Anyone seen an exception (0xc0000005) crash before

[Eelco de Groot]

One Rainbow Serpent crashes in the below position, the other does not, but the bug is reproducible. I am not sure how I should trace it, but if anyone else ever experienced this type of crash it might give me a clue where to look for the culprit in the code.

[Event "6 Minutes/Game + 6 Seconds/Move"]
[Site "Engine Match"]
[Date "2010.02.08"]
[Round "1"]
[White "Rybka 2.3.2a PV-tips32-bit"]
[Black "Rainbow Serpent 1.6.3s(dc)"]
[Result "1-0"]
[ECO "B87 - Sicilian/Sozin Attack"]

1. e4 {book 0s} c5 {book 0s} 2. Nf3 {book 0s} d6 {book 0s}
3. d4 {book 0s} cxd4 {book 0s} 4. Nxd4 {book 0s} Nf6 {book
0s} 5. Nc3 {book 0s} a6 {book 0s} 6. Bc4 {book 0s} e6 {book
0s} 7. O-O {book 0s} b5 {book 0s} 8. Bb3 {book 0s} Be7
{book 0s} 9. Qf3 {book 0s} Qc7 {book 0s} 10. Qg3 {book 0s}
O-O {book 0s} 11. Re1 {book 0s} Kh8 {book 0s} 12. Bg5 {book
0s} Bd7 {-0.56/14 34s} 13. a3 {+0.17/12 23s (Qh4)} Nc6
{-0.40/14 16s (h6)} 14. Nxc6 {+0.15/12 20s} Bxc6 {-0.20/15
19s} 15. Rad1 {+0.10/13 1:00m} a5 {-0.08/14 24s} 16. Bxf6
{+0.10/12 3s (Rd4)} Bxf6 {+0.52/14 19s (gxf6)} 17. Qxd6
{+0.12/14 14s (Rxd6)} Qb7 {+0.36/15 16s} 18. Qf4 {+0.02/14
11s} b4 {+0.60/15 31s} 19. e5 {+0.11/13 3s (Na4)} bxc3
{+0.16/12 14s (Bxe5)} 20. exf6 {+0.09/11 0s} g5 {0.00/15
28s (Rg8)} 21. Qd4 {0.00/14 19s} Bxg2 {-0.12/14 45s (cxb2)}
22. Qxc3 {+0.66/14 11s} Rfc8 {-0.04/15 38s (Rac8)} 23. Qg3
{+0.81/14 14s} Bf3 {-0.20/14 17s} 24. Rd4 {+0.62/14 21s}
Rg8 {0.00/14 9s (Rd8)} 25. Qe5 {+0.89/13 15s (Re3)} g4
{0.00/13 9s (h6)} 26. Bc4 {+1.11/11 4s (Re3)} h6 {-0.72/12
12s} 27. Bd3 {+0.99/13 25s (b3)} Rg5 {-0.52/12 8s} 28. Qg3
{+1.04/13 5s} Rh5 {-1.01/14 23s} 29. b3 {+1.15/14 16s
(Qf4)} Rg8 {-1.09/13 11s (Qb6)} 30. Re5 {+1.56/15 12s (h4)}
Rh3 {-0.40/14 22s} 31. Qf4 {+1.41/13 0s} Qc8 {-0.76/13 16s
(Qc6)} 32. Rc4 {+2.13/14 14s (c4)} Qb7 {-2.06/12 12s (Qe8)}
33. Rxe6 {+2.59/14 10s (Bf1)} Bh1 {-2.54/12 10s (Bd5)}
34. Bf1 {+3.11/12 2s} fxe6 {-4.20/12 13s} 35. f7 {+3.08/12
