Fix worker crash caused by async promise antipattern and event ordering#1311
Merged
josephjclark merged 12 commits intorelease/nextfrom Mar 17, 2026
Merged
Conversation
The non-batch log path wrapped an async function in `new Promise(async
(resolve) => { ... })`. If sendEvent rejected (e.g. channel timeout),
the outer Promise never settled and the rejection was unhandled. This
was the direct cause of the worker crash: LightningTimeoutError on
run:log became an uncaught exception that killed the container.
The function is already async so the wrapper was unnecessary — replaced
with a plain for-loop that properly propagates rejections.
Same `new Promise(async ...)` antipattern as run-log.ts. If the isCancelled callback or any other code in the catch block threw, the error became an unhandled rejection instead of propagating to the caller. Replaced with an inner async function that returns its promise directly. setTimeout retry replaced with awaited promise to keep the flow async-native.
Same `new Promise(async (resolve) => { ... })` pattern — if
engine.destroy() or waitForRunsAndClaims rejected, the outer promise
never settled. Replaced with an async IIFE so errors propagate through
Promise.all to the caller.
During a compilation failure, engine-multi emitted WORKFLOW_ERROR (from the worker:error handler) before the "Error occurred during compilation" WORKFLOW_LOG (from the .catch handler). The ws-worker tears down the channel on WORKFLOW_ERROR, so the subsequent log push had nowhere to go — triggering the LightningTimeoutError that crashed the container. Moved the compilation log into the worker:error handler so it emits before the error event. Guarded the .catch handler's log with !didError to avoid duplication. Added COMPILE_START/COMPLETE events to mock-run.ts to match real worker behavior.
Test fixture directories under packages/engine-multi/tmp/ were being picked up as workspace packages by the packages/** glob, pulling in phantom dependencies (ava@6.x and its full transitive tree) that caused persistent lockfile churn.
| } | ||
| resolve(); | ||
| }); | ||
| for (const log of logs) { |
Collaborator
There was a problem hiding this comment.
Yep, this absolutely makes sense 👍
it just went flaky
| // All we're looking for here is two strings of numbers in mb | ||
| t.regex(memory?.message, /\d+mb(.+)\d+mb/i); | ||
| // All we're looking for here is a number in mb | ||
| t.regex(memory?.message, /\d+mb/i); |
Collaborator
There was a problem hiding this comment.
I've just pushed this unrelated fix, which will not include a changeset
The test is looking for a number like 1.2mb in the output
But by chance in CI it just output 19mb, which failed the test.
I really don't care if it's a decimal or node. Just a number followed by mb is fine.
josephjclark
added a commit
that referenced
this pull request
Mar 17, 2026
* Fix worker crash caused by async promise antipattern and event ordering (#1311) * fix(ws-worker): remove async promise antipattern in run-log.ts The non-batch log path wrapped an async function in `new Promise(async (resolve) => { ... })`. If sendEvent rejected (e.g. channel timeout), the outer Promise never settled and the rejection was unhandled. This was the direct cause of the worker crash: LightningTimeoutError on run:log became an uncaught exception that killed the container. The function is already async so the wrapper was unnecessary — replaced with a plain for-loop that properly propagates rejections. * fix(ws-worker): remove async promise antipattern in try-with-backoff.ts Same `new Promise(async ...)` antipattern as run-log.ts. If the isCancelled callback or any other code in the catch block threw, the error became an unhandled rejection instead of propagating to the caller. Replaced with an inner async function that returns its promise directly. setTimeout retry replaced with awaited promise to keep the flow async-native. * fix(ws-worker): remove async promise antipattern in destroy.ts Same `new Promise(async (resolve) => { ... })` pattern — if engine.destroy() or waitForRunsAndClaims rejected, the outer promise never settled. Replaced with an async IIFE so errors propagate through Promise.all to the caller. * fix(engine-multi): emit compilation log before workflow-error During a compilation failure, engine-multi emitted WORKFLOW_ERROR (from the worker:error handler) before the "Error occurred during compilation" WORKFLOW_LOG (from the .catch handler). The ws-worker tears down the channel on WORKFLOW_ERROR, so the subsequent log push had nowhere to go — triggering the LightningTimeoutError that crashed the container. Moved the compilation log into the worker:error handler so it emits before the error event. Guarded the .catch handler's log with !didError to avoid duplication. Added COMPILE_START/COMPLETE events to mock-run.ts to match real worker behavior. * chore: add changesets for worker crash fixes * chore: exclude engine-multi tmp from pnpm workspace Test fixture directories under packages/engine-multi/tmp/ were being picked up as workspace packages by the packages/** glob, pulling in phantom dependencies (ava@6.x and its full transitive tree) that caused persistent lockfile churn. * remove duplicate log, tidy types * update changelogs * tidy test * revert diff on destroy * keep destroy change after all and fix test * relax runtime test it just went flaky --------- Co-authored-by: Joe Clark <jclark@openfn.org> * Compile errors step name (#1313) * engine: report compile errors with step name, not id * changeset * remove debug code * Lazy state errors (#1312) * compiler: improve error messages for lazy state * compiler: report position on lazy state reporting * update extra errors * update changeset * types * versions --------- Co-authored-by: Stuart Corbishley <corbish@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Short Description
Fix a production worker crash (v1.21.2) where
LightningTimeoutError: [run:log] timeoutkilled the container as an uncaught exception. Two bugs combined: an event ordering issue in engine-multi and anew Promise(async ...)antipattern in ws-worker.Implementation Details
The crash: During a compilation failure, engine-multi emitted
WORKFLOW_ERRORbefore the finalWORKFLOW_LOG. The ws-worker tore down the channel on the error event, so the subsequent log push timed out. Thenew Promise(async (resolve) => { ... })pattern inrun-log.tsswallowed the rejection — the outer Promise never settled and the error became an unhandled rejection that crashed the process.Fixes:
worker:errorhandler so it emits beforeWORKFLOW_ERRORBonus: Excluded
packages/engine-multi/tmp/**from the pnpm workspace to stop test fixture directories from being picked up as workspace packages and causing lockfile churn.QA Notes
COMPILE_START/COMPILE_COMPLETEevents tomock-run.tsto match real worker behaviortry-with-backoff.tsrefactor changes abort rejection fromreject()(no arg) tothrow e— the promise still rejects but now includes the errorAI Usage