Session write locks leak when Gateway encounters unhandled promise rejections / streams, causing >30min deadlocks

[zhangxue1985122219]

Description

There is a fundamental flaw in how �cquireSessionWriteLock and inspectLockPayload handle orphaned locks held by a continuously running process (e.g., the Gateway daemon).

Steps to Reproduce (Conceptual)

1. A long-running Gateway process (PID A) acquires a session write lock (*.jsonl.lock) to append incoming data.
2. Due to an unhandled rejection, stream disconnect, or internal error within the withFileLock context, the promise chain breaks without reaching the
   elease() handler in the finally block.
3. The .lock file remains on disk containing PID A.
4. Subsequent RPC calls or CLI commands (e.g., openclaw agent --deliver) attempt to access the session. They wait for imeoutMs (10s) and fail with: Error: session file locked (timeout 10000ms): pid=A.

Root Cause

In src/plugin-sdk/json-store.ts (or the transpiled bundle):

• DEFAULT_STALE_MS is hardcoded to 1800 * 1000 (30 minutes).
• inspectLockPayload checks if the PID is alive (isPidAlive(pid)). Since PID A is the Gateway daemon, it is always rue.
• Therefore, the staleReasons array does NOT include "dead-pid".
• It will only include "too-old" if the lock is older than 30 minutes.
• This means a single unhandled rejection that leaks a lock will effectively paralyze that specific session for 30 minutes before shouldReclaimContendedLockFile finally allows the
  m command to break the contention.

Impact

• A single lock leak can paralyze a session for 30+ minutes
• Requires manual intervention (deleting lock files) to recover
• Affects all agents trying to access the locked session

Suggested Fix

1. Implement a Leased Lock (Heartbeat) System: Rather than a static "created at + 30m" system for long-running processes. If a lock is genuinely held for a massive text generation, the process should ouch the mtime of the lock every few seconds.

2. Reduce the DEFAULT_STALE_MS for session files: 30 minutes is excessive for a chat session append operation. 2-5 minutes is a far safer boundary.

3. Introduce an active release mechanism on global exception handlers: Flush local HELD_LOCKS maps in the Node Gateway's global exception handlers.

Temporary Workaround

We created a cron job that runs every 5 minutes to clean stale lock files:

``powershell

~/.openclaw/scripts/clean-session-locks.ps1

Get-ChildItem "C:\Users\host.openclaw\agents*\sessions*.lock" | ForEach-Object {
$lock = Get-Content $.FullName -Raw | ConvertFrom-Json
$age = (New-TimeSpan -Start $lock.createdAt).TotalMinutes
if ($age -gt 5) { Remove-Item $.FullName -Force }
}
``

Environment

• OpenClaw Version: 2026.3.13
• Node.js Version: 24.13.1
• OS: Windows 11

[Ryce]

Lock-lease-state drift: the lock file claims ownership by PID, but the owning process's internal state (the promise chain that was supposed to call release()) has already abandoned it. Two sources of truth for 'who holds this lock?':

1. Lock file on disk: says PID A holds it, createdAt timestamp, valid lease
2. Process internal state: the promise chain that acquired the lock hit an unhandled rejection or stream disconnect, the finally block never fires, the in-memory HELD_LOCKS entry is orphaned

The stale detection is fooled because isPidAlive(pid) returns true (gateway daemon is still running), so it assumes the lock is legitimately held. But the lock isn't held by an active operation — it's held by a dead promise that left a ghost entry.

This is the same class of compound-state drift that plagues OpenClaw across subsystems: the lock subsystem tracks process liveness as a proxy for lock validity, but a process can be alive while its internal lock-holding context is dead. The 30-minute stale timeout treats the symptom, not the disease.

The fix pattern that works: lease-based locks with heartbeat mtime updates. Instead of checking 'is the PID alive?', check 'has the lock holder touched the mtime recently?'. An active operation heartbeats every few seconds. A leaked lock stops heartbeating and becomes stale in 30-60 seconds, not 30 minutes.

Key insight: The 30-minute timeout exists because the original design assumed 'PID alive = lock valid'. With heartbeat-based leases, stale detection drops to 60 seconds safely, because any genuinely active operation heartbeats well within that window.

Concrete fix direction:

• Add a heartbeat interval (e.g. every 5s) during long operations that hold session write locks
• Change stale detection from PID-liveness to heartbeat-recency
• Reduce DEFAULT_STALE_MS from 30min to 60s (safe with heartbeats)
• On process-level exception handlers, flush HELD_LOCKS to release any still-held locks

Keepmyclaw angle: this is durable-state vs runtime-state drift at the filesystem level. The lock file is supposed to be a shared source of truth for session access, but it disagrees with the actual promise state inside the process. Without a snapshot comparing 'what the lock file says' vs 'what the process's lock registry says', leaked locks are invisible until someone hits the 30-minute timeout. Session backup snapshots that include lock state would surface these disagreements immediately instead of waiting for the next CLI command to discover the deadlock.

