HTTP/2 SIGABRT (is_write_in_progress assertion) in socksClientCertificatesInterceptor when TLS connection fails

[pschroeder89]

Description

When clientCertificates is configured and a proxied TLS connection negotiates h2 then fails, the SOCKS MITM proxy in socksClientCertificatesInterceptor.ts crashes with:

Assertion failed: is_write_in_progress()
node::http2::Http2Session::OnStreamAfterWrite (node_http2.cc:1780)

Root Cause

In the h2 503 error response path, the stream cleanup can fire before the DATA write completes:

session.once("stream", (stream) => {
  const cleanup = (error) => {
    session.close();
    this._browserEncrypted.destroy(error);
  };
  stream.once("end", cleanup);    // may fire synchronously on GET requests
  stream.once("error", cleanup);
  stream.respond({ status: 503 });
  stream.end(responseBody);       // queues DATA write via setImmediate
});

For GET requests the client sends END_STREAM with HEADERS, so 'end' can fire synchronously BEFORE stream.end() is called. The cleanup listener then queues setImmediate(cleanup) before the DATA write's setImmediate:

1. SI-CLEANUP → cleanup() → _browserEncrypted.destroy() → clears is_write_in_progress
2. SI-DATA → finishWrite → OnStreamAfterWrite → CHECK(is_write_in_progress) → SIGABRT

Workaround

Capture the 'end' listener without registering it. Wrap stream.end() to call origEnd() first (which synchronously queues SI-DATA), then queue setImmediate(runCleanup) as SI-CLEANUP. FIFO guarantees SI-DATA runs before SI-CLEANUP.

Reproduction

• Configure clientCertificates in Playwright config
• Run tests that make HTTPS requests to origins where TLS fails (e.g., cert mismatch)
• The crash is intermittent — a race condition — but reproduces reliably under load (--repeat-each=100)

Environment

• Playwright 1.60.0
• Node.js 22.x
• macOS / Linux

[yury-s]

Could not reproduce the SIGABRT on Node 22.1.0 / 22.5.0 / 22.9.0 / 22.11.0 / 22.22.3 / 26.1.0, even hammering the real proxy with hundreds of concurrent TLS-failing h2 GETs. The faulty ordering is real (cleanup runs before the 503 write finishes), but the assertion never fired — the body always flushed first.

Proposed fix + scenario test in #41114 (tests/library/client-certificates.spec.ts → "should not crash on HTTP/2 when the TLS connection to the server fails"), but it stays green on these runtimes.

@pschroeder89 could you share a test that actually crashes, ideally with the exact Node version? That'd let us turn this into a real regression test.

[pschroeder89]

@yury-s It's difficult for me to 1) reproduce this reliably and 2) give an example that does not use our internal app on a dev environment.

What I can say is that our tests pass up until the SIGABRT occurs in the final fixture of the teardown, making me think this is a passive TLS connection that fails silently, which triggers the bug when the fixtures get cleaned up in the after hooks. The issue manifests this way 100% of the time (test passes, but final fixture hits SIGABRT). So it's possible that your other fix around establishing TLS only for origins in clientCertificates could fix this.

Here's the Allure screenshot so you can get a gist of the structure of the tests / failure.

This only occurs in CI for us, I can't repro locally. I attempted to create a separate repo for a repro example, but I can't repro at all.
Node v22.22.2
Docker image: node:22.22.2-slim (debian)