02141: sunaq: At the Title, Game is Crash

ID	Category [?]	Severity [?]	Reproducibility	Date Submitted	Last Update
02141	Crash/Freeze	Critical (emulator)	Have not tried	Aug 21, 2008, 06:20	Jan 2, 2009, 04:15

Tester	hotcoke	View Status	Public	Platform	MAME (Official Binary)
Assigned To	aaron	Resolution	Fixed	OS	Windows XP/Vista 32-bit
Status [?]	Resolved			Driver	suna/suna16.cpp
Version	0.127	Fixed in Version	0.129	Build	Normal
		Fixed in Git Commit		Github Pull Request #

Summary	02141: sunaq: At the Title, Game is Crash
Description	At the Title, Game is Crash
Steps To Reproduce
Additional Information	it's windows specific: it doesn't happen on SDLMAME
Github Commit

Flags
Regression Version
Affected Sets / Systems	sunaq

Attached Files	crash_sunaq.jpg (102,196 bytes) Aug 21, 2008, 10:28

No.02147 etabeta Developer Aug 21, 2008, 06:54	I cannot reproduce this. I reach the title screen and then I can either let the attract sequence go as long as I want or start a game without any crash.
No.02148 john_iv Senior Tester Aug 21, 2008, 07:04	Repro in MameUI64. Launched game and then hit insert to unthrottle for 10 seconds or so.. then it access violated out.
No.02150 etabeta Developer Aug 21, 2008, 07:50	maybe it's then windows specific because I tried both debug and plain SDLMAME builds and I can run through 4 attract sequences without any problem
No.02151 Tafoid Administrator Aug 21, 2008, 08:25	I can crash it two ways on Windows 32-bit build from MAMEDEV: 1. Run game for 64 seconds (-str 64) and don't touch anything and a crash occurs. A game with -str 63 does not crash. 2. Begin emulation and anytime after the demonstration starts (Dog w/two boys) and I hit '5' to credit up, I get a crash.
No.02154 Robbbert Senior Tester Aug 21, 2008, 08:48 edited on: Aug 21, 2008, 08:49	I get EXACTLY the same as Tafoid. 32-bit build, self compiled, on XP 32-bit OS. The two crashes produce different information though.
No.02156 etabeta Developer Aug 21, 2008, 09:06	and both situations don't produce any crash on my mac with SDLMAME
No.02157 robiza Developer Aug 21, 2008, 10:31	add a snap: if instruction in 7c3e is executed the game crash register's values A0 and A1 are correct probably the problem is in the core
No.03461 Firewave Senior Tester Jan 2, 2009, 02:45	Backtrace of the -str 64 crash: Program received signal SIGSEGV, Segmentation fault. 0x009b469b in read_byte_generic (space=0x12ee1750, byteaddress=4208) at src/emu/memory.c:459 459 result = (handler->bankbaseptr)[byteoffset]; (gdb) bt full #0 0x009b469b in read_byte_generic (space=0x12ee1750, byteaddress=4208) at src/emu/memory.c:459 handler = (const handler_data ) 0x12f11030 byteoffset = 112 entry = 1 result = 0 ' Program received signal SIGSEGV, Segmentation fault. 0x009b469b in read_byte_generic (space=0x12ee1750, byteaddress=4208) at src/emu/memory.c:459 459 result = (handler->bankbaseptr)[byteoffset]; (gdb) bt full #0 0x009b469b in read_byte_generic (space=0x12ee1750, byteaddress=4208) at src/emu/memory.c:459 handler = (const handler_data ) 0x12f11030 byteoffset = 112 entry = 1 result = 0 '\0' #1 0x009b5f19 in memory_read_byte_8le (space=0x12ee1750, address=4208) at src/emu/memory.c:3692 No locals. #2 0x00c12fc4 in op_1a (z80=0x137a1734) at src/emu/cpu/z80/z80.c:2987 No locals. #3 0x00c17d50 in cpu_execute_z80 (device=0xade1f7d, cycles=994) at src/emu/cpu/z80/z80.c:3527 op = 26 z80 = (z80_state ) 0x137a1734 #4 0x009d9e71 in cpu_execute (device=0xade1f7d, cycles=994) at src/emu/cpuintrf.h:557 classheader = (cpu_class_header ) 0x137a2fd8 #5 0x009d95a7 in cpuexec_timeslice (machine=0xad61efc) at src/emu/cpuexec.c:276 delta = {seconds = 0, attoseconds = 165772663797032} classdata = (cpu_class_data ) 0x137a17a8 call_debugger = 0 global = (cpuexec_private ) 0x135f1efc target = {seconds = 63, attoseconds = 720497439075582372} base = {seconds = 63, attoseconds = 720330772408916372} cpu = (const device_config ) 0xade1f7d ran = 599 #6 0x009c765d in mame_execute (options=0x8071e58) at src/emu/mame.c:360 settingsloaded = 0 driver = (const game_driver ) 0x1e41960 machine = (running_machine ) 0xad61efc mame = (mame_private ) 0xad71f68 cb = (callback_item ) 0x8071e58 gamename = (astring ) 0xad61f00 exit_pending = 0 error = 0 firstgame = 0 firstrun = 0 #7 0x00bdb66c in cli_execute (argc=8, argv=0x7fb1fe0, osd_options=0x21ae990) at src/emu/clifront.c:171 options = (core_options ) 0x8071e58 gamename = (astring ) 0x8051f00 exename = (astring ) 0x8061f00 gamename_option = 0x80a1f08 "sunaq" driver = (const game_driver ) 0x1e41960 result = -1 #8 0x009618b8 in utf8_main (argc=8, argv=0x7fb1fe0) at src/osd/windows/winmain.c:257 ext = 0x28e86b8 ".map" #9 0x0123f599 in main (argc=8, a_argv=0x64527f0) at src/osd/windows/main.c:72 i = 8 rc = 2293624 utf8_argv = (char ) 0x7fb1fe0 argv = (TCHAR ) 0x64528f8 wenviron = (WCHAR *) 0x64550f8 startupinfo = -1 ' #1 0x009b5f19 in memory_read_byte_8le (space=0x12ee1750, address=4208) at src/emu/memory.c:3692 No locals. #2 0x00c12fc4 in op_1a (z80=0x137a1734) at src/emu/cpu/z80/z80.c:2987 No locals. #3 0x00c17d50 in cpu_execute_z80 (device=0xade1f7d, cycles=994) at src/emu/cpu/z80/z80.c:3527 op = 26 z80 = (z80_state ) 0x137a1734 #4 0x009d9e71 in cpu_execute (device=0xade1f7d, cycles=994) at src/emu/cpuintrf.h:557 classheader = (cpu_class_header ) 0x137a2fd8 #5 0x009d95a7 in cpuexec_timeslice (machine=0xad61efc) at src/emu/cpuexec.c:276 delta = {seconds = 0, attoseconds = 165772663797032} classdata = (cpu_class_data ) 0x137a17a8 call_debugger = 0 global = (cpuexec_private ) 0x135f1efc target = {seconds = 63, attoseconds = 720497439075582372} base = {seconds = 63, attoseconds = 720330772408916372} cpu = (const device_config ) 0xade1f7d ran = 599 #6 0x009c765d in mame_execute (options=0x8071e58) at src/emu/mame.c:360 settingsloaded = 0 driver = (const game_driver ) 0x1e41960 machine = (running_machine ) 0xad61efc mame = (mame_private ) 0xad71f68 cb = (callback_item ) 0x8071e58 gamename = (astring ) 0xad61f00 exit_pending = 0 error = 0 firstgame = 0 firstrun = 0 #7 0x00bdb66c in cli_execute (argc=8, argv=0x7fb1fe0, osd_options=0x21ae990) at src/emu/clifront.c:171 options = (core_options ) 0x8071e58 gamename = (astring ) 0x8051f00 exename = (astring ) 0x8061f00 gamename_option = 0x80a1f08 "sunaq" driver = (const game_driver ) 0x1e41960 result = -1 #8 0x009618b8 in utf8_main (argc=8, argv=0x7fb1fe0) at src/osd/windows/winmain.c:257 ext = 0x28e86b8 ".map" #9 0x0123f599 in main (argc=8, a_argv=0x64527f0) at src/osd/windows/main.c:72 i = 8 rc = 2293624 utf8_argv = (char ) 0x7fb1fe0 argv = (TCHAR ) 0x64528f8 wenviron = (WCHAR ) 0x64550f8 startupinfo = -1 Backtrace of the "press 5 during title" case: Program received signal SIGSEGV, Segmentation fault. 0x009b469b in read_byte_generic (space=0x13001750, byteaddress=61584) at src/emu/memory.c:459 459 result = (handler->bankbaseptr)[byteoffset]; (gdb) bt full #0 0x009b469b in read_byte_generic (space=0x13001750, byteaddress=61584) at src/emu/memory.c:459 handler = (const handler_data ) 0x13031030 byteoffset = 57488 entry = 1 result = 0 ' Program received signal SIGSEGV, Segmentation fault. 