBatch(bgfx::CommandBuffer&) (../../../../../3rdparty/bgfx/src/bgfx.cpp:2561)
==30617==    by 0xED20DF0: bgfx::Context::rendererExecCommands(bgfx::CommandBuffer&) (../../../../../3rdparty/bgfx/src/bgfx.cpp:3349)
==30617==    by 0xED1DDE5: bgfx::Context::renderFrame(int) (../../../../../3rdparty/bgfx/src/bgfx.cpp:2431)
==30617==    by 0xED1DC8B: bgfx::renderFrame(int) (../../../../../3rdparty/bgfx/src/bgfx.cpp:1475)
==30617==    by 0xED2CE69: bgfx::Context::renderThread(bx::Thread*, void*) (bgfx_p.h:3012)
==30617==    by 0xEDB6403: entry (../../../../../3rdparty/bx/src/thread.cpp:325)
==30617==    by 0xEDB6403: bx::ThreadInternal::threadFunc(void*) (???:92)
==30617==    by 0x137B4FD3: start_thread (pthread_create.c:442)
==30617==    by 0x1383480F: clone (clone.S:100)

Although there are two different (software) drivers involved it looks like the issue might be the same.

I am wondering if this might be related to https://mametesters.org/view.php?id=8512. That other issue should be fixed first before investigating this any further.