05485: assorted sets in bfm_sc4.c: Crash after OK

ID	Category [?]	Severity [?]	Reproducibility	Date Submitted	Last Update
05485	Crash/Freeze	Critical (emulator)	Always	Apr 2, 2014, 17:55	Nov 15, 2022, 09:56

Tester	Tafoid	View Status	Public	Platform	MAME (Official Binary)
Assigned To		Resolution	Open	OS	Windows Vista/7/8 (64-bit)
Status [?]	Confirmed			Driver	bfm/bfm_sc4.cpp
Version	0.152	Fixed in Version		Build	Normal
		Fixed in Git Commit		Github Pull Request #

Summary	05485: assorted sets in bfm_sc4.c: Crash after OK
Description	==12857==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000007ceb75e sp 0x7fff39bd80d0 bp 0x7fff39bd8110 T0) #0 0x7ceb75d in emu_timer::machine() const /home/notroot/trunk/src/emu/schedule.h:71 #1 0x7ceb75d in emu_timer::adjust(attotime, int, attotime) /home/notroot/trunk/src/emu/schedule.c:180 #2 0x778207e in m68307_timer::write_tmr(unsigned short, unsigned short, int) /home/notroot/trunk/src/emu/machine/68307tmu.c:206 #3 0x7c7be3a in delegate_base<void, address_space&, unsigned int, unsigned short, unsigned short, _noparam>::operator()(address_space&, unsigned int, unsigned short, unsigned short) const /home/notroot/trunk/src/emu/delegate.h:514 #4 0x7c7be3a in handler_entry_write::write16(address_space&, unsigned int, unsigned short, unsigned short) const /home/notroot/trunk/src/emu/memory.c:481 #5 0x7c7be3a in address_space_specific<unsigned short, (endianness_t)1, true>::write_native(unsigned int, unsigned short) /home/notroot/trunk/src/emu/memory.c:1203 #6 0x66cc82b in delegate_base<void, unsigned int, unsigned short, _noparam, _noparam, _noparam>::operator()(unsigned int, unsigned short) const /home/notroot/trunk/src/emu/delegate.h:512 #7 0x66cc82b in m68ki_write_16_fc(m68000_base_device, unsigned int, unsigned int, unsigned int) /home/notroot/trunk/src/emu/cpu/m68000/m68kcpu.h:816 #8 0x66cc82b in m68000_base_device_ops::m68k_op_move_16_al_i(m68000_base_device) /home/notroot/trunk/obj/sdl64d/emu/cpu/m68000/m68kops.c:19118 #9 0x6529a1d in m68000_base_device::cpu_execute() /home/notroot/trunk/src/emu/cpu/m68000/m68kcpu.c:856 #10 0x7cf01b0 in device_execute_interface::run() /home/notroot/trunk/src/emu/diexec.h:187 #11 0x7cf01b0 in device_scheduler::timeslice() /home/notroot/trunk/src/emu/schedule.c:474 #12 0x7c0bd71 in running_machine::run(bool) /home/notroot/trunk/src/emu/machine.c:378 #13 0x7c03157 in mame_execute(emu_options&, osd_interface&) /home/notroot/trunk/src/emu/mame.c:194 #14 0x7a03efc in cli_frontend::execute(int, char**) /home/notroot/trunk/src/emu/clifront.c:237 #15 0x55a1645 in main /home/notroot/trunk/src/osd/sdl/sdlmain.c:380 #16 0x7fa0cf6f7de4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260 #17 0xfbfbdc in _start (/home/notroot/trunk/mame64d+0xfbfbdc)
Steps To Reproduce
Additional Information	The following sets crash similarly (September 13, 2016): sc4bgold sc4cjd sc4crzgnx sc4dnda sc4dndccb sc4drubyb sc4hotdga sc4milro sc4ponye sc4pwcrzf
Github Commit

Flags
Regression Version	0.147u4 (Added)
Affected Sets / Systems	assorted sets in bfm_sc4.c

