runtime: ArgumentOutOfRangeException at System.Net.Security.SslStream.ProcessBlob

Description

I’m getting recurring but non consistent exceptions in couple of my environments running the same code under the Docker image mcr.microsoft.com/dotnet/aspnet:6.0-bullseye-slim

This only happened in environments where I have an SSL certificate provisioned by certbot, but I don’t know if its related. Certificate is signed and up to date.

Reproduction Steps

not consistent

Expected behavior

No errors on Kestrel level

Actual behavior

Microsoft.AspNetCore.Server.Kestrel: Unhandled exception while processing 0HMDG00D520FK.
System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values.
   at System.Net.Security.SslStream.ProcessBlob(Int32 frameSize)
   at System.Net.Security.SslStream.ReceiveBlobAsync[TIOAdapter](TIOAdapter adapter)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at Microsoft.AspNetCore.Server.Kestrel.Https.Internal.HttpsConnectionMiddleware.OnConnectionAsync(ConnectionContext context)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Infrastructure.KestrelConnection`1.ExecuteAsync()

Regression?

Did not observe this in dotnet 5 or core 3.1 that I run beforehand

Known Workarounds

No response

Configuration

Dotnet 6.0.100 OS is Ubuntu 18.0.4 x86_64 , running Docker image mcr.microsoft.com/dotnet/aspnet:6.0-bullseye-slim`

Other information

No response

About this issue

Original URL
State: closed
Created 3 years ago
Comments: 22 (13 by maintainers)

Most upvoted comments

@liiri did you get chance to try it out?

I’ve set up the dump to catch this exception, waiting for it to reproduce

liiri on Dec 9, 2021

Can you try something like this @liiri ?

using System;
using System.Runtime.ExceptionServices;
using Microsoft.Diagnostics.NETCore.Client;

namespace dump
{
    class Program
    {
        public static void  WriteDump(object source, FirstChanceExceptionEventArgs e)
        {
            if (e.Exception is ArgumentOutOfRangeException)
            {
                int pid = Environment.ProcessId;
                var client = new DiagnosticsClient(pid);
                //client.WriteDump(DumpType.Normal, "/tmp/minidump.dmp");
                client.WriteDump(DumpType.Full, $"/tmp/dump.dmp.{pid}");
            }
        }

        static void Main(string[] args)
        {
            AppDomain.CurrentDomain.FirstChanceException += WriteDump;
            Console.WriteLine("Hello, World!");
            try
            {
                throw new  ArgumentOutOfRangeException("BOO");
            }
            catch {};

            Console.WriteLine("All done");
        }
    }
}

You will need to add reference to Microsoft.Diagnostics.NETCore.Client package but this should give you option to write dump without any OS support. I did quick test inside container and it seems to work fine without need to add privileged option.

The dump will be large and it will contain your private keys (and perhaps other sensitive data). I would still probably start with Full dump and fall-back to Normal if that gives you grief https://docs.microsoft.com/en-us/dotnet/core/diagnostics/microsoft-diagnostics-netcore-client

You can either send me private email with location or I can walk you through the dump to get some insight.

wfurt on Dec 19, 2021

This is inbound connection, right? Any idea if this happens with particular client?

One more thought: Can you possibly try https://docs.microsoft.com/en-us/dotnet/api/system.appdomain.firstchanceexception?view=net-6.0 And than possibly “Environment.FailFast() if e is System.ArgumentOutOfRangeException” That would create core dump if the system is properly configured. (needs coredump_filter=0x3f https://github.com/dotnet/diagnostics/blob/main/documentation/debugging-coredump.md) There are other ways how to get dump but if we can get one from when this happen, we can likely solve the mystery.

wfurt on Nov 30, 2021