Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault in tx 0x56b7a03200641d480abb3e314922e3adfa368d8b85a4dbf69e31845cf1ef1e4 #711

Closed
pefontana opened this issue Jul 1, 2024 · 2 comments · Fixed by #716
Closed

Segmentation fault in tx 0x56b7a03200641d480abb3e314922e3adfa368d8b85a4dbf69e31845cf1ef1e4 #711

pefontana opened this issue Jul 1, 2024 · 2 comments · Fixed by #716
Labels
x86 bug

Comments

@pefontana
Copy link
Member

pefontana commented Jul 1, 2024
edited
Loading

To replicate it, run
cargo run tx 0x56b7a03200641d480abb3e314922e3adfa368d8b85a4dbf69e31845cf1ef1e4 mainnet 653012
in the starknet replay crate in a computer with x86 architecture. it should return Segmentation fault

https://starkscan.co/tx/0x056b7a03200641d480abb3e314922e3adfa368d8b85a4dbf69e31845cf1ef1e4

Here is another tx with the same error

tx hash: 0x1be76b60066a058349b1a8cc4da0f472022dcf5e720a213f990030b3e6060cc
Block number: 646356
Chain: mainnet

https://starkscan.co/tx/0x056b7a03200641d480abb3e314922e3adfa368d8b85a4dbf69e31845cf1ef1e4

The TX should revert with:

Error in the called contract (0x04505a9f06f2bd639b6601f37a4dc0908bb70e8e0e0c34b1220827d64f4fc066):
Execution failed. Failure reason: 0x434c4541525f41545f4c454153545f4d494e494d554d ('CLEAR_AT_LEAST_MINIMUM')

So, I think the error come from this contract
https://github.com/EkuboProtocol/abis/blob/cccac030c7e66e0cb986fab9989d98e59c3a7436/src/components/clear.cairo#L32
@edg-l
Copy link
Member

edg-l commented Jul 2, 2024
edited
Loading

Managed to get somewhat a backtrace, lib/lib.tmpxcG5le.so is the contract

gef➤  bt
#0  0x00007fffdc78486d in f21 () from lib/lib.tmpxcG5le.so
#1  0x00007fffdc785fc9 in f24 () from lib/lib.tmpxcG5le.so
#2  0x00007fffdc7804d1 in f15 () from lib/lib.tmpxcG5le.so
#3  0x00007fffdc77092e in f0 () from lib/lib.tmpxcG5le.so
#4  0x00007fffdc770ca7 in _mlir_ciface_f0 () from lib/lib.tmpxcG5le.so
#5  0x00005555582a2db1 in _invoke_trampoline ()
#6  0x0000000000000000 in ?? ()

$rax   : 0x000055555ebf0a60  →  0x0000555034c3ad60
$rbx   : 0x000055555df7e240  →  0x0000000000000002
$rcx   : 0x3fcaffffc0      
$rdx   : 0x3fcaffffc0      
$rsp   : 0x00007ffffffd0fc0  →  0x0020202000000000
$rbp   : 0x18              
$rsi   : 0xff2c0000        
$rdi   : 0x13              
$rip   : 0x00007fffdc78486d  →  <f21+381> vmovups zmm0, ZMMWORD PTR [rdx]
$r8    : 0x0               
$r9    : 0xff2bffff        
$r10   : 0x18              
$r11   : 0x0               
$r12   : 0x0               
$r13   : 0xf               
$r14   : 0x253d8264e       
$r15   : 0x65              
$eflags: [zero carry PARITY adjust sign trap INTERRUPT direction overflow RESUME virtualx86 identification]
$cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00 
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007ffffffd0fc0│+0x0000: 0x0020202000000000   ← $rsp
0x00007ffffffd0fc8│+0x0008: 0x0000000000000000
0x00007ffffffd0fd0│+0x0010: 0xff2c000020202020 ("    "?)
0x00007ffffffd0fd8│+0x0018: 0x2020202020202000
0x00007ffffffd0fe0│+0x0020: 0x000055555ebf0a60  →  0x0000555034c3ad60
0x00007ffffffd0fe8│+0x0028: 0x0000000000000001
0x00007ffffffd0ff0│+0x0030: 0x0000000000000000
0x00007ffffffd0ff8│+0x0038: 0x0000000000000001
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
   0x7fffdc784864 <f21+372>        inc    esi
   0x7fffdc784866 <f21+374>        add    rdx, rcx
   0x7fffdc784869 <f21+377>        mov    DWORD PTR [rsp+0x14], esi
 → 0x7fffdc78486d <f21+381>        vmovups zmm0, ZMMWORD PTR [rdx]
   0x7fffdc784873 <f21+387>        vmovups ZMMWORD PTR [rax], zmm0
   0x7fffdc784879 <f21+393>        mov    QWORD PTR [rsp+0x20], rax
   0x7fffdc78487e <f21+398>        mov    BYTE PTR [rsp+0x18], 0x0
   0x7fffdc784883 <f21+403>        movzx  ecx, BYTE PTR [rsp+0x27]
   0x7fffdc784888 <f21+408>        movzx  edx, BYTE PTR [rsp+0x26]

@edg-l
Copy link
Member

edg-l commented Jul 3, 2024

The previous comment what with the AOT runner, with JIT it seems to work:

  2024-07-03T11:39:11.045848Z  INFO replay: execution finished successfully, transaction_hash: "0x56b7a03200641d480abb3e314922e3adfa368d8b85a4dbf69e31845cf1ef1e4", chain: "mainnet", execution_status: "REVERTED", rpc_execution_status: "REVERTED", execution_error_message: "Transaction execution has failed:\n0: Error in the called contract (contract address: 0x019de0995020b7fea7d7776754f2a62e1fd69b6977b19c78e8c19bbb5436c6e4, class hash: 0x029927c8af6bccf3f6fda035981e765a7bdbf18a2dc0d630494f8758aa908e2b, selector: 0x015d40a3d6ca2ac30f4031e42be28da9b056fef9bb7357ac5e85627ee876e5ad):\nNative execution error: argent/multicall-failed\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\u{2}Native execution error: CLEAR_AT_LEAST_MINIMUM\n"

@azteca1998 azteca1998 linked a pull request Jul 3, 2024 that will close this issue
Fix snapshot_take for arrays. #716
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
x86 bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix snapshot_take for arrays. lambdaclass/cairo_native
2 participants
@edg-l @pefontana