Attached Files

No.13091 Robbbert Senior Tester Aug 31, 2016, 22:32 edited on: Aug 31, 2016, 22:36	Tested on 32-bit windows C:\MAME>mame sc4milro NOT AN SC4 ROM!!!!! Normal rom pair string not found, checking mismatched / missing rom string No suitable string found ----------------------------------------------------- Exception at EIP=02BA7DBB (emu_timer::adjust(attotime, int, attotime const&)+0x000b): ACCESS VIOLATION While attempting to read memory at 67616E61 ----------------------------------------------------- EAX=00000018 EBX=67616E61 ECX=67616E61 EDX=0AB5C568 ESI=0028BF38 EDI=0AB4F490 EBP=0028BEC8 ESP=0028BE80 ----------------------------------------------------- Stack crawl: 0028BEC8: 02BA7DBB (emu_timer::adjust(attotime, int, attotime const&)+0x000b) 0028BF78: 023CE62A (m68307_timer::write_tmr(unsigned short, unsigned short, int)+0x0eea) 0028C038: 023D089C (m68307cpu_device::m68307_internal_timer_w(address_space&, unsigned int, unsigned short, unsigned short)+0x061c) 0028C078: 03B3AF7F (delegate_base<void, address_space&, unsigned int, unsigned short, unsigned short>::operator()(address_space&, unsigned i nt, unsigned short, unsigned short) const+0x003f) 0028C0A8: 038E0905 (address_space_specific<unsigned short, (endianness_t)1, true>::write_word(unsigned int, unsigned short)+0x0095) 0028C0C8: 023C3ECF (m68307cpu_device::write_word_m68307(unsigned int, unsigned short)+0x001f) 0028C0E8: 01EF6656 (m68ki_write_16_fc(m68000_base_device, unsigned int, unsigned int, unsigned int) [clone .constprop.669]+0x0076) 0028C108: 01F271C0 (m68000_base_device_ops::m68k_op_move_16_al_i(m68000_base_device)+0x0030) 0028C198: 0386B689 (m68000_base_device::cpu_execute()+0x0789) 0028C1A8: 01EE9B0B (m68000_base_device::execute_run()+0x000b) 0028C218: 02BAB4B9 (device_scheduler::timeslice()+0x01b9) 0028C288: 02B75059 (running_machine::run(bool)+0x01c9) 0028F908: 017A4ED5 (mame_machine_manager::execute()+0x0175) 0028FBE8: 018071CE (cli_frontend::execute(int, char)+0x0e3e) 0028FC18: 017A3A24 (emulator_info::start_frontend(emu_options&, osd_interface&, int, char)+0x0034) 0028FE48: 01712C96 (utf8_main(int, char**)+0x0126) 0028FEC8: 02F4FBD7 (wmain+0x00e7) 0028FF88: 004013F0 (__tmainCRTStartup+0x0280) 0028FF94: 753E337A (BaseThreadInitThunk+0x0012) 0028FFD4: 772C9882 (RtlInitializeExceptionChain+0x0063) 0028FFEC: 772C9855 (RtlInitializeExceptionChain+0x0036)
No.20824 Firewave Senior Tester Nov 15, 2022, 09:56	These (some) sets are marked MNW. 0.249 on Linux reports: ../../../../../src/devices/machine/68307tmu.cpp:154:24: runtime error: index 8 out of bounds for type 'm68307_cpu_device::m68307_timer::single_timer[2]' #0 0x7f1178e2be7c in m68307_cpu_device::m68307_timer::write_ter(unsigned short, unsigned short, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/machine/68307tmu.cpp:154:24 #1 0x7f1178e298f1 in m68307_cpu_device::m68307_internal_timer_w(unsigned int, unsigned short, unsigned short) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/machine/68307tmu.cpp:69:10 #2 0x7f117ee965a2 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11 #3 0x7f117ee965a2 in std::enable_if<(((std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned char, unsigned char)> >::value) \|\| (std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >::value)) \|\| (std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned int, unsigned int)> >::value)) \|\| (std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned long, unsigned long)> >::value), void>::type handler_entry_write_delegate<1, 0, emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >::write_impl<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >(unsigned int, unsigned short, unsigned short) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hedp.cpp:115:2 #4 0x7f117ee96418 in handler_entry_write_delegate<1, 0, emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >::write(unsigned int, unsigned short, unsigned short) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hedp.cpp:150:2 #5 0x7f1177874ada in void dispatch_write<0, 1, 0>(unsigned int, unsigned int, emu::detail::handler_entry_size<1>::uX, emu::detail::handler_entry_size<1>::uX, handler_entry_write<1, 0> const* const) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1577:47 #6 0x7f1181f07641 in handler_entry_write_dispatch<14, 1, 0>::write(unsigned int, unsigned short, unsigned short) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hedw.ipp:131:2 #7 0x7f11741c322b in void dispatch_write<1, 1, 0>(unsigned int, unsigned int, emu::detail::handler_entry_size<1>::uX, emu::detail::handler_entry_size<1>::uX, handler_entry_write<1, 0> const const) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1577:47 #8 0x7f1175d3bb4b in write_native /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1741:3 #9 0x7f1175d3bb4b in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1639:90 #10 0x7f1175d3bb4b in void memory_write_generic<1, 0, (util::endianness)1, 2, true, emu::detail::memory_access_specific<1, 1, 0, (util::endianness)1>::wop()::'lambda'(unsigned int, unsigned short, unsigned short)>(emu::detail::memory_access_specific<1, 1, 0, (util::endianness)1>::wop()::'lambda'(unsigned int, unsigned short, unsigned short), unsigned int, emu::detail::handler_entry_size<2>::uX, emu::detail::handler_entry_size<2>::uX) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1009:22 #11 0x7f1178e05db9 in write_dword /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1662:121 #12 0x7f1178e05db9 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/machine/68307.cpp:142:106 #13 0x7f1178e05db9 in __invoke_impl<void, (lambda at ../../../../../src/devices/machine/68307.cpp:142:14) &, unsigned int, unsigned int> /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:61:14 #14 0x7f1178e05db9 in __invoke_r<void, (lambda at ../../../../../src/devices/machine/68307.cpp:142:14) &, unsigned int, unsigned int> /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:111:2 #15 0x7f1178e05db9 in std::_Function_handler<void (unsigned int, unsigned int), m68307_cpu_device::init16_m68307(address_space&)::$_6>::_M_invoke(std::_Any_data const&, unsigned int&&, unsigned int&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:290:9 #16 0x7f1175d32b69 in std::function<void (unsigned int, unsigned int)>::operator()(unsigned int, unsigned int) const /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:591:9 #17 0x7f1175d326b7 in m68000_base_device::m68ki_write_32_fc(unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:711:2 #18 0x7f1175d323cd in m68000_base_device::m68ki_write_32(unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:434:58 #19 0x7f1175d31c2e in m68000_base_device::m68ki_push_32(unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:927:2 #20 0x7f1175d374a3 in m68000_base_device::m68ki_stack_frame_3word(unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:1130:2 #21 0x7f1175d2f5a9 in m68000_base_device::m68ki_stack_frame_0000(unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:1142:3 #22 0x7f1175f88e53 in m68000_base_device::m68ki_exception_illegal() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:1560:2 #23 0x7f1175e3843f in m68000_base_device::x4afc_illegal_071234fc() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kops.cpp:14016:2 #24 0x7f1175cf17c3 in m68000_base_device::execute_run() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.cpp:909:5 #25 0x7f1175cf381f in non-virtual thunk to m68000_base_device::execute_run() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.cpp #26 0x7f1184687577 in run /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/diexec.h:190:15 #27 0x7f1184687577 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:456:14 #28 0x7f1184525027 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17 #29 0x7f117c634c6f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19 #30 0x7f117d9ebfe6 in cli_frontend::start_execution(mame_machine_manager, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22 #31 0x7f117d9efb2f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3 #32 0x7f117c639a4f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18 #33 0x7f118481ad0b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9 #34 0x7f1137559209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #35 0x7f11375592bb in __libc_start_main csu/../csu/libc-start.c:389:3 #36 0x7f115e1abbd0 in _start (/mnt/s/GitHub/mame/mame+0x24d5fbd0) (BuildId: 5ea94812d72bae4c) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../../../../src/devices/machine/68307tmu.cpp:154:24 in ==21729==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x7f1184683f8f bp 0x7fffc6f64a90 sp 0x7fffc6f64a00 T0) ==21729==The signal is caused by a READ memory access. ==21729==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used. #0 0x7f1184683f8f in emu_timer::adjust(attotime, int, attotime const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:142:6 #1 0x7f1178e2b55f in m68307_cpu_device::m68307_timer::write_tmr(unsigned short, unsigned short, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/machine/68307tmu.cpp:210:19 #2 0x7f1178e298a3 in m68307_cpu_device::m68307_internal_timer_w(unsigned int, unsigned short, unsigned short) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/machine/68307tmu.cpp:50:10 #3 0x7f117ee965a2 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11 #4 0x7f117ee965a2 in std::enable_if<(((std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned char, unsigned char)> >::value) \|\| (std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >::value)) \|\| (std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned int, unsigned int)> >::value)) \|\| (std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned long, unsigned long)> >::value), void>::type handler_entry_write_delegate<1, 0, emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >::write_impl<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >(unsigned int, unsigned short, unsigned short) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hedp.cpp:115:2 #5 0x7f117ee96418 in handler_entry_write_delegate<1, 0, emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >::write(unsigned int, unsigned short, unsigned short) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hedp.cpp:150:2 #6 0x7f1177874ada in void dispatch_write<0, 1, 0>(unsigned int, unsigned int, emu::detail::handler_entry_size<1>::uX, emu::detail::handler_entry_size<1>::uX, handler_entry_write<1, 0> const* const) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1577:47 #7 0x7f1181f07641 in handler_entry_write_dispatch<14, 1, 0>::write(unsigned int, unsigned short, unsigned short) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hedw.ipp:131:2 #8 0x7f11741c322b in void dispatch_write<1, 1, 0>(unsigned int, unsigned int, emu::detail::handler_entry_size<1>::uX, emu::detail::handler_entry_size<1>::uX, handler_entry_write<1, 0> const const) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1577:47 #9 0x7f11741bb037 in write_native /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1741:3 #10 0x7f11741bb037 in emu::detail::memory_access_specific<1, 1, 0, (util::endianness)1>::write_word(unsigned int, unsigned short) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1658:71 #11 0x7f1178e05bb6 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/machine/68307.cpp:141:106 #12 0x7f1178e05bb6 in __invoke_impl<void, (lambda at ../../../../../src/devices/machine/68307.cpp:141:14) &, unsigned int, unsigned short> /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:61:14 #13 0x7f1178e05bb6 in __invoke_r<void, (lambda at ../../../../../src/devices/machine/68307.cpp:141:14) &, unsigned int, unsigned short> /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:111:2 #14 0x7f1178e05bb6 in std::_Function_handler<void (unsigned int, unsigned short), m68307_cpu_device::init16_m68307(address_space&)::$_5>::_M_invoke(std::_Any_data const&, unsigned int&&, unsigned short&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:290:9 #15 0x7f1175d3323a in std::function<void (unsigned int, unsigned short)>::operator()(unsigned int, unsigned short) const /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:591:9 #16 0x7f1175d32fc8 in m68000_base_device::m68ki_write_16_fc(unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:700:2 #17 0x7f1175d32cdd in m68000_base_device::m68ki_write_16(unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:433:58 #18 0x7f1175d320be in m68000_base_device::m68ki_push_16(unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:921:2 #19 0x7f1175d374e3 in m68000_base_device::m68ki_stack_frame_3word(unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:1131:2 #20 0x7f1175d2f5a9 in m68000_base_device::m68ki_stack_frame_0000(unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:1142:3 #21 0x7f1175f88e53 in m68000_base_device::m68ki_exception_illegal() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:1560:2 #22 0x7f1175e3843f in m68000_base_device::x4afc_illegal_071234fc() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kops.cpp:14016:2 #23 0x7f1175cf17c3 in m68000_base_device::execute_run() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.cpp:909:5 #24 0x7f1175cf381f in non-virtual thunk to m68000_base_device::execute_run() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.cpp #25 0x7f1184687577 in run /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/diexec.h:190:15 #26 0x7f1184687577 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:456:14 #27 0x7f1184525027 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17 #28 0x7f117c634c6f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19 #29 0x7f117d9ebfe6 in cli_frontend::start_execution(mame_machine_manager, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22 #30 0x7f117d9efb2f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3 #31 0x7f117c639a4f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18 #32 0x7f118481ad0b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9 #33 0x7f1137559209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #34 0x7f11375592bb in __libc_start_main csu/../csu/libc-start.c:389:3 #35 0x7f115e1abbd0 in _start (/mnt/s/GitHub/mame/mame+0x24d5fbd0) (BuildId: 5ea94812d72bae4c) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:142:6 in emu_timer::adjust(attotime, int, attotime const&) There are more out-of-bounds accesses of the same array but all of them have asserts so this should fail in a debug build. These asserts were added by me in https://github.com/firewave/mame/commit/e440c631ed446b50984155ef95f508a88988cfaf.

