Segfault when dynamically importing inside of Function

[Dinhero21]

Version

v18.17.0

Platform

Linux fedora 6.6.8-200.fc39.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 21 04:01:49 UTC 2023 x86_64 GNU/Linux

Subsystem

No response

What steps will reproduce the bug?

Running the following code:

const repl = require('node:repl')
const { Writable } = require('node:stream')

const r = repl.start()

r.output = new Writable({ write() { } })

async function sleep(ms) {
  return new Promise(resolve => setTimeout(resolve, ms))
}

async function main() {
  while (true) {
    await sleep(0)

    r.write(`(new Function('import("")'))()\n`)
  }
}

void main()

How often does it reproduce? Is there a required condition?

Always, in less then a second.

What is the expected behavior? Why is that the expected behavior?

Never-ending loop

What do you see instead?

Segmentation Fault

Additional information

stdout:

>

stderr:

segmentation fault (core dumped)

gdb output:

Thread 1 "node" received signal SIGSEGV, Segmentation fault.
0x0000000000a903c4 in node:: loader:: ImportModuleDynamically(v8:: Local < v8:: Context >, v8:: Local < v8:: Data >, v8:: Local < v8:: Value >, v8:: Local < v8:: String >, v8:: Local < v8:: FixedArray >)[clone.cold.282]()

[Dinhero21]

A friend of mine wasn't able to reproduce using his setup but I got it working on a discord bot

[Dinhero21]

Backtrace:

(gdb) bt
#0  0x0000000000a903c4 in node::loader::ImportModuleDynamically(v8::Local<v8::Context>, v8::Local<v8::Data>, v8::Local<v8::Value>, v8::Local<v8::String>, v8::Local<v8::FixedArray>) [clone .cold.282] ()
#1  0x0000000000ec6801 in v8::internal::Isolate::RunHostImportModuleDynamicallyCallback(v8::internal::Handle<v8::internal::Script>, v8::internal::Handle<v8::internal::Object>, v8::internal::MaybeHandle<v8::internal::Object>) ()
#2  0x00000000012dcedb in v8::internal::Runtime_DynamicImportCall(int, unsigned long*, v8::internal::Isolate*) ()
#3  0x00000000017035b9 in Builtins_CEntry_Return1_DontSaveFPRegs_ArgvOnStack_NoBuiltinExit ()
#4  0x000000000583e947 in ?? ()
#5  0x000018812f7417d1 in ?? ()
#6  0x00001a6c5fb572d9 in ?? ()
#7  0x000018812f7417d1 in ?? ()
#8  0x00001a6c5fb572d9 in ?? ()
#9  0x00003ec6c9b6c951 in ?? ()
#10 0x00003ec6c9b61f49 in ?? ()
#11 0x0000000000000001 in ?? ()
#12 0x00001a6c5fb572d9 in ?? ()
#13 0x000031595542ea69 in ?? ()
#14 0x00007fffffffb5d8 in ?? ()
#15 0x0000000001687610 in Builtins_InterpreterEntryTrampoline ()
#16 0x000031595542ea49 in ?? ()
#17 0x000011ae6f523df1 in ?? ()
#18 0x000031595542f5e1 in ?? ()
#19 0x00001a6c5fb572d9 in ?? ()
#20 0x000018812f7415b9 in ?? ()
#21 0x0000004600000000 in ?? ()
#22 0x00003ec6c9b6ecf9 in ?? ()
#23 0x0000000000000002 in ?? ()
#24 0x00003ec6c9b6ed81 in ?? ()
#25 0x000031595542ea69 in ?? ()
#26 0x00007fffffffb608 in ?? ()
#27 0x0000000001685c1c in Builtins_JSEntryTrampoline ()
#28 0x000031595542ea49 in ?? ()
#29 0x00001a6c5fb56d39 in ?? ()
#30 0x00003ec6c9b6ed81 in ?? ()
#31 0x0000000000000026 in ?? ()
#32 0x00007fffffffb670 in ?? ()
#33 0x0000000001685943 in Builtins_JSEntry ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

[axkibe]

You didnt say you actual node version.
works for me: v21.1.0

[aduh95]

I think it's a duplicate of #43681. Closing as such, please comment or reopen if I'm missing something.

[Dinhero21]

You didnt say you actual node version. works for me: v21.1.0

oops fixed

[Dinhero21]

I think it's a duplicate of #43681. Closing as such, please comment or reopen if I'm missing something.

most probably

[Dinhero21]

Seems to be fixed as of the latest version (v21.5.0)

didn't notice I wasn't using it