1s} Rf8 {-3.87/13 16s} 36. Bxh3 {+3.16/13 2s} Kh7 {-3.83/12
9s} 37. Bf1 {+3.61/14 6s} Rxf7 {-3.87/14 9s} 38. Qe5
{+3.93/14 3s} Bd5 {-6.74/14 23s} 39. Rxg4 {+4.13/14 1s} Rf5
{-8.12/14 12s (Rg7)} 40. Bd3 {+5.15/13 1s} Qf7 {-8.60/15
13s} 41. Rg3 {+5.39/13 3s} h5 {-8.96/14 14s (a4)} 42. Rg5
{+7.13/11 5s} Bb7 {-9.65/12 6s (Kh6)} 43. Bxf5+ {+7.61/12
2s} exf5 {-9.69/8 0s} 44. Rxf5 {+7.91/15 14s} Qg7+
{-9.97/14 15s} 45. Qxg7+ {+7.71/12 2s} Kxg7 {-9.37/6 0s}
46. Rxa5 {+7.91/14 8s} Kf6 {-10.34/18 6s (Kg6)} 47. Rxh5
{+8.15/11 2s (c4)} Bf3 {-11.43/19 10s} 48. Rh8 {+8.09/12 6s
(Rh6+)} Bd1 {-11.35/18 9s (Ke6)} 49. Rc8 {+8.48/13 8s} Bg4
{-12.56/18 7s} 50. Rc4 {+10.27/13 7s (Rc5)} Be2 {-29.09/22
11s (Be6)} 51. a4 {+10.52/13 17s (Rc5)} Ke5 {-98.01/17 10s
(Bd1)} 52. a5 {+10.73/13 5s} Bf3 {-99.36/19 4s} 53. a6
{+10.57/10 1s} Kd6 {-99.52/19 7s} 54. a7 {+10.81/10 2s
(Rc8)} Bb7 {-99.46/21 7s (Kd7)} 55. Rc8 {+11.40/11 6s
(Rh4)} Bxc8 {-92.95/18 4s (Kd7)} 56. a8=Q {+11.60/7 3s} Bf5
{-92.95/19 5s} 57. c4 {+12.21/8 9s (Qe8)} Ke5 {-94.10/14 9s
(Be6)} 58. Qd5+ {+13.65/9 5s} Kf6 {-115.86/17 7s} 59. c5
{+13.92/9 2s (b4)} Be6 {-93.00/13 5s} 60. Qxe6+ {+34.66/8
9s (Qd8+)} Kxe6 {-102.97/11 0s} 61. b4 {+38.36/15 23s} Kd5
{-M13/17 1s} 62. h4 {+38.05/14 9s} Ke6 {-M12/14 0s (Kd4)}
63. Kg2 {+40.23/14 9s (b5)} Ke5 {-M12/16 1s (Ke7)} 64. Kf3
{+41.32/14 6s (h5)} Ke6 {-M13/17 2s} 65. Ke4 {+44.94/15 21s
(h5)} Kf6 {-M11/18 5s (Kd7)} 66. b5 {+45.38/15 22s (h5)}
Ke6 {-M10/13 0s} 67. f4 {+45.08/13 7s (h5)} Ke7 {-M10/15 1s
(Kd7)} 68. Ke5 {+46.38/13 5s (h5)} Kf7 {-M8/15 1s (Ke8)}
69. b6 {+M10/13 2s (c6)} Kg6 {-M8/10 0s (Ke7)} 70. f5+
{+M9/11 0s (b7)} Kh5 {-M8/11 0s (Kf7)} 71. Kf4 {+M8/11 1s
(b7)} Kh6 {-M7/9 0s (Kxh4)} 72. b7 {+M7/7 0s} Kg7 {-M6/8
0s} 73. Ke5 {+M6/6 0s (c6)} Kh6 {-M5/7 0s (Kf7)} 74. b8=Q
{+M5/7 0s} Kg7 {-M3/6 0s} 75. f6+ {+M4/3 0s (Qa7+)} Kg6
{-M3/6 0s (Kf7)} 76. Qg8+ {+M3/3 0s} Kh6 {-M2/6 0s}
77. Qg5+ {+M2/3 0s} Kh7 {-M1/6 0s} 78. Qg7# {+M1/3 0s} 1-0


