$ node fallback.js &
$ workerd serve config.capnp --verbose --experimental
-
-
Save mrbbot/3247fb8fa0979caf546f6b5691f71f27 to your computer and use it in GitHub Desktop.
Module Fallback Service UAF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using Workerd = import "/workerd/workerd.capnp"; | |
| const config :Workerd.Config = ( | |
| services = [ | |
| (name = "main", worker = .worker), | |
| ], | |
| sockets = [ ( name = "http", address = "*:8080", http = (), service = "main" ) ] | |
| ); | |
| const worker :Workerd.Worker = ( | |
| modules = [ | |
| (name = "worker", esModule = embed "script.js"), | |
| ], | |
| compatibilityDate = "2023-02-28", | |
| moduleFallback = "localhost:8888", | |
| ); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env node | |
| const http = require("http"); | |
| const moduleCount = 100; | |
| const index = Array.from({ length: moduleCount }) | |
| .map((_, i) => `require("./${i}.cjs");`) | |
| .join("\n"); | |
| const server = http.createServer((req, res) => { | |
| let result; | |
| if (req.url.endsWith("reproduction.cjs")) { | |
| result = { | |
| name: "reproduction.cjs", | |
| commonJsModule: index, | |
| }; | |
| } else { | |
| result = { | |
| name: req.url.substring(req.url.lastIndexOf("/") + 1), | |
| commonJsModule: `module.exports = "contents"`, | |
| } | |
| } | |
| res.end(JSON.stringify(result)); | |
| }); | |
| server.listen(8888, () => { | |
| console.log("Listening on :8888..."); | |
| }); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import reproduction from "./reproduction.cjs"; | |
| export default { | |
| async fetch(req, env, ctx) { | |
| return new Response("body"); | |
| } | |
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ================================================================= | |
| ==58673==ERROR: AddressSanitizer: heap-use-after-free on address 0x000114505df8 at pc 0x000103bfcac8 bp 0x00016f99cfb0 sp 0x00016f99cfa8 | |
| READ of size 8 at 0x000114505df8 thread T0 | |
| #0 0x103bfcac4 in workerd::jsg::(anonymous namespace)::evaluateSyntheticModuleCallback(v8::Local<v8::Context>, v8::Local<v8::Module>) modules.c++:114 | |
| #1 0x105c426cc in v8::internal::SyntheticModule::Evaluate(v8::internal::Isolate*, v8::internal::Handle<v8::internal::SyntheticModule>)+0x390 (workerd:arm64+0x1057ea6cc) | |
| #2 0x105ab332c in v8::internal::Module::Evaluate(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Module>)+0x758 (workerd:arm64+0x10565b32c) | |
| #3 0x105be741c in v8::internal::SourceTextModule::InnerModuleEvaluation(v8::internal::Isolate*, v8::internal::Handle<v8::internal::SourceTextModule>, v8::internal::ZoneForwardList<v8::internal::Handle<v8::internal::SourceTextModule>>*, unsigned int*)+0x73c (workerd:arm64+0x10578f41c) | |
| #4 0x105be6084 in v8::internal::SourceTextModule::Evaluate(v8::internal::Isolate*, v8::internal::Handle<v8::internal::SourceTextModule>)+0x2f0 (workerd:arm64+0x10578e084) | |
| #5 0x105ab3288 in v8::internal::Module::Evaluate(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Module>)+0x6b4 (workerd:arm64+0x10565b288) | |
| #6 0x10455f118 in v8::Module::Evaluate(v8::Local<v8::Context>)+0x44c (workerd:arm64+0x104107118) | |
| #7 0x103bf2b04 in workerd::jsg::instantiateModule(workerd::jsg::Lock&, v8::Local<v8::Module>&) modules.c++:330 | |
| #8 0x1018c2440 in workerd::Worker::Worker(kj::Own<workerd::Worker::Script const, std::nullptr_t>, kj::Own<workerd::WorkerObserver, std::nullptr_t>, kj::FunctionParam<void (workerd::jsg::Lock&, workerd::Worker::ApiIsolate const&, v8::Local<v8::Object>)>, workerd::IsolateObserver::StartType, workerd::SpanParent, workerd::Worker::LockType, kj::Maybe<workerd::Worker::ValidationErrorReporter&>) worker.c++:1401 | |