No.13091

Robbbert

Senior Tester

Aug 31, 2016, 22:32

edited on: Aug 31, 2016, 22:36

Tested on 32-bit windows

C:\MAME>mame sc4milro
NOT AN SC4 ROM!!!!!
Normal rom pair string not found, checking mismatched / missing rom string
No suitable string found

-----------------------------------------------------
Exception at EIP=02BA7DBB (emu_timer::adjust(attotime, int, attotime const&)+0x000b): ACCESS VIOLATION
While attempting to read memory at 67616E61
-----------------------------------------------------
EAX=00000018 EBX=67616E61 ECX=67616E61 EDX=0AB5C568
ESI=0028BF38 EDI=0AB4F490 EBP=0028BEC8 ESP=0028BE80
-----------------------------------------------------
Stack crawl:
  0028BEC8: 02BA7DBB (emu_timer::adjust(attotime, int, attotime const&)+0x000b)
  0028BF78: 023CE62A (m68307_timer::write_tmr(unsigned short, unsigned short, int)+0x0eea)
  0028C038: 023D089C (m68307cpu_device::m68307_internal_timer_w(address_space&, unsigned int, unsigned short, unsigned short)+0x061c)
  0028C078: 03B3AF7F (delegate_base<void, address_space&, unsigned int, unsigned short, unsigned short>::operator()(address_space&, unsigned i
nt, unsigned short, unsigned short) const+0x003f)
  0028C0A8: 038E0905 (address_space_specific<unsigned short, (endianness_t)1, true>::write_word(unsigned int, unsigned short)+0x0095)
  0028C0C8: 023C3ECF (m68307cpu_device::write_word_m68307(unsigned int, unsigned short)+0x001f)
  0028C0E8: 01EF6656 (m68ki_write_16_fc(m68000_base_device*, unsigned int, unsigned int, unsigned int) [clone .constprop.669]+0x0076)
  0028C108: 01F271C0 (m68000_base_device_ops::m68k_op_move_16_al_i(m68000_base_device*)+0x0030)
  0028C198: 0386B689 (m68000_base_device::cpu_execute()+0x0789)
  0028C1A8: 01EE9B0B (m68000_base_device::execute_run()+0x000b)
  0028C218: 02BAB4B9 (device_scheduler::timeslice()+0x01b9)
  0028C288: 02B75059 (running_machine::run(bool)+0x01c9)
  0028F908: 017A4ED5 (mame_machine_manager::execute()+0x0175)
  0028FBE8: 018071CE (cli_frontend::execute(int, char**)+0x0e3e)
  0028FC18: 017A3A24 (emulator_info::start_frontend(emu_options&, osd_interface&, int, char**)+0x0034)
  0028FE48: 01712C96 (utf8_main(int, char**)+0x0126)
  0028FEC8: 02F4FBD7 (wmain+0x00e7)
  0028FF88: 004013F0 (__tmainCRTStartup+0x0280)
  0028FF94: 753E337A (BaseThreadInitThunk+0x0012)
  0028FFD4: 772C9882 (RtlInitializeExceptionChain+0x0063)
  0028FFEC: 772C9855 (RtlInitializeExceptionChain+0x0036)