Position after 21. Qd4, 21...Bxg2? is wrong and I think it loses. But the version that plays the position correct crashes


[d]r4r1k/1q3p1p/2b1pP2/p5p1/3Q4/PBp5/1PP2PPP/3RR1K1 b - -

Engine: Rainbow Serpent 1.6.3s(dc) Build 98 (Athlon 2009 MHz, 64 MB)
by Tord Romstad, Marco Costalba, Joona Kiiski Modifications: Dann Corbit

1.00 0:00 +1.41 21...cxb2 (292) 6

2.00 0:00 +1.49 21...cxb2 22.Qxb2 Bxg2 (559) 8

3.00 0:00 +1.77 21...cxb2 22.a4 Bxg2 23.Qxb2 (2.160) 34

4.00 0:00 +2.30 21...cxb2 22.Qxb2 a4 23.g3 axb3
24.cxb3 (4.038) 51

5.00 0:00 +0.88 21...cxb2 22.Rxe6 Bxg2 23.Re7 Qc6
24.Qxb2 Bh3 (53.454) 310

6.00 0:00 0.00 21...cxb2 22.Rxe6 a4 23.Re7 Qb5
24.Re5 Qb8 25.Ba2 (175.792) 468

6.00 0:00 +0.32 21...Bxg2 22.Qxc3 Bf3 23.Rd6 a4
24.Bc4 Bh1 (188.619) 482

6.00 0:00 +0.52 21...a4 22.Bxe6 cxb2 23.Bh3 Rfe8
24.Rxe8+ Rxe8 25.Rb1 Rb8 (206.327) 471

7.00 0:00 +0.12 21...a4 22.Bxe6 cxb2 23.Bh3 Rfe8
24.Rxe8+ Rxe8 25.Rb1 Rb8 26.f3 h5
27.Bf5 (276.626) 491

7.00 0:00 +0.28 21...Bxg2 22.Qxc3 Bf3 23.Bxe6 Bxd1
24.Rxd1 Rfd8 25.Rxd8+ Rxd8 26.Bg4 Qb6
27.Qe5 (294.085) 495

8.00 0:00 +0.24 21...Bxg2 22.Qxc3 Bf3 23.Bxe6 Bxd1
24.Rxd1 Rfd8 25.Rxd8+ Rxd8 26.Bg4 Qb6
27.Qe5 a4 28.c4 Qd4 29.Qxg5 Qxc4 (343.716) 499

9.00 0:00 +0.24 21...Bxg2 22.Qxc3 Bf3 23.Rd3 g4
24.Rd4 Qb8 25.Bc4 Rc8 26.Rd7 (445.565) 527

9.00 0:01 +0.56++ 21...cxb2 22.Rxe6 Bxg2 23.Re7 Qf3
24.Rxf7 Rxf7 25.Bxf7 b1R 26.Rxb1 Bh1 (684.800) 527

10.01 0:01 0.00 21...cxb2 22.Rxe6 Bxg2 23.Re7 Qc6
24.Rxf7 h6 25.Rxf8+ Rxf8 26.Re1 Bh1
27.f7+ Kh7 28.Qd3+ Kg7 29.Qd4+ Kh7 (1.114.796) 561

11.01 0:22 -0.20 21...cxb2 22.Rxe6 a4 23.Re7 Qb8
24.Ba2 Rd8 25.Qxd8+ Qxd8 26.Rxd8+ Rxd8
27.f3 h5 28.Re1 Rd2 29.Bxf7 Rxc2
30.Bg6 Rc1 31.Kf2 Kg8 32.Ke2 Kf8
33.Bb1 (14.310.780) 644

12.01 0:43 0.00 21...cxb2 22.Rxe6 a4 23.Re7 Qb8
24.Ba2 Rd8 25.Qxd8+ Qxd8 26.Rxd8+ Rxd8
27.f3 h6 28.Kf2 Rd2+ 29.Ke3 Rd1
30.Rxf7 Bd5 31.Rf8+ Kh7 32.f7 Re1+
33.Kf2 Bxa2 34.Rh8+ Kxh8 (27.770.002) 633

13.01 1:50 0.00 21...cxb2 22.Rxe6 a4 23.Re7 Qb8
24.Ba2 Rd8 25.Qxd8+ Qxd8 26.Rxd8+ Rxd8
27.f3 h6 28.Kf2 Rd2+ 29.Ke3 Rd1
30.Rxf7 Bd5 31.Rf8+ Kh7 32.f7 Re1+
33.Kf2 Bxa2 34.Rh8+ Kxh8 (69.401.300) 626

14.01 2:16 0.00 21...cxb2 22.Rxe6 a4 23.Re7 Qb8
24.Ba2 Rd8 25.Qxd8+ Qxd8 26.Rxd8+ Rxd8
27.f3 h6 28.Kf2 Rd2+ 29.Ke3 Rd1
30.Rxf7 Bd5 31.Rf8+ Kh7 32.f7 Re1+
33.Kf2 Bxa2 34.Rh8+ Kxh8 (85.697.349) 629