| #9 0x1018c8280 in workerd::Worker::Worker(kj::Own<workerd::Worker::Script const, std::nullptr_t>, kj::Own<workerd::WorkerObserver, std::nullptr_t>, kj::FunctionParam<void (workerd::jsg::Lock&, workerd::Worker::ApiIsolate const&, v8::Local<v8::Object>)>, workerd::IsolateObserver::StartType, workerd::SpanParent, workerd::Worker::LockType, kj::Maybe<workerd::Worker::ValidationErrorReporter&>) worker.c++:1370 | |
| #10 0x1004aa3fc in workerd::server::Server::makeWorker(kj::StringPtr, workerd::server::config::Worker::Reader, capnp::List<workerd::server::config::Extension, (capnp::Kind)3>::Reader) server.c++:2606 | |
| #11 0x1004c38c4 in workerd::server::Server::makeService(workerd::server::config::Service::Reader, kj::HttpHeaderTable::Builder&, capnp::List<workerd::server::config::Extension, (capnp::Kind)3>::Reader) server.c++:2731 | |
| #12 0x1004d18f0 in workerd::server::Server::startServices(workerd::jsg::V8System&, workerd::server::config::Config::Reader, kj::HttpHeaderTable::Builder&, kj::ForkedPromise<void>&) server.c++:3133 | |
| #13 0x1004cc830 in workerd::server::Server::run(workerd::jsg::V8System&, workerd::server::config::Config::Reader, kj::Promise<void>) server.c++:2973 | |
| #14 0x10048fef0 in workerd::server::CliMain::serve()::'lambda'(workerd::jsg::V8System&, workerd::server::config::Config::Reader)::operator()(workerd::jsg::V8System&, workerd::server::config::Config::Reader) const workerd.c++:1045 | |
| #15 0x10048ef24 in void workerd::server::CliMain::serveImpl<workerd::server::CliMain::serve()::'lambda'(workerd::jsg::V8System&, workerd::server::config::Config::Reader)>(workerd::server::CliMain::serve()::'lambda'(workerd::jsg::V8System&, workerd::server::config::Config::Reader)&&) workerd.c++:1028 | |
| #16 0x10048e9a8 in workerd::server::CliMain::serve() workerd.c++:1041 | |
| #17 0x10048e8e0 in kj::Function<kj::MainBuilder::Validity ()>::Impl<auto workerd::server::cliMethod<kj::_::BoundMethod<workerd::server::CliMain&, workerd::server::CliMain::addServeOptions(kj::MainBuilder&)::'lambda5'(auto&, auto&&...), workerd::server::CliMain::addServeOptions(kj::MainBuilder&)::'lambda6'(auto&, auto&&...)>>(auto&&)::'lambda'(auto&&...)>::operator()() function.h:142 | |
| #18 0x108987170 in kj::MainBuilder::MainImpl::operator()(kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>) main.c++:612 | |
| #19 0x108995504 in kj::Function<void (kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>)>::Impl<kj::MainBuilder::MainImpl>::operator()(kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>) function.h:142 | |
| #20 0x10898576c in kj::MainBuilder::MainImpl::operator()(kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>) main.c++:510 | |
| #21 0x108995504 in kj::Function<void (kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>)>::Impl<kj::MainBuilder::MainImpl>::operator()(kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>) function.h:142 | |
| #22 0x108980084 in kj::Maybe<kj::Exception> kj::runCatchingExceptions<kj::runMainAndExit(kj::ProcessContext&, kj::Function<void (kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>)>&&, int, char**)::$_0>(kj::runMainAndExit(kj::ProcessContext&, kj::Function<void (kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>)>&&, int, char**)::$_0&&) exception.h:339 | |
