Skip to content

CONCEPT Cited by 1 source

Unhandled Rust panic

A Rust worker thread aborts because a .unwrap(), .expect(), assertion, or explicit panic!() was hit without a handler. Behaviorally equivalent to an unhandled exception in other languages — the thread dies mid-request, and downstream requests served by that thread return 5xx until the worker restarts.

The Rust type system structurally prevents the nil-dereference / null-pointer class (see concepts/program-correctness / concepts/memory-safety) but does not prevent the panic class: the programmer chose .unwrap() instead of handling the Err/None arm.

let n: Result<usize, _> = parse_feature_count(&file);
let n = n.unwrap();   // panics if Err
assert!(n <= 200, "feature file over cap");   // panics if false

Both lines compile cleanly. The type system was satisfied; the failure-mode discipline was not.

Canonical instance

sources/2025-11-18-cloudflare-outage-on-november-18-2025 — FL2's Bot Management module bounds-checked the feature file's row count against its preallocated 200-feature cap via .unwrap(). On a doubled feature file (upstream ClickHouse permission migration), the check failed:

thread fl2_worker_thread panicked:
  called Result::unwrap() on an Err value

Every request hitting the bots module returned HTTP 5xx. ~3 hours of core-traffic outage. The absence of a fail-open arm was the bug, not the language choice.

Contrast with the 2025-12-05 FL1 Lua bug

The 2025-12-05 outage is the symmetric case: a Lua nil-index exception on FL1 (which Rust's type system would have prevented), but again no fail-open path. Together the two incidents show that language choice eliminates one class of bug but not the absence-of-fail-open-path class — the latter sits above the language.

Remediation stance

Named explicitly in the 2025-11-18 post ("Reviewing failure modes for error conditions across all core proxy modules") and again in the 2025-12-05 post as "Fail-Open" Error Handling. See concepts/fail-open-vs-fail-closed.

Seen in

Last updated · 200 distilled / 1,178 read