15.01 3:03 0.00 21...cxb2 22.Rxe6 a4 23.Re7 Qb8
24.Ba2 Rd8 25.Qxd8+ Qxd8 26.Rxd8+ Rxd8
27.f3 h6 28.Kf2 Rd2+ 29.Ke3 Rd1
30.Rxf7 Bd5 31.Rf8+ Kh7 32.f7 Re1+
33.Kf2 Bxa2 34.Rh8+ Kxh8 (112.866.131) 615

16.01 3:46 0.00 21...cxb2 22.Rxe6 a4 23.Re7 Qb8
24.Ba2 Rd8 25.Qxd8+ Qxd8 26.Rxd8+ Rxd8
27.f3 h6 28.Kf2 Rd2+ 29.Ke3 Rd1
30.Rxf7 Bd5 31.Rf8+ Kh7 32.f7 Re1+
33.Kf2 Bxa2 34.Rh8+ Kxh8 (138.277.877) 611

17.01 7:41 -0.20-- 21...cxb2 22.Rxe6 Bxg2 23.Re7 Qf3
24.Rxf7 Rxf7 25.Bxf7 (286.786.885) 622

18.01 14:21 -0.08 21...cxb2 22.Rxe6 a4 23.Re7 Qb8
24.Ba2 Rd8 25.Qxd8+ Qxd8 26.Rxd8+ Rxd8
27.f3 h6 28.Kf2 Rd2+ 29.Kg3 Bb5
30.Rb7 Bf1 31.f4 Rxg2+ 32.Kf3 g4+
33.Ke3 Rxh2 34.Rxb2 Re2+ (521.364.700) 604

19.01 31:52 0.00 21...cxb2 22.Rxe6 a4 23.Re7 Qb8
24.Ba2 Rd8 25.Qxd8+ Qxd8 26.Rxd8+ Rxd8
27.f3 Rd1+ 28.Kf2 b1Q 29.Bxb1 Rxb1
30.Rc7 Bb7 31.Rxf7 h6 32.Rg7 Bd5
33.Ke3 Rb6 34.Rg6 Kh7 (1.178.362.646) 616

20.01 55:08 0.00 21...cxb2 22.Rxe6 a4 23.Re7 Qb8
24.Ba2 Rd8 25.Qxd8+ Qxd8 26.Rxd8+ Rxd8
27.f3 Rd1+ 28.Kf2 b1Q 29.Bxb1 Rxb1
30.Rc7 Bb7 31.Rxf7 h6 32.Rg7 Bd5
33.Ke3 Rb6 34.Rg6 Kh7 (2.078.004.974) 628

... and here I get a crash after approximately 254 minutes but only with build 98, not with a slightly different 97. I would have expected a twentyfirst ply by now so maybe it has to do with an exploding search. But why exactly should that crash the engine? It is the most likely explanation though, I do remember crashes involving exploding extensions before. I did never really look at the errorcode though given by Windows, when offering to send a bug report to Microsoft general headquarters in the US. It has something to do with a wrong memory write I think.

Many here will be using Stockfish only with Linux and also Stockfish never uses extensions of more than one ply. In that case there are no search explosions of this kind. Also any errorcode would be different in Linux.

Moreover the new Stockfish 1.6.3 will also have less bugs than Rainbow Serpent. So it's not likely that you have seen this type of crash on your system But just in case anyone did please post it!

Eelco


Some text collected searching the Internet for the exception, (0xc0000005) seems to mean access is denied when writing to a forbidden memory location.

Data Execution Prevention (DEP) is a relatively new feature of both Intel and AMD hardware that is supported beginning with Windows Server 2003 Service Pack 1 and Windows XP Service Pack 2. DEP is a set of related hardware and software features designed to make it more difficult for malicious programs to execute sensitive code in the operating system.
DEP is activated automatically when machines with the DEP hardware protection installed are booted in PAE (Physical Address Extension) mode.

Processors running Windows Server 2003 Service Pack 1 or Windows XP Service Pack 2 with PAE-enabled that support hardware-enforced DEP raise an exception when the Performance SeNTry collection agent first attempts to execute code from a Performance Library DLL.

The unhandled 0xC0000005 Win32 exception is caused by DEP. The Data Execution Prevention feature prevents the collection services from executing code in the Performance Library modules that are loaded. (This example of the error messages that are written is abbreviated.)