| #23 0x10897f598 in kj::runMainAndExit(kj::ProcessContext&, kj::Function<void (kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>)>&&, int, char**) main.c++:219 | |
| #24 0x10045c5c8 in main workerd.c++:1311 | |
| #25 0x18b7250dc (<unknown module>) | |
| 0x000114505df8 is located 9464 bytes inside of 13312-byte region [0x000114503900,0x000114506d00) | |
| freed by thread T0 here: | |
| #0 0x11010d52c in wrap__ZdlPv+0x74 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x6152c) | |
| #1 0x1089064e0 in kj::_::HeapArrayDisposer::disposeImpl(void*, unsigned long, unsigned long, unsigned long, void (*)(void*)) const array.c++:104 | |
| #2 0x100947984 in kj::Vector<workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>::Entry>::setCapacity(unsigned long) vector.h:140 | |
| #3 0x1009458c4 in kj::Table<workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>::Entry, kj::HashIndex<workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>::SpecifierHashCallbacks>>::insert(workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>::Entry&&) table.h:537 | |
| #4 0x1009443ec in workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>::add(kj::Path&, workerd::jsg::ModuleRegistry::ModuleInfo&&) modules.h:406 | |
| #5 0x100f69fe8 in workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>::resolve(workerd::jsg::Lock&, kj::Path const&, workerd::jsg::ModuleRegistry::ResolveOption, workerd::jsg::ModuleRegistry::ResolveMethod) modules.h:495 | |
| #6 0x103bef44c in workerd::jsg::CommonJsModuleContext::require(workerd::jsg::Lock&, kj::String) modules.c++:253 | |
| #7 0x100f35dfc in workerd::jsg::MethodCallback<workerd::server::JsgWorkerdIsolate_TypeWrapper, &void workerd::jsg::CommonJsModuleContext::registerMembers<workerd::jsg::ResourceTypeBuilder<workerd::server::JsgWorkerdIsolate_TypeWrapper, workerd::jsg::CommonJsModuleContext, false>, workerd::jsg::CommonJsModuleContext>(workerd::jsg::ResourceTypeBuilder<workerd::server::JsgWorkerdIsolate_TypeWrapper, workerd::jsg::CommonJsModuleContext, false>&)::NAME, false, workerd::jsg::CommonJsModuleContext, v8::Local<v8::Value> (workerd::jsg::CommonJsModuleContext::*)(workerd::jsg::Lock&, kj::String), &workerd::jsg::CommonJsModuleContext::require(workerd::jsg::Lock&, kj::String), kj::_::Indexes<0ul>>::callback(v8::FunctionCallbackInfo<v8::Value> const&)::'lambda'()::operator()() const resource.h:221 | |
| #8 0x100f357a0 in void workerd::jsg::LiftKj_<v8::Local<v8::Value>>::apply<v8::FunctionCallbackInfo<v8::Value>, workerd::jsg::MethodCallback<workerd::server::JsgWorkerdIsolate_TypeWrapper, &void workerd::jsg::CommonJsModuleContext::registerMembers<workerd::jsg::ResourceTypeBuilder<workerd::server::JsgWorkerdIsolate_TypeWrapper, workerd::jsg::CommonJsModuleContext, false>, workerd::jsg::CommonJsModuleContext>(workerd::jsg::ResourceTypeBuilder<workerd::server::JsgWorkerdIsolate_TypeWrapper, workerd::jsg::CommonJsModuleContext, false>&)::NAME, false, workerd::jsg::CommonJsModuleContext, v8::Local<v8::Value> (workerd::jsg::CommonJsModuleContext::*)(workerd::jsg::Lock&, kj::String), &workerd::jsg::CommonJsModuleContext::require(workerd::jsg::Lock&, kj::String), kj::_::Indexes<0ul>>::callback(v8::FunctionCallbackInfo<v8::Value> const&)::'lambda'()>(workerd::jsg::ResourceTypeBuilder<workerd::server::JsgWorkerdIsolate_TypeWrapper, workerd::jsg::CommonJsModuleContext, false> const&, workerd::jsg::MethodCallback<workerd::server::JsgWorkerdIsolate_TypeWrapper, &void