Almost guaranteed ECONNRESET on piped sockets if connecting to Node's HTTPS server which answers with "connection: 'close'" after setImmediate or setTimeout, on OSX

[decadent]

• Version: v10.11.0
• Platform: Darwin localhost.local 15.6.0 Darwin Kernel Version 15.6.0: Thu Jun 21 20:07:40 PDT 2018; root:xnu-3248.73.11~1/RELEASE_X86_64 x86_64 (aka OSX 10.11.6, also happens on High Sierra)
• Subsystem: ???

In the following code, pem is a module from NPM, and the rest is an HTTP proxy which serves CONNECT requests and pipes them to an HTTPS server defined in the same script:

const http = require('http');
const https = require('https');
const pem = require('pem');
const net = require('net');

const createHttpsServer = (callback) => {
  pem.createCertificate({
    days: 365,
    selfSigned: true
  }, (error, {serviceKey, certificate, csr}) => {
    const server = https.createServer({
      ca: csr,
      cert: certificate,
      key: serviceKey
    }, (req, res) => {
      setImmediate(() => {
        res.writeHead(200, {
          connection: 'close'
        });
        res.end('OK');
      });
    });

    server.listen((error) => {
      if (error) {
        console.error(error);
      } else {
        callback(null, server.address().port);
      }
    });
  });
};

const createProxy = (httpsServerPort) => {
  const proxy = http.createServer();
  proxy.on('connect', (request, requestSocket, head) => {
    const serverSocket = net.connect({
      port: httpsServerPort
    }, 'localhost', () => {
      requestSocket.write(
        'HTTP/1.1 200 Connection established\r\n\r\n'
      );

      serverSocket.write(head);
      serverSocket.pipe(requestSocket);
      requestSocket.pipe(serverSocket);
    });
  });

  proxy.listen(9000);
};

createHttpsServer((error, httpsServerPort) => {
  if (error) {
    console.error(error);
  } else {
    createProxy(httpsServerPort);
  }
});

If you run curl --proxy http://localhost:9000 https://qweasd/ -k, you'll see Curl receive the reply, and meanwhile the script will almost certainly fail with:

events.js:167
      throw er; // Unhandled 'error' event
      ^

Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:111:27)
Emitted 'error' event at:
    at Socket.onerror (_stream_readable.js:690:12)
    at Socket.emit (events.js:182:13)
    at emitErrorNT (internal/streams/destroy.js:82:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:50:3)
    at process._tickCallback (internal/process/next_tick.js:63:19)

This issue is dependent on several parameters:

• You're running OSX. El Capitan and High Sierra both exhibit this, an Ubuntu VM doesn't.
• The server is HTTPS: an HTTP server and curl --proxytunnel work alright.
• The server is running in the same script as the proxy.
• The server answers with a connection: 'close' header.
• The strangest one: the server request handler has setImmediate or setTimeout around the reply (with, I guess, any timeout value). process.nextTick doesn't do it. And if the handler instead serves the reply immediately, the server continues to answer perfectly alright until you hit a seemingly different ECONNRESET.

If you adorn the sockets with error event handlers, you'll see that the errors actually don't happen on each request, and when they do, it's primarily on the outgoing socket from the proxy to the HTTPS server; and often, but not necessarily, a second ECONNRESET occurs on the incoming socket to the proxy.

[decadent]

Here's a log of events on the sockets involved. Legend:

• →pr: incoming socket on the proxy
• pr→: outgoing socket from the proxy to the server
• →ser: incoming socket on the server from the proxy

[ pr→] lookup
[ pr→] connect
[→pr] pipe
[ pr→] pipe
[ pr→] ready
[ pr→] resume
[→pr] resume
[→pr] data
[ pr→] data
[→pr] data
[ pr→] data
[→pr] data
[ pr→] data
[ pr→] data
[→pr] data
[→ser] close
[ pr→] error
[ pr→] unpipe
proxy→server connection socket error: { Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:111:27) errno: 'ECONNRESET', code: 'ECONNRESET', syscall: 'read' }
[→pr] error
[→pr] unpipe
proxy←client socket error: { Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:111:27) errno: 'ECONNRESET', code: 'ECONNRESET', syscall: 'read' }
[→pr] close
[ pr→] close

