Skip to content

geth t8n crash on cancun input #27785

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
winsvega opened this issue Jul 26, 2023 · 5 comments · Fixed by #27796
Closed

geth t8n crash on cancun input #27785

winsvega opened this issue Jul 26, 2023 · 5 comments · Fixed by #27796
Labels
type:bug

Comments

@winsvega
Copy link
Contributor 

Error: panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xc1f273]

goroutine 1 [running]:
github.com/ethereum/go-ethereum/core.(*StateTransition).preCheck(0xc00043c990)
	github.com/ethereum/go-ethereum/core/state_transition.go:336 +0xc73
github.com/ethereum/go-ethereum/core.(*StateTransition).TransitionDb(0xc00043c990)
	github.com/ethereum/go-ethereum/core/state_transition.go:367 +0x65
github.com/ethereum/go-ethereum/core.ApplyMessage(0x1284258?, 0x1284260?, 0xc00012b260?)
	github.com/ethereum/go-ethereum/core/state_transition.go:182 +0x5d
github.com/ethereum/go-ethereum/cmd/evm/internal/t8ntool.(*Prestate).Apply(0xc0001caf70, {{0x0, 0x0}, 0x0, 0x0, {0x0, 0x0, 0x0}}, 0xc0000f60d0, {0xc000014fe8, ...}, ...)
	github.com/ethereum/go-ethereum/cmd/evm/internal/t8ntool/execution.go:186 +0xf3a
github.com/ethereum/go-ethereum/cmd/evm/internal/t8ntool.Transition(0xc0002b2dc0?)
	github.com/ethereum/go-ethereum/cmd/evm/internal/t8ntool/transition.go:296 +0x1f5f
github.com/ethereum/go-ethereum/internal/flags.MigrateGlobalFlags.func2.1(0x1bafd00?)
	github.com/ethereum/go-ethereum/internal/flags/helpers.go:91 +0x36
github.com/urfave/cli/v2.(*Command).Run(0x1bafd00, 0xc0002b2880)
	github.com/urfave/cli/[email protected]/command.go:177 +0x746
github.com/urfave/cli/v2.(*App).RunContext(0xc000378000, {0x13b4410?, 0xc000138038}, {0xc000136000, 0x16, 0x16})
	github.com/urfave/cli/[email protected]/app.go:387 +0x105e
github.com/urfave/cli/v2.(*App).Run(...)
	github.com/urfave/cli/[email protected]/app.go:252
main.main()
	github.com/ethereum/go-ethereum/cmd/evm/main.go:227 +0x47
 (StateTests/stEIP4844-blobtransactions/opcodeBlobhashOutOfRange, fork: Cancun, TrInfo: d: 0, g: 0, v: 0, TrData: ` 0x00..`)

I think it is the same as in nimbus:
status-im/nimbus-eth1#1587

I execute a code that has blobhash opcode with insane huge input.
@karalabe
Copy link
Member

This is probably because https://github.com/ethereum/go-ethereum/pull/27721/files#diff-64508d317d86e7a4a5294d76455a5e74148e26883da9e8b4ffc9bbfa3cc8550eR80 added the ExcessDataGas field but it wans't added to t8n. CC @holiman

@winsvega winsvega changed the title geth t8n crash on blobhash opcode instruction geth t8n crash on cancun input Jul 27, 2023
@winsvega
Copy link
Contributor Author

winsvega commented Jul 27, 2023
edited
Loading

confirm, this is not just that test. it happens on all cancun transaction inputs

@jsvisa
Copy link
Contributor

jsvisa commented Jul 28, 2023

@winsvega I'm trying to fix this, could you please provide a reproduce step?