workerd::jsg::CommonJsModuleContext::registerMembers<workerd::jsg::ResourceTypeBuilder<workerd::server::JsgWorkerdIsolate_TypeWrapper, workerd::jsg::CommonJsModuleContext, false>, workerd::jsg::CommonJsModuleContext>(workerd::jsg::ResourceTypeBuilder<workerd::server::JsgWorkerdIsolate_TypeWrapper, workerd::jsg::CommonJsModuleContext, false>&)::NAME, false, workerd::jsg::CommonJsModuleContext, v8::Local<v8::Value> (workerd::jsg::CommonJsModuleContext::*)(workerd::jsg::Lock&, kj::String), &workerd::jsg::CommonJsModuleContext::require(workerd::jsg::Lock&, kj::String), kj::_::Indexes<0ul>>::callback(v8::FunctionCallbackInfo<v8::Value> const&)::'lambda'()&&) util.h:283 | |
| #9 0x100f355e4 in workerd::jsg::MethodCallback<workerd::server::JsgWorkerdIsolate_TypeWrapper, &void workerd::jsg::CommonJsModuleContext::registerMembers<workerd::jsg::ResourceTypeBuilder<workerd::server::JsgWorkerdIsolate_TypeWrapper, workerd::jsg::CommonJsModuleContext, false>, workerd::jsg::CommonJsModuleContext>(workerd::jsg::ResourceTypeBuilder<workerd::server::JsgWorkerdIsolate_TypeWrapper, workerd::jsg::CommonJsModuleContext, false>&)::NAME, false, workerd::jsg::CommonJsModuleContext, v8::Local<v8::Value> (workerd::jsg::CommonJsModuleContext::*)(workerd::jsg::Lock&, kj::String), &workerd::jsg::CommonJsModuleContext::require(workerd::jsg::Lock&, kj::String), kj::_::Indexes<0ul>>::callback(v8::FunctionCallbackInfo<v8::Value> const&) resource.h:210 | |
| #10 0x10434647c in Builtins_CallApiCallbackGeneric+0xbc (workerd:arm64+0x103eee47c) | |
| #11 0x104344480 in Builtins_InterpreterEntryTrampoline+0x120 (workerd:arm64+0x103eec480) | |
| #12 0x104341da4 in Builtins_JSEntryTrampoline+0xa4 (workerd:arm64+0x103ee9da4) | |
| #13 0x104341a94 in Builtins_JSEntry+0x94 (workerd:arm64+0x103ee9a94) | |
| #14 0x104d405d8 in v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, v8::internal::(anonymous namespace)::InvokeParams const&)+0x1d88 (workerd:arm64+0x1048e85d8) | |
| #15 0x104d3e62c in v8::internal::Execution::Call(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*)+0x38c (workerd:arm64+0x1048e662c) | |
| #16 0x104594ee0 in v8::Function::Call(v8::Local<v8::Context>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*)+0x448 (workerd:arm64+0x10413cee0) | |
| #17 0x100f84994 in auto workerd::jsg::Lock::withinHandleScope<kj::Maybe<workerd::jsg::Function<void ()>> workerd::jsg::FunctionWrapper<workerd::server::JsgWorkerdIsolate_TypeWrapper>::tryUnwrap<void>(v8::Local<v8::Context>, v8::Local<v8::Value>, workerd::jsg::Function<void ()>*, kj::Maybe<v8::Local<v8::Object>>)::'lambda'(workerd::jsg::Lock&, v8::Local<v8::Value>, v8::Local<v8::Function>)::operator()(workerd::jsg::Lock&, v8::Local<v8::Value>, v8::Local<v8::Function>) const::'lambda'()>(void&&) jsg.h:2140 | |
| #18 0x100f84774 in kj::Maybe<workerd::jsg::Function<void ()>> workerd::jsg::FunctionWrapper<workerd::server::JsgWorkerdIsolate_TypeWrapper>::tryUnwrap<void>(v8::Local<v8::Context>, v8::Local<v8::Value>, workerd::jsg::Function<void ()>*, kj::Maybe<v8::Local<v8::Object>>)::'lambda'(workerd::jsg::Lock&, v8::Local<v8::Value>, v8::Local<v8::Function>)::__invoke(workerd::jsg::Lock&, v8::Local<v8::Value>, v8::Local<v8::Function>) function.h:383 | |
| #19 0x1017f1e14 in workerd::jsg::Function<void ()>::operator()(workerd::jsg::Lock&) function.h:163 | |
| #20 0x103bfbce4 in workerd::jsg::(anonymous namespace)::evaluateSyntheticModuleCallback(v8::Local<v8::Context>, v8::Local<v8::Module>) modules.c++:114 | |
| #21 0x105c426cc in v8::internal::SyntheticModule::Evaluate(v8::internal::Isolate*, v8::internal::Handle<v8::internal::SyntheticModule>)+0x390 (workerd:arm64+0x1057ea6cc) | |