Extracted with the following code:

const http = require('http');
const https = require('https');
const pem = require('pem');
const net = require('net');

const bedeckAnEventEmitterWithDebuggingOutpour = (emitter, name) => {
  const oldEmit = emitter.emit;
  emitter.emit = (...args) => {
    console.log('[%s] %s', name, args[0]);
    oldEmit.apply(emitter, args);
  };
};

const createHttpsServer = (callback) => {
  pem.createCertificate({
    days: 365,
    selfSigned: true
  }, (error, {serviceKey, certificate, csr}) => {
    const server = https.createServer({
      ca: csr,
      cert: certificate,
      key: serviceKey
    }, (req, res) => {
      setImmediate(() => {
        res.writeHead(200, {
          connection: 'close'
        });
        res.end('OK');
      });
    });
    server.on('connection', (socket) => {
      bedeckAnEventEmitterWithDebuggingOutpour(socket, '→ser');
      socket.on('error', (error) => {
        console.log('server←proxy socket error:', error);
      });
    });
    server.listen((error) => {
      if (error) {
        console.error(error);
      } else {
        callback(null, server.address().port);
      }
    });
  });
};

const createProxy = (httpsServerPort) => {
  const proxy = http.createServer();
  proxy.on('connect', (request, requestSocket, head) => {
    console.log('---------------------------------------------------------------------');
    const serverSocket = net.connect({
      port: httpsServerPort
    }, 'localhost', () => {
      requestSocket.write(
        'HTTP/1.1 200 Connection established\r\n\r\n'
      );
      serverSocket.write(head);
      serverSocket.pipe(requestSocket);
      requestSocket.pipe(serverSocket);
    });
    bedeckAnEventEmitterWithDebuggingOutpour(serverSocket, ' pr→');
    serverSocket.on('error', (error) => {
      console.log('proxy→server connection socket error:', error);
    });
    bedeckAnEventEmitterWithDebuggingOutpour(requestSocket, '→pr');
    requestSocket.on('error', (error) => {
      console.log('proxy←client socket error:', error);
      throw error;
    });
  });

  proxy.listen(9000);
};

createHttpsServer((error, httpsServerPort) => {
  if (error) {
    console.error(error);
  } else {
    createProxy(httpsServerPort);
  }
});

[decadent]

The question that most vexes me is whether this issue is related to ECONNRESET in absense of setImmediate/setTimeout, which manifests much more rarely but inescapably enough. The sequence of events is different in that case:

[ pr→] lookup
[ pr→] connect
[→pr] pipe
[ pr→] pipe
[ pr→] ready
[ pr→] resume
[→pr] resume
[→pr] data
[ pr→] data
[→pr] data
[→pr] data
[ pr→] data
[→pr] timeout
[→pr] close
[→pr] data
[→ser] prefinish
[→ser] finish
[ pr→] data
[→ser] close
[ pr→] data
[→pr] data
[ pr→] error
[ pr→] unpipe
proxy→server connection socker error: { Error: read ECONNRESET
    at TCP.onread (net.js:660:25) errno: 'ECONNRESET', code: 'ECONNRESET', syscall: 'read' }
[→pr] error
[→pr] unpipe
proxy←client socket error: { Error: read ECONNRESET
    at TCP.onread (net.js:660:25) errno: 'ECONNRESET', code: 'ECONNRESET', syscall: 'read' }

Most notably, the irritating timeout, which makes appearance here, doesn't seem to have basis in reality. I'm not certain whether this case warrants a posting of an issue, though.

[crazywako]

We get this error at TCP.onStreamRead (internal/stream_base_commons.js:111:27), errno=ECONNRESET, code=ECONNRESET, syscall=read with Node 10.11.0

Totally randomly when making requests with request library version 2.88.0

Confirmed working on Node 8.7.0

[decadent]

@crazywako that's probably different, sounds like normal network errors.

[n-clark]

I'm also getting the unhandled exception

{ Error: read ECONNRESET at TCP.onStreamRead (internal/stream_base_commons.js:111:27) errno: 'ECONNRESET', code: 'ECONNRESET', syscall: 'read' }

Error occurs on Node v10.15.1, OS Ubuntu 18.04.1, 4.15.0-44-generic.
Code was fine on Node 8.x.

It seems to occur around sending an HTTP socket to a forked child process via proc.send() in response to an upgrade request. The child process ends up receiving a null socket at the time the exception occurs on the main sending process, though not every time.

Happens very infrequently, perhaps once per million requests in the wild.

[ajimix]

Same problem here. Started happening after upgrading to 10.15.1 coming from node 8 as well. Ubuntu 16 in my case, same code.