0x009b469b in read_byte_generic (space=0x13001750, byteaddress=61584) at src/emu/memory.c:459 459 result = (handler->bankbaseptr)[byteoffset]; (gdb) bt full #0 0x009b469b in read_byte_generic (space=0x13001750, byteaddress=61584) at src/emu/memory.c:459 handler = (const handler_data ) 0x13031030 byteoffset = 57488 entry = 1 result = 0 '\0' #1 0x009b5f19 in memory_read_byte_8le (space=0x13001750, address=61584) at src/emu/memory.c:3692 No locals. #2 0x00c12fc4 in op_1a (z80=0x138c1734) at src/emu/cpu/z80/z80.c:2987 No locals. #3 0x00c17d50 in cpu_execute_z80 (device=0xade1f7d, cycles=998) at src/emu/cpu/z80/z80.c:3527 op = 26 z80 = (z80_state ) 0x138c1734 #4 0x009d9e71 in cpu_execute (device=0xade1f7d, cycles=998) at src/emu/cpuintrf.h:557 classheader = (cpu_class_header ) 0x138c2fd8 #5 0x009d95a7 in cpuexec_timeslice (machine=0xad61efc) at src/emu/cpuexec.c:276 delta = {seconds = 0, attoseconds = 166402323577372} classdata = (cpu_class_data ) 0x138c17a8 call_debugger = 0 global = (cpuexec_private ) 0x13721efc target = {seconds = 24, attoseconds = 119593402227099664} base = {seconds = 24, attoseconds = 119426735560433664} cpu = (const device_config ) 0xade1f7d ran = 599 #6 0x009c765d in mame_execute (options=0x8071e58) at src/emu/mame.c:360 settingsloaded = 0 driver = (const game_driver ) 0x1e41960 machine = (running_machine ) 0xad61efc mame = (mame_private ) 0xad71f68 cb = (callback_item ) 0x8071e58 gamename = (astring ) 0xad61f00 exit_pending = 0 error = 0 firstgame = 0 firstrun = 0 #7 0x00bdb66c in cli_execute (argc=8, argv=0x7fb1fe0, osd_options=0x21ae990) at src/emu/clifront.c:171 options = (core_options ) 0x8071e58 gamename = (astring ) 0x8051f00 exename = (astring ) 0x8061f00 gamename_option = 0x80a1f08 "sunaq" driver = (const game_driver ) 0x1e41960 result = -1 #8 0x009618b8 in utf8_main (argc=8, argv=0x7fb1fe0) at src/osd/windows/winmain.c:257 ext = 0x28e86b8 ".map" #9 0x0123f599 in main (argc=8, a_argv=0x64527f0) at src/osd/windows/main.c:72 i = 8 rc = 2293624 utf8_argv = (char ) 0x7fb1fe0 argv = (TCHAR ) 0x64528f8 wenviron = (WCHAR ) 0x64550f8 startupinfo = -1 ' #1 0x009b5f19 in memory_read_byte_8le (space=0x13001750, address=61584) at src/emu/memory.c:3692 No locals. #2 0x00c12fc4 in op_1a (z80=0x138c1734) at src/emu/cpu/z80/z80.c:2987 No locals. #3 0x00c17d50 in cpu_execute_z80 (device=0xade1f7d, cycles=998) at src/emu/cpu/z80/z80.c:3527 op = 26 z80 = (z80_state ) 0x138c1734 #4 0x009d9e71 in cpu_execute (device=0xade1f7d, cycles=998) at src/emu/cpuintrf.h:557 classheader = (cpu_class_header ) 0x138c2fd8 #5 0x009d95a7 in cpuexec_timeslice (machine=0xad61efc) at src/emu/cpuexec.c:276 delta = {seconds = 0, attoseconds = 166402323577372} classdata = (cpu_class_data ) 0x138c17a8 call_debugger = 0 global = (cpuexec_private ) 0x13721efc target = {seconds = 24, attoseconds = 119593402227099664} base = {seconds = 24, attoseconds = 119426735560433664} cpu = (const device_config ) 0xade1f7d ran = 599 #6 0x009c765d in mame_execute (options=0x8071e58) at src/emu/mame.c:360 settingsloaded = 0 driver = (const game_driver ) 0x1e41960 machine = (running_machine ) 0xad61efc mame = (mame_private ) 0xad71f68 cb = (callback_item ) 0x8071e58 gamename = (astring ) 0xad61f00 exit_pending = 0 error = 0 firstgame = 0 firstrun = 0 #7 0x00bdb66c in cli_execute (argc=8, argv=0x7fb1fe0, osd_options=0x21ae990) at src/emu/clifront.c:171 options = (core_options ) 0x8071e58 gamename = (astring ) 0x8051f00 exename = (astring ) 0x8061f00 gamename_option = 0x80a1f08 "sunaq" driver = (const game_driver ) 0x1e41960 result = -1 #8 0x009618b8 in utf8_main (argc=8, argv=0x7fb1fe0) at src/osd/windows/winmain.c:257 ext = 0x28e86b8 ".map" #9 0x0123f599 in main (argc=8, a_argv=0x64527f0) at src/osd/windows/main.c:72 i = 8 rc = 2293624 utf8_argv = (char ) 0x7fb1fe0 argv = (TCHAR ) 0x64528f8 wenviron = (WCHAR *) 0x64550f8 startupinfo = -1 They appear to be the same issue with just different values.
No.03469 aaron Developer Jan 2, 2009, 04:15	SDLMAME seems to be more forgiving of invalid reads. The debug Windows build crashes reliably here, thanks to the guard pages.