| #22 0x105ab332c in v8::internal::Module::Evaluate(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Module>)+0x758 (workerd:arm64+0x10565b32c) | |
| #23 0x105be741c in v8::internal::SourceTextModule::InnerModuleEvaluation(v8::internal::Isolate*, v8::internal::Handle<v8::internal::SourceTextModule>, v8::internal::ZoneForwardList<v8::internal::Handle<v8::internal::SourceTextModule>>*, unsigned int*)+0x73c (workerd:arm64+0x10578f41c) | |
| #24 0x105be6084 in v8::internal::SourceTextModule::Evaluate(v8::internal::Isolate*, v8::internal::Handle<v8::internal::SourceTextModule>)+0x2f0 (workerd:arm64+0x10578e084) | |
| #25 0x105ab3288 in v8::internal::Module::Evaluate(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Module>)+0x6b4 (workerd:arm64+0x10565b288) | |
| #26 0x10455f118 in v8::Module::Evaluate(v8::Local<v8::Context>)+0x44c (workerd:arm64+0x104107118) | |
| #27 0x103bf2b04 in workerd::jsg::instantiateModule(workerd::jsg::Lock&, v8::Local<v8::Module>&) modules.c++:330 | |
| #28 0x1018c2440 in workerd::Worker::Worker(kj::Own<workerd::Worker::Script const, std::nullptr_t>, kj::Own<workerd::WorkerObserver, std::nullptr_t>, kj::FunctionParam<void (workerd::jsg::Lock&, workerd::Worker::ApiIsolate const&, v8::Local<v8::Object>)>, workerd::IsolateObserver::StartType, workerd::SpanParent, workerd::Worker::LockType, kj::Maybe<workerd::Worker::ValidationErrorReporter&>) worker.c++:1401 | |
| #29 0x1018c8280 in workerd::Worker::Worker(kj::Own<workerd::Worker::Script const, std::nullptr_t>, kj::Own<workerd::WorkerObserver, std::nullptr_t>, kj::FunctionParam<void (workerd::jsg::Lock&, workerd::Worker::ApiIsolate const&, v8::Local<v8::Object>)>, workerd::IsolateObserver::StartType, workerd::SpanParent, workerd::Worker::LockType, kj::Maybe<workerd::Worker::ValidationErrorReporter&>) worker.c++:1370 | |
| previously allocated by thread T0 here: | |
| #0 0x11010d0ec in wrap__Znwm+0x74 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x610ec) | |
| #1 0x1089063b8 in kj::_::HeapArrayDisposer::allocateImpl(unsigned long, unsigned long, unsigned long, void (*)(void*), void (*)(void*)) array.c++:74 | |
| #2 0x100947824 in kj::Vector<workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>::Entry>::setCapacity(unsigned long) vector.h:138 | |
| #3 0x1009458c4 in kj::Table<workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>::Entry, kj::HashIndex<workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>::SpecifierHashCallbacks>>::insert(workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>::Entry&&) table.h:537 | |
| #4 0x1009451a4 in workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>::addBuiltinModule(kj::StringPtr, kj::ArrayPtr<char const>, capnp::schemas::ModuleType_a6850d4b9d3611ae) modules.h:439 | |
| #5 0x10094a870 in workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>::addBuiltinBundle(workerd::jsg::Bundle::Reader, kj::Maybe<capnp::schemas::ModuleType_a6850d4b9d3611ae>) modules.h:415 | |
| #6 0x10094a3c4 in void workerd::api::node::registerNodeJsCompatModules<workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>, workerd::CompatibilityFlags::Reader>(workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>&, workerd::CompatibilityFlags::Reader) node.h:68 | |
| #7 0x100944a14 in void workerd::api::registerModules<workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>, workerd::CompatibilityFlags::Reader>(workerd::jsg::ModuleRegistryImpl<workerd::server::JsgWorkerdIsolate_TypeWrapper>&, workerd::CompatibilityFlags::Reader) modules.h:17 | |