No.20824

Firewave

Senior Tester

Nov 15, 2022, 09:56

These (some) sets are marked MNW.

0.249 on Linux reports:

../../../../../src/devices/machine/68307tmu.cpp:154:24: runtime error: index 8 out of bounds for type 'm68307_cpu_device::m68307_timer::single_timer[2]'
    #0 0x7f1178e2be7c in m68307_cpu_device::m68307_timer::write_ter(unsigned short, unsigned short, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/machine/68307tmu.cpp:154:24
    #1 0x7f1178e298f1 in m68307_cpu_device::m68307_internal_timer_w(unsigned int, unsigned short, unsigned short) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/machine/68307tmu.cpp:69:10
    #2 0x7f117ee965a2 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #3 0x7f117ee965a2 in std::enable_if<(((std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned char, unsigned char)> >::value) || (std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >::value)) || (std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned int, unsigned int)> >::value)) || (std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned long, unsigned long)> >::value), void>::type handler_entry_write_delegate<1, 0, emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >::write_impl<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >(unsigned int, unsigned short, unsigned short) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hedp.cpp:115:2
    #4 0x7f117ee96418 in handler_entry_write_delegate<1, 0, emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >::write(unsigned int, unsigned short, unsigned short) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hedp.cpp:150:2
    #5 0x7f1177874ada in void dispatch_write<0, 1, 0>(unsigned int, unsigned int, emu::detail::handler_entry_size<1>::uX, emu::detail::handler_entry_size<1>::uX, handler_entry_write<1, 0> const* const*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1577:47
    #6 0x7f1181f07641 in handler_entry_write_dispatch<14, 1, 0>::write(unsigned int, unsigned short, unsigned short) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hedw.ipp:131:2
    #7 0x7f11741c322b in void dispatch_write<1, 1, 0>(unsigned int, unsigned int, emu::detail::handler_entry_size<1>::uX, emu::detail::handler_entry_size<1>::uX, handler_entry_write<1, 0> const* const*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1577:47
    #8 0x7f1175d3bb4b in write_native /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1741:3
    #9 0x7f1175d3bb4b in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1639:90
    #10 0x7f1175d3bb4b in void memory_write_generic<1, 0, (util::endianness)1, 2, true, emu::detail::memory_access_specific<1, 1, 0, (util::endianness)1>::wop()::'lambda'(unsigned int, unsigned short, unsigned short)>(emu::detail::memory_access_specific<1, 1, 0, (util::endianness)1>::wop()::'lambda'(unsigned int, unsigned short, unsigned short), unsigned int, emu::detail::handler_entry_size<2>::uX, emu::detail::handler_entry_size<2>::uX) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1009:22
    #11 0x7f1178e05db9 in write_dword /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1662:121
    #12 0x7f1178e05db9 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/machine/68307.cpp:142:106
    #13 0x7f1178e05db9 in __invoke_impl<void, (lambda at ../../../../../src/devices/machine/68307.cpp:142:14) &, unsigned int, unsigned int> /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:61:14
    #14 0x7f1178e05db9 in __invoke_r<void, (lambda at ../../../../../src/devices/machine/68307.cpp:142:14) &, unsigned int, unsigned int> /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:111:2
    #15 0x7f1178e05db9 in std::_Function_handler<void (unsigned int, unsigned int), m68307_cpu_device::init16_m68307(address_space&)::$_6>::_M_invoke(std::_Any_data const&, unsigned int&&, unsigned int&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:290:9
    #16 0x7f1175d32b69 in std::function<void (unsigned int, unsigned int)>::operator()(unsigned int, unsigned int) const /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:591:9
    #17 0x7f1175d326b7 in m68000_base_device::m68ki_write_32_fc(unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:711:2
    #18 0x7f1175d323cd in m68000_base_device::m68ki_write_32(unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:434:58
    #19 0x7f1175d31c2e in m68000_base_device::m68ki_push_32(unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:927:2
    #20 0x7f1175d374a3 in m68000_base_device::m68ki_stack_frame_3word(unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:1130:2
    #21 0x7f1175d2f5a9 in m68000_base_device::m68ki_stack_frame_0000(unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:1142:3
    #22 0x7f1175f88e53 in m68000_base_device::m68ki_exception_illegal() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:1560:2
    #23 0x7f1175e3843f in m68000_base_device::x4afc_illegal_071234fc() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kops.cpp:14016:2
    #24 0x7f1175cf17c3 in m68000_base_device::execute_run() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.cpp:909:5
    #25 0x7f1175cf381f in non-virtual thunk to m68000_base_device::execute_run() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.cpp
    #26 0x7f1184687577 in run /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/diexec.h:190:15
    #27 0x7f1184687577 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:456:14
    #28 0x7f1184525027 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17
    #29 0x7f117c634c6f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #30 0x7f117d9ebfe6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #31 0x7f117d9efb2f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #32 0x7f117c639a4f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #33 0x7f118481ad0b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #34 0x7f1137559209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #35 0x7f11375592bb in __libc_start_main csu/../csu/libc-start.c:389:3
    #36 0x7f115e1abbd0 in _start (/mnt/s/GitHub/mame/mame+0x24d5fbd0) (BuildId: 5ea94812d72bae4c)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../../../../src/devices/machine/68307tmu.cpp:154:24 in

==21729==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x7f1184683f8f bp 0x7fffc6f64a90 sp 0x7fffc6f64a00 T0)
==21729==The signal is caused by a READ memory access.
==21729==Hint: this fault was caused by a dereference of a high value address (see register values below).  Disassemble the provided pc to learn which register was used.
    #0 0x7f1184683f8f in emu_timer::adjust(attotime, int, attotime const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:142:6
    #1 0x7f1178e2b55f in m68307_cpu_device::m68307_timer::write_tmr(unsigned short, unsigned short, int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/machine/68307tmu.cpp:210:19
    #2 0x7f1178e298a3 in m68307_cpu_device::m68307_internal_timer_w(unsigned int, unsigned short, unsigned short) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/machine/68307tmu.cpp:50:10
    #3 0x7f117ee965a2 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/lib/util/delegate.h:765:11
    #4 0x7f117ee965a2 in std::enable_if<(((std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned char, unsigned char)> >::value) || (std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >::value)) || (std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned int, unsigned int)> >::value)) || (std::is_same<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)>, emu::device_delegate<void (unsigned int, unsigned long, unsigned long)> >::value), void>::type handler_entry_write_delegate<1, 0, emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >::write_impl<emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >(unsigned int, unsigned short, unsigned short) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hedp.cpp:115:2
    #5 0x7f117ee96418 in handler_entry_write_delegate<1, 0, emu::device_delegate<void (unsigned int, unsigned short, unsigned short)> >::write(unsigned int, unsigned short, unsigned short) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hedp.cpp:150:2
    #6 0x7f1177874ada in void dispatch_write<0, 1, 0>(unsigned int, unsigned int, emu::detail::handler_entry_size<1>::uX, emu::detail::handler_entry_size<1>::uX, handler_entry_write<1, 0> const* const*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1577:47
    #7 0x7f1181f07641 in handler_entry_write_dispatch<14, 1, 0>::write(unsigned int, unsigned short, unsigned short) const /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem_hedw.ipp:131:2
    #8 0x7f11741c322b in void dispatch_write<1, 1, 0>(unsigned int, unsigned int, emu::detail::handler_entry_size<1>::uX, emu::detail::handler_entry_size<1>::uX, handler_entry_write<1, 0> const* const*) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1577:47
    #9 0x7f11741bb037 in write_native /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1741:3
    #10 0x7f11741bb037 in emu::detail::memory_access_specific<1, 1, 0, (util::endianness)1>::write_word(unsigned int, unsigned short) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/emumem.h:1658:71
    #11 0x7f1178e05bb6 in operator() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/machine/68307.cpp:141:106
    #12 0x7f1178e05bb6 in __invoke_impl<void, (lambda at ../../../../../src/devices/machine/68307.cpp:141:14) &, unsigned int, unsigned short> /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:61:14
    #13 0x7f1178e05bb6 in __invoke_r<void, (lambda at ../../../../../src/devices/machine/68307.cpp:141:14) &, unsigned int, unsigned short> /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/invoke.h:111:2
