Skip to content

fix(auth): prevent deadlock and unhandled rejections in processLock#2019

Closed
mayur9210 wants to merge 2 commits into
supabase:masterfrom
mayur9210:fix/lock-timeout-deadlock
Closed

fix(auth): prevent deadlock and unhandled rejections in processLock#2019
mayur9210 wants to merge 2 commits into
supabase:masterfrom
mayur9210:fix/lock-timeout-deadlock

Conversation

@mayur9210
Copy link
Copy Markdown

@mayur9210 mayur9210 commented Jan 14, 2026

Summary

Fixes unhandled promise rejections and potential deadlocks in processLock by replacing the Promise.race timeout pattern with a flag-based approach.

Problem

The processLock function would crash Node.js with unhandled promise rejections when running tests with rapid successive lock operations that have mixed timeouts.

The crash occurred because:

  1. processLock uses Promise.race([lockOperation(), timeoutPromise]) to implement acquire timeout
  2. When lockOperation() wins the race (lock acquired before timeout), the timeout promise still fires later
  3. The timeout promise rejection goes unhandled, crashing Node.js
  4. Additionally, the PROCESS_LOCKS[name] promise chain would re-throw errors, causing subsequent operations waiting on it to receive unhandled rejections or potentially deadlock

Solution

  • Replace Promise.race with a flag-based approach: set a timeoutError flag in the setTimeout callback, check it after acquiring the lock
  • Clear the timeout immediately when the lock is acquired to prevent unnecessary timeout firing
  • Ensure PROCESS_LOCKS[name] always resolves (never throws) so subsequent operations can proceed without deadlocking
  • Fix test expectations: operation 0 acquires the lock immediately (no previous operation to wait on), so it completes successfully rather than timing out

Related

Fixes the ProcessLockAcquireTimeoutError: Acquiring process lock with name "rapid-test" timed out crash in @supabase/auth-js:test

@mayur9210
fix(auth): prevent deadlock and unhandled rejections in processLock
bfda701 
- Replace Promise.race timeout pattern with flag-based approach to avoid
  unhandled promise rejections when lock operation wins the race
- Ensure PROCESS_LOCKS promise always resolves so subsequent operations
  don't deadlock waiting on failed operations
- Fix test expectations: operation 0 acquires lock immediately (no wait)
  so it completes successfully, not times out
- Remove unused lockAcquired variable and simplify error handling
@mayur9210 mayur9210 requested review from a team as code owners January 14, 2026 14:04
Copilot AI review requested due to automatic review settings January 14, 2026 14:04
Copilot AI reviewed Jan 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request fixes critical unhandled promise rejections and potential deadlocks in the processLock function by replacing the Promise.race timeout pattern with a flag-based approach.

Changes:

  • Replaced Promise.race with a flag-based timeout mechanism that sets a timeoutError flag and checks it after acquiring the lock, eliminating unhandled promise rejections
  • Modified error handling in PROCESS_LOCKS to always resolve (never reject) so subsequent operations can proceed without deadlocking
  • Added comprehensive tests for deadlock scenarios and rapid successive operations with mixed timeouts

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
packages/core/auth-js/src/lib/locks.ts Refactored processLock implementation from Promise.race to flag-based timeout, improved error handling in PROCESS_LOCKS chain, removed some JSDoc documentation
packages/core/auth-js/test/lib/locks.test.ts Added two new tests covering deadlock prevention and rapid successive operations with mixed timeouts

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread packages/core/auth-js/test/lib/locks.test.ts Outdated
Comment thread packages/core/auth-js/src/lib/locks.ts Outdated
Comment thread packages/core/auth-js/test/lib/locks.test.ts Outdated
Comment thread packages/core/auth-js/src/lib/locks.ts
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 19, 2026

This PR has been marked as stale because it has not had activity for 90 days.
It will be closed in 14 days if no further activity occurs.

Please rebase and update if this is still needed.

@github-actions github-actions Bot added the stale label Apr 19, 2026
@mandarini mandarini added temp - locks Temporary label to group together all the lock-related issues and PRs. do-not-merge Do not merge this PR. labels Apr 29, 2026
@mandarini
Copy link
Copy Markdown
Contributor

mandarini commented Apr 29, 2026

We're working on another solution for a lockless sdk. Thank you very much for your contribution. I am going to close this PR, but keeping it in mind and in our list of potential fixes for our problematic lock mechanism, which will hopefully go away.

Please do not be discouraged from contritbuting again in the future! Contributions like yours are what make Supabase what it is today! 💚

@mandarini mandarini closed this Apr 29, 2026
@Bewinxed Bewinxed mentioned this pull request May 21, 2026
Draft
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

do-not-merge Do not merge this PR. stale temp - locks Temporary label to group together all the lock-related issues and PRs.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mayur9210 @mandarini