[ibc]

Same here. It seems that the behavior is different in Node 8 and Node 10 (or there is a bug):

• In Node 8 the socket emits "error" event, but nothing happens if there is no event listener for it.
• However in Node 10, if there is no listener for that "error" event, the whole process fails with:

events.js:167
      throw er; // Unhandled 'error' event
      ^

Error: read ECONNRESET
    at TLSWrap.onStreamRead (internal/stream_base_commons.js:111:27)
Emitted 'error' event at:
    at emitErrorNT (internal/streams/destroy.js:82:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:50:3)
    at process._tickCallback (internal/process/next_tick.js:63:19)

[grega913]

I've been strungling with this for quite some time now. Application is using knex, pooling, mysql.
My guess is (at least in my case) it has something to do with MySQL server. Sometimes server is killing connections if they're idle for sometime and the application crashes with error:
error:

Error: read ECONNRESET at TCP.onStreamRead (internal/stream_base_commons.js:111:27) -------------------- at Protocol._enqueue
We have this (or similar problem) with other clients for mysql (MySQL Workbench, Heidi, ...), and we managed to solve them for each client seperately.

1. https://www.heidisql.com/forum.php?t=15850
2. https://stackoverflow.com/questions/31811517/mysql-workbench-drops-connection-when-idle/34498662

With node, however, this keeps happening only when the code runs on localhost. It does not happen when the code is running on Digital ocean (https). Mysql server is on third machine and the same in both cases.

So I believe the problem is that mysql needs some ping quite often in order to keep connections alive.
If someone is able to solve this, it would be great..

[grega913]

This is full stack, if someone is able to get something from it:
2019-03-19 08:55:57:755 - error: Error: read ECONNRESET at TCP.onStreamRead (internal/stream_base_commons.js:111:27) -------------------- at Protocol._enqueue (C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\mysql\lib\protocol\Protocol.js:144:48) at Connection.query (C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\mysql\lib\Connection.js:200:25) at C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\knex\lib\dialects\mysql\index.js:144:18 at Promise._execute (C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\bluebird\js\release\debuggability.js:313:9) at Promise._resolveFromExecutor (C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\bluebird\js\release\promise.js:483:18) at new Promise (C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\bluebird\js\release\promise.js:79:10) at Client_MySQL._query (C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\knex\lib\dialects\mysql\index.js:135:12) at Client_MySQL.query (C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\knex\lib\client.js:192:17) at Runner.<anonymous> (C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\knex\lib\runner.js:138:36) at Runner.tryCatcher (C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\bluebird\js\release\util.js:16:23) at Runner.query (C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\bluebird\js\release\method.js:15:34) at C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\knex\lib\runner.js:47:21 at tryCatcher (C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\bluebird\js\release\util.js:16:23) at C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\bluebird\js\release\using.js:185:26 at tryCatcher (C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\bluebird\js\release\util.js:16:23) at Promise._settlePromiseFromHandler (C:\Users\dms3\Documents\testnode\bebackend\bebackend_201902\node_modules\bluebird\js\release\promise.js:512:31)

[Johnz86]

I have similar problem. When using websockets following error appeared:

Error: read ECONNRESET at TCP.onStreamRead (internal/stream_base_commons.js:111:27)

I looked into source code. The exception is raised here:
https://github.com/nodejs/node/blob/v10.x/lib/internal/stream_base_commons.js

  if (nread !== UV_EOF) {
    return stream.destroy(errnoException(nread, 'read'));
  }

The only solution that currently worked for me is downgrade back to v 8.x

[krisselden]

Compiling the libuv/samples/socks5-proxy sample and proxying https through it intermittently fails with ECONNRESET or successfully gets the UV__EOF. There seems to be a race whether the last read will result in a UV_EOF or ECONNRESET. It only seems to happen when streaming https though. This was also on a mac. I reproduced it will curl and Chrome proxying through the libuv sample.

[decadent]

I wonder if any commenters here realize that this issue is for an incredibly specific case, most importantly an https server being in the same script as an http(s) proxy. The issue exists in the first place only because of a test. And it certainly doesn't have anything to do with MySQL.

Apparently the issue has become a magnet for everyone with an ECONNRESET. Well, if yall hope that Node.js devs will fix your problems based on the case in this issue, good luck to you.

[n-clark]

There appears to be some underlying bug in the node.js socket handling causing it to throw an unhandled exception. The main theme I'm seeing with all these reports is that it started with node v10.