| #8 0x1005dee98 in workerd::server::WorkerdApiIsolate::compileModules(workerd::jsg::Lock&, workerd::server::config::Worker::Reader, workerd::Worker::ValidationErrorReporter&, capnp::List<workerd::server::config::Extension, (capnp::Kind)3>::Reader) const workerd-api.c++:355 | |
| #9 0x100f80ad8 in kj::Function<void (workerd::jsg::Lock&, workerd::Worker::ApiIsolate const&)>::Impl<workerd::server::WorkerdApiIsolate::extractSource(kj::StringPtr, workerd::server::config::Worker::Reader, workerd::Worker::ValidationErrorReporter&, capnp::List<workerd::server::config::Extension, (capnp::Kind)3>::Reader)::$_2>::operator()(workerd::jsg::Lock&, workerd::Worker::ApiIsolate const&) function.h:142 | |
| #10 0x1018bb85c in workerd::Worker::Script::Script(kj::Own<workerd::Worker::Isolate const, std::nullptr_t>, kj::StringPtr, kj::OneOf<workerd::Worker::Script::ScriptSource, workerd::Worker::Script::ModulesSource>, workerd::IsolateObserver::StartType, bool, kj::Maybe<workerd::Worker::ValidationErrorReporter&>) worker.c++:1191 | |
| #11 0x1018f8e48 in kj::Own<workerd::Worker::Script, std::nullptr_t> kj::atomicRefcounted<workerd::Worker::Script, kj::Own<workerd::Worker::Isolate const, std::nullptr_t>, kj::StringPtr&, kj::OneOf<workerd::Worker::Script::ScriptSource, workerd::Worker::Script::ModulesSource>, workerd::IsolateObserver::StartType&, bool&, kj::Maybe<workerd::Worker::ValidationErrorReporter&>&>(kj::Own<workerd::Worker::Isolate const, std::nullptr_t>&&, kj::StringPtr&, kj::OneOf<workerd::Worker::Script::ScriptSource, workerd::Worker::Script::ModulesSource>&&, workerd::IsolateObserver::StartType&, bool&, kj::Maybe<workerd::Worker::ValidationErrorReporter&>&) refcount.h:225 | |
| #12 0x1018f87c4 in workerd::Worker::Isolate::newScript(kj::StringPtr, kj::OneOf<workerd::Worker::Script::ScriptSource, workerd::Worker::Script::ModulesSource>, workerd::IsolateObserver::StartType, bool, kj::Maybe<workerd::Worker::ValidationErrorReporter&>) const worker.c++:3410 | |
| #13 0x1004a9864 in workerd::server::Server::makeWorker(kj::StringPtr, workerd::server::config::Worker::Reader, capnp::List<workerd::server::config::Extension, (capnp::Kind)3>::Reader) server.c++:2588 | |
| #14 0x1004c38c4 in workerd::server::Server::makeService(workerd::server::config::Service::Reader, kj::HttpHeaderTable::Builder&, capnp::List<workerd::server::config::Extension, (capnp::Kind)3>::Reader) server.c++:2731 | |
| #15 0x1004d18f0 in workerd::server::Server::startServices(workerd::jsg::V8System&, workerd::server::config::Config::Reader, kj::HttpHeaderTable::Builder&, kj::ForkedPromise<void>&) server.c++:3133 | |
| #16 0x1004cc830 in workerd::server::Server::run(workerd::jsg::V8System&, workerd::server::config::Config::Reader, kj::Promise<void>) server.c++:2973 | |
| #17 0x10048fef0 in workerd::server::CliMain::serve()::'lambda'(workerd::jsg::V8System&, workerd::server::config::Config::Reader)::operator()(workerd::jsg::V8System&, workerd::server::config::Config::Reader) const workerd.c++:1045 | |
| #18 0x10048ef24 in void workerd::server::CliMain::serveImpl<workerd::server::CliMain::serve()::'lambda'(workerd::jsg::V8System&, workerd::server::config::Config::Reader)>(workerd::server::CliMain::serve()::'lambda'(workerd::jsg::V8System&, workerd::server::config::Config::Reader)&&) workerd.c++:1028 | |
| #19 0x10048e9a8 in workerd::server::CliMain::serve() workerd.c++:1041 | |