@winsvega
Copy link
Contributor Author 

Alloc:
{
    "0xa94f5374fce5edbc8e2a8697c15331677e6ebf0b" : {
        "balance" : "0x016345785d8a0000",
        "code" : "0x",
        "nonce" : "0x00",
        "storage" : {
        }
    },
    "0xb94f5374fce5edbc8e2a8697c15331677e6ebf0b" : {
        "balance" : "0x016345785d8a0000",
        "code" : "0x60004960015500",
        "nonce" : "0x00",
        "storage" : {
        }
    }
}
Txs:
"0xf88bb88903f8860180026483061a8094b94f5374fce5edbc8e2a8697c15331677e6ebf0b8080c00ae1a001a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d801a025e16bb498552165016751911c3608d79000ab89dc3100776e729e6ea13091c7a03acacff7fc0cff6eda8a927dec93ca17765e1ee6cbc06c5954ce102e097c01d2"
{
    "data" : "0x",
    "gasLimit" : "0x061a80",
    "nonce" : "0x00",
    "to" : "0xb94f5374fce5edbc8e2a8697c15331677e6ebf0b",
    "value" : "0x00",
    "v" : "0x01",
    "r" : "0x25e16bb498552165016751911c3608d79000ab89dc3100776e729e6ea13091c7",
    "s" : "0x3acacff7fc0cff6eda8a927dec93ca17765e1ee6cbc06c5954ce102e097c01d2",
    "chainId" : "0x01",
    "type" : "0x03",
    "maxFeePerGas" : "0x64",
    "maxPriorityFeePerGas" : "0x02",
    "accessList" : [
    ],
    "maxFeePerBlobGas" : "0x0a",
    "blobVersionedHashes" : [
        "0x01a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8"
    ]
}
Env:
{
    "currentCoinbase" : "0x2adc25665018aa1fe0e6bc666dac8fc2697ff9ba",
    "currentNumber" : "0x01",
    "currentTimestamp" : "0x079e",
    "currentGasLimit" : "0x7fffffffffffffff",
    "previousHash" : "0x3a9b485972e7353edd9152712492f0c58d89ef80623686b6bf947a4a6dce6cb6",
    "currentBlobGasUsed" : "0x00",
    "parentTimestamp" : "0x03b6",
    "parentDifficulty" : "0x00",
    "parentUncleHash" : "0x1dcc4de8dec75d7aab85b567b6ccd41ad312451b948a7413f0a142fd40d49347",
    "currentRandom" : "0x56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421",
    "withdrawals" : [
    ],
    "parentBaseFee" : "0x0a",
    "parentGasUsed" : "0x00",
    "parentGasLimit" : "0x7fffffffffffffff",
    "parentExcessBlobGas" : "0x00",
    "parentBlobGasUsed" : "0x00",
    "blockHashes" : {
        "0" : "0x3a9b485972e7353edd9152712492f0c58d89ef80623686b6bf947a4a6dce6cb6"
    }
}
/home/wins/.retesteth/default/start.sh --state.fork Cancun --state.reward 0 --state.chainid 1 --input.alloc /dev/shm/5e02c71a-cf53-4b0d-842a-84982a8b2b8e/alloc.json --input.txs /dev/shm/5e02c71a-cf53-4b0d-842a-84982a8b2b8e/txs.rlp --input.env /dev/shm/5e02c71a-cf53-4b0d-842a-84982a8b2b8e/env.json --output.basedir /dev/shm/5e02c71a-cf53-4b0d-842a-84982a8b2b8e --output.result out.json --output.alloc outAlloc.json --output.errorlog /dev/shm/5e02c71a-cf53-4b0d-842a-84982a8b2b8e/error.json
Tool Error:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xc1e9b3]

@jsvisa jsvisa mentioned this issue Jul 28, 2023
Merged
@winsvega
Copy link
Contributor Author

Txs is comming in .rlp file
The json print is for debug

holiman added a commit that referenced this issue Aug 1, 2023
@jsvisa @holiman
cmd/evm: set ExcessBlobGas from env (#27796)
f404a2d 
Sets the `currentExcessBlobGas` from env, alternatively calculates it based on `parentExcessBlobGas` and `parentBlobGasUsed`. It then emits the `currentExcessBlobGas` and `currentBlobGasUsed` into the output, to be used as parent-values for a future iteration. 

Closes #27785
Closes #27783

---------

Signed-off-by: jsvisa <[email protected]>
Co-authored-by: Martin Holst Swende <[email protected]>
devopsbo3 pushed a commit to HorizenOfficial/go-ethereum that referenced this issue Nov 10, 2023
@jsvisa @holiman @devopsbo3
cmd/evm: set ExcessBlobGas from env (ethereum#27796)
1680bf1 
Sets the `currentExcessBlobGas` from env, alternatively calculates it based on `parentExcessBlobGas` and `parentBlobGasUsed`. It then emits the `currentExcessBlobGas` and `currentBlobGasUsed` into the output, to be used as parent-values for a future iteration. 

Closes ethereum#27785
Closes ethereum#27783

---------

Signed-off-by: jsvisa <[email protected]>
Co-authored-by: Martin Holst Swende <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type:bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

cmd/evm: set ExcessBlobGas from env jsvisa/go-ethereum
3 participants
@karalabe @jsvisa @winsvega