Node js internal assertion error in socket

[CCDi]

Version

v21.2.0

Platform

Darwin 22.6.0 Darwin Kernel Version 22.6.0:; RELEASE_ARM64_T6020 arm64

Subsystem

socket

What steps will reproduce the bug?

In a js file, copy and paste

const express = require('express');
const request = require('request');
const ssrfFilter = require('ssrf-req-filter');

const app = express();
const port = 3000;

app.get('/put/url/data/filter/:domain', (req, res) => {
    var url = `http://${req.params["domain"]}`;

    var results = request({
        uri: url,
        agent: ssrfFilter(url)
    }, function (error, response, body) {
        console.error('error:', error);
        console.log('statusCode:', response && response.statusCode);
    });

    return results.body;
});

app.listen(port, () => console.log("Example"));

In terminal (1), run node <name of file>.

In terminal (2), make a request to the application by starting python with:

import requests
requests.get("http://127.0.0.1:3000/put/url/data/filter/10.0.0.2.nip.io")

How often does it reproduce? Is there a required condition?

Every time

What is the expected behavior? Why is that the expected behavior?

The expected behavior is that an error that is not an ERR_INTERNAL_ASSERTION is thrown (the error Call to address is blocked in https://github.com/y-mehta/ssrf-req-filter/blob/e45da7cd5f1ede17b0237dcd7daa83a85e07afd6/lib/index.js#L38C7-L38C13 is thrown)

I suspect this is caused by assert(self.connecting)

What do you see instead?

node:internal/assert:14
throw new ERR_INTERNAL_ASSERTION(message);
^

Error [ERR_INTERNAL_ASSERTION]: This is caused by either a bug in Node.js or incorrect usage of Node.js internals.
Please open an issue with this stack trace at https://github.com/nodejs/node/issues

at assert (node:internal/assert:14:11)
at internalConnect (node:net:1037:3)
at defaultTriggerAsyncIdScope (node:internal/async_hooks:464:18)
at GetAddrInfoReqWrap.emitLookup [as callback] (node:net:1481:9)
at GetAddrInfoReqWrap.onlookupall [as oncomplete] (node:dns:130:8) {

code: 'ERR_INTERNAL_ASSERTION'
}

Additional information

No response

[tniessen]

Possibly related to #44731. cc @ShogunPanda

[ShogunPanda]

@tniessen I'm not sure this time. As you can see, there are no internalConnectMultiple calls or similar in the stack trace (which are usually a sign of the network family auto selection bug.

[theanarkh]

The lookup event here causes the socket to close. The crash occurred later when the connection was initiated.

[theanarkh]

As a workaround. I think you can run your app with --no-network-family-autoselection(node --no-network-family-autoselection xxx.js)
or

request({
  autoSelectFamily: false, // autoSelectFamily is not a standard parameter but it will be passed to net.connect
},

[ShogunPanda]

@theanarkh Looking at the original repo, there is no internalConnectMultiple call involved. Why do you say the problem is there?

Nevermind, I just saw the PR.