    #14 0x7f1178e05bb6 in std::_Function_handler<void (unsigned int, unsigned short), m68307_cpu_device::init16_m68307(address_space&)::$_5>::_M_invoke(std::_Any_data const&, unsigned int&&, unsigned short&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:290:9
    #15 0x7f1175d3323a in std::function<void (unsigned int, unsigned short)>::operator()(unsigned int, unsigned short) const /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/std_function.h:591:9
    #16 0x7f1175d32fc8 in m68000_base_device::m68ki_write_16_fc(unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:700:2
    #17 0x7f1175d32cdd in m68000_base_device::m68ki_write_16(unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:433:58
    #18 0x7f1175d320be in m68000_base_device::m68ki_push_16(unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:921:2
    #19 0x7f1175d374e3 in m68000_base_device::m68ki_stack_frame_3word(unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:1131:2
    #20 0x7f1175d2f5a9 in m68000_base_device::m68ki_stack_frame_0000(unsigned int, unsigned int, unsigned int) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:1142:3
    #21 0x7f1175f88e53 in m68000_base_device::m68ki_exception_illegal() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.h:1560:2
    #22 0x7f1175e3843f in m68000_base_device::x4afc_illegal_071234fc() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kops.cpp:14016:2
    #23 0x7f1175cf17c3 in m68000_base_device::execute_run() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.cpp:909:5
    #24 0x7f1175cf381f in non-virtual thunk to m68000_base_device::execute_run() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/devices/cpu/m68000/m68kcpu.cpp
    #25 0x7f1184687577 in run /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/diexec.h:190:15
    #26 0x7f1184687577 in device_scheduler::timeslice() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:456:14
    #27 0x7f1184525027 in running_machine::run(bool) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/machine.cpp:329:17
    #28 0x7f117c634c6f in mame_machine_manager::execute() /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:290:19
    #29 0x7f117d9ebfe6 in cli_frontend::start_execution(mame_machine_manager*, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:275:22
    #30 0x7f117d9efb2f in cli_frontend::execute(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/clifront.cpp:291:3
    #31 0x7f117c639a4f in emulator_info::start_frontend(emu_options&, osd_interface&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >&) /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/frontend/mame/mame.cpp:454:18
    #32 0x7f118481ad0b in main /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/osd/sdl/sdlmain.cpp:191:9
    #33 0x7f1137559209 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #34 0x7f11375592bb in __libc_start_main csu/../csu/libc-start.c:389:3
    #35 0x7f115e1abbd0 in _start (/mnt/s/GitHub/mame/mame+0x24d5fbd0) (BuildId: 5ea94812d72bae4c)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /mnt/s/GitHub/mame/build/projects/sdl/mame/gmake-linux-clang/../../../../../src/emu/schedule.cpp:142:6 in emu_timer::adjust(attotime, int, attotime const&)

There are more out-of-bounds accesses of the same array but all of them have asserts so this should fail in a debug build. These asserts were added by me in https://github.com/firewave/mame/commit/e440c631ed446b50984155ef95f508a88988cfaf.