| #20 0x10048e8e0 in kj::Function<kj::MainBuilder::Validity ()>::Impl<auto workerd::server::cliMethod<kj::_::BoundMethod<workerd::server::CliMain&, workerd::server::CliMain::addServeOptions(kj::MainBuilder&)::'lambda5'(auto&, auto&&...), workerd::server::CliMain::addServeOptions(kj::MainBuilder&)::'lambda6'(auto&, auto&&...)>>(auto&&)::'lambda'(auto&&...)>::operator()() function.h:142 | |
| #21 0x108987170 in kj::MainBuilder::MainImpl::operator()(kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>) main.c++:612 | |
| #22 0x108995504 in kj::Function<void (kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>)>::Impl<kj::MainBuilder::MainImpl>::operator()(kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>) function.h:142 | |
| #23 0x10898576c in kj::MainBuilder::MainImpl::operator()(kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>) main.c++:510 | |
| #24 0x108995504 in kj::Function<void (kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>)>::Impl<kj::MainBuilder::MainImpl>::operator()(kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>) function.h:142 | |
| #25 0x108980084 in kj::Maybe<kj::Exception> kj::runCatchingExceptions<kj::runMainAndExit(kj::ProcessContext&, kj::Function<void (kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>)>&&, int, char**)::$_0>(kj::runMainAndExit(kj::ProcessContext&, kj::Function<void (kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>)>&&, int, char**)::$_0&&) exception.h:339 | |
| #26 0x10897f598 in kj::runMainAndExit(kj::ProcessContext&, kj::Function<void (kj::StringPtr, kj::ArrayPtr<kj::StringPtr const>)>&&, int, char**) main.c++:219 | |
| #27 0x10045c5c8 in main workerd.c++:1311 | |
| #28 0x18b7250dc (<unknown module>) | |
| SUMMARY: AddressSanitizer: heap-use-after-free modules.c++:114 in workerd::jsg::(anonymous namespace)::evaluateSyntheticModuleCallback(v8::Local<v8::Context>, v8::Local<v8::Module>) | |
| Shadow bytes around the buggy address: | |
| 0x000114505b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x000114505b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x000114505c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x000114505c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x000114505d00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| =>0x000114505d80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd[fd] | |
| 0x000114505e00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x000114505e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x000114505f00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x000114505f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| 0x000114506000: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd | |
| Shadow byte legend (one shadow byte represents 8 application bytes): | |
| Addressable: 00 | |
| Partially addressable: 01 02 03 04 05 06 07 | |
| Heap left redzone: fa | |
| Freed heap region: fd | |
| Stack left redzone: f1 | |
| Stack mid redzone: f2 | |
| Stack right redzone: f3 | |
| Stack after return: f5 | |
| Stack use after scope: f8 | |
| Global redzone: f9 | |
| Global init order: f6 | |
| Poisoned by user: f7 | |
| Container overflow: fc | |
| Array cookie: ac | |
| Intra object redzone: bb | |
| ASan internal: fe | |
| Left alloca redzone: ca | |
| Right alloca redzone: cb | |
| ==58673==ABORTING | |
| workerd/util/symbolizer.c++:98: warning: Not symbolizing stack traces because $LLVM_SYMBOLIZER is not set. To symbolize stack traces, set $LLVM_SYMBOLIZER to the location of the llvm-symbolizer binary. When running tests under bazel, use `--test_env=LLVM_SYMBOLIZER=<path>`. | |
| *** Received signal #6: Abort trap: 6 | |
| stack: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment