Unfortunately, none of these files show how the password expiration JS is being registered / triggered. So far, nothing provides any clues to what kind of OnCreateNode behaviour is being triggered or what the specific error is in that case. Judging from the Alfresco source code of TransactionBehaviourQueue, you should have way more information in the log than you have provided so far, so maybe if you could also provide the full alfresco.log for that error, it could help.
I am curious: How is that password expiration notification JS working, I mean doing the search.luceneSearch() on the Alfresco user store, when it is not indexed by default? Did you add extra cores to SOLR for that? Also, luceneSearch is a very old-school, legacy way to search and has not received any optimsiations since 4.0. Furthermore, processing ALL users in one JS action is quite a massive job - what if the process fails for a single user? Does it start over again, and send duplicate mails to all the users that have already been processed? You may also overwhelm the caches by processing too many users in a single transaction.