These error messages will be followed by a series of Warning messages that will indicate a failure to gather the performance data Objects associated with these Performance Libraries.

0xc0000005 just means "access denied", but in this case it's referring to wild memory writes, not necessarily permissions in the file or registry sense. The fact that you're using the word "throws" in conjunction with exceptions suggests to me that you may already understand the mechanism

It's almost impossible to guess why the crash is occurring based on those data alone, so you might want to start by first updating all of those applications. Perhaps newer versions contain fixes.

[zullil]

One Rainbow Serpent crashes in the below position, the other does not, but the bug is reproducible. I am not sure how I should trace it, but if anyone else ever experienced this type of crash it might give me a clue where to look for the culprit in the code.

Are you using more than one thread? One of the patches that became part of the official Stockfish-1.6.3 release addressed a possible source of crashes when running multiple threads. Beyond that I have little to offer, except that
the error message seems very generic. However, if the crash is reproducible and occurs in one binary and not another, someone should be able to help you figure it out. Just not me.

[Eelco de Groot]

One Rainbow Serpent crashes in the below position, the other does not, but the bug is reproducible. I am not sure how I should trace it, but if anyone else ever experienced this type of crash it might give me a clue where to look for the culprit in the code.

Are you using more than one thread? One of the patches that became part of the official Stockfish-1.6.3 release addressed a possible source of crashes when running multiple threads. Beyond that I have little to offer, except that
the error message seems very generic. However, if the crash is reproducible and occurs in one binary and not another, someone should be able to help you figure it out. Just not me.

Hi Louis,

Thanks for your answer, but no, it is just my old Athlon so I can only use one thread on this system. It is likely a case that can only arise in Rainbow Serpent, where extensions > OnePly cause a crash, at least that is the only source of crashes I ever managed to identify in Ancalagon. Usually that crashes right away, in the first couple of iterations. But it is not entirely clear to me why that would cause an attempted memory write in a forbidden area, as this seems to be. But nothing is impossible with bugs... I am just trying to exclude any other possibilities. I suppose I should use some debugger or run a debug compile first if I can't figure it out from the source code first, but I have no idea what kind of output that gives in cases like this, would it be possible to pinpoint where in the code it crashes, probably only if you can decipher the assembly back to C++. If it is a search explosion I will have to do something anyway, and it should happen in more cases.

Regards, Eelco

[jdart]

> I suppose I should use some debugger or run a debug compile first

Yes - that is the first thing to try. See if the problem can be made to occur running a debug compile. A debugger can then display the call stack, variables, etc. Your error sounds like possibly a buffer overflow or dereferencing an invalid pointer but you really can't tell very much w/o debug information in the code.

[Eelco de Groot]

> I suppose I should use some debugger or run a debug compile first

Yes - that is the first thing to try. See if the problem can be made to occur running a debug compile. A debugger can then display the call stack, variables, etc. Your error sounds like possibly a buffer overflow or dereferencing an invalid pointer but you really can't tell very much w/o debug information in the code.

Okay thanks Jon, I will try to see if a debug compile also crashes!

Regards, Eelco

[Sven]

> I suppose I should use some debugger or run a debug compile first

Yes - that is the first thing to try. See if the problem can be made to occur running a debug compile. A debugger can then display the call stack, variables, etc. Your error sounds like possibly a buffer overflow or dereferencing an invalid pointer but you really can't tell very much w/o debug information in the code.

Okay thanks Jon, I will try to see if a debug compile also crashes!

Regards, Eelco

If your release build crashes after about 4 hours then your debug build will either take some days until reaching the same point, and then hopefully crash, or it will run perfectly fine (which is the usual case in my experience) ...

So be patient

Sven

[Dann Corbit]

It's a programming error of some sort.
Turn on exception trapping for all exception types and you will find the problem.

[Eelco de Groot]

It's a programming error of some sort.
Turn on exception trapping for all exception types and you will find the problem.

"Exception trapping", noted, will try to find that in the manual thanks Dann!

Eelco

[Dann Corbit]

It's a programming error of some sort.
Turn on exception trapping for all exception types and you will find the problem.

"Exception trapping", noted, will try to find that in the manual thanks Dann!

Eelco

If you are using the VC++ IDE, then go to menu item "Debug" and choose "Exceptions..."
Check both "Thrown" and "User Handled" for everything.