[Hollychou924]

Analysis: Session write lock deadlock — 30min stale timeout too long when PID is still alive

Root cause confirmed (two compounding issues):

1. DEFAULT_STALE_MS = 1800000 (30 min) — a leaked lock from an unhandled rejection won't be reclaimed for 30 minutes, paralyzing the session
2. isPidAlive(pid) check blocks early reclaim — since the gateway (PID A) is still running, the lock is never classified as dead-pid, so only age triggers reclaim

When these combine: lock leaks from unhandled rejection inside gateway → gateway PID still alive → lock won't be reclaimed for 30 minutes → all subsequent session operations timeout → manual lock file deletion required.

Three-level fix (low → high complexity):

Level 1: Reduce stale timeout (safest, one-line fix)

// In src/plugin-sdk/json-store.ts
const DEFAULT_STALE_MS = 2 * 60 * 1000; // 2 minutes instead of 30

Session append operations should never legitimately take 30 minutes. 2-5 minutes is a safe upper bound for any chat append.

Level 2: Register locks in a global set + flush on unhandled rejection

// Track held locks globally
const HELD_LOCKS = new Set<string>();

// In withFileLock, register on acquire, remove on release:
HELD_LOCKS.add(lockPath);
try { ... } finally { HELD_LOCKS.delete(lockPath); release(); }

// In gateway global exception handler:
process.on('unhandledRejection', (err) => {
  for (const lockPath of HELD_LOCKS) { 
    fs.unlinkSync(lockPath); // best-effort cleanup
  }
  // ... existing error handling
});

Level 3: Heartbeat locks (most robust, more work)

Have lock holders touch the mtime every 5s. A lock whose mtime is >10s stale can be reclaimed regardless of PID liveness.

Recommendation: Level 1 alone dramatically reduces blast radius. Level 2 adds defense-in-depth. Level 3 is ideal for long-running operations.

Immediate workaround (user provided a good one — adding to the issue): PowerShell script cleaning locks older than 5 minutes is sound.

[GMTekAI]

Source-verified findings — reading the actual lock implementation

---

1. Two separate stale timeouts, not one

Ryce and Hollychou focused on a single 30-minute value. There are actually two distinct lock subsystems with very different stale windows:

• src/agents/session-write-lock.ts line 44: DEFAULT_STALE_MS = 30 * 60 * 1000 — the 30-minute figure everyone cited. This governs session write locks, reclaimed by contending acquirers and also swept by cleanStaleLockFiles.
• src/infra/gateway-lock.ts line 9: DEFAULT_STALE_MS = 30_000 — only 30 seconds for the Gateway singleton lock. Separately, DEFAULT_TIMEOUT_MS = 5000 (line 7). This one is not the deadlock source because its stale window is short and it uses a port-probe liveness check (line 96–114) rather than relying on PID alone.

The deadlocks reported in the issue are in the session lock path, where DEFAULT_STALE_MS = 1_800_000 ms is confirmed at session-write-lock.ts:44.

---

2. There IS an in-process watchdog — but it fires every 60 seconds, not on rejection

session-write-lock.ts line 46 defines DEFAULT_WATCHDOG_INTERVAL_MS = 60_000. The watchdog (runLockWatchdogCheck) evicts locks that have been held longer than maxHoldMs (default DEFAULT_MAX_HOLD_MS = 5 * 60 * 1000, line 45). This matters:

• If the lock was acquired with the default maxHoldMs, the watchdog would release it within 5–6 minutes, not 30.
• But in src/agents/pi-embedded-runner/run/attempt.ts lines 1732–1740, maxHoldMs is set to resolveSessionLockMaxHoldFromTimeout(...), which derives from the run timeout. For long-running sessions this can push maxHoldMs up to MAX_LOCK_HOLD_MS = 2_147_000_000 ms (session-write-lock.ts line 48) — effectively infinite. When the run timeout is Infinity, the watchdog ceiling is hit, meaning the watchdog will not fire within any practical window.

---

3. The structural gap: acquireSessionWriteLock is called outside the inner try/finally

In src/agents/pi-embedded-runner/run/attempt.ts:

line 1732: const sessionLock = await acquireSessionWriteLock(...)
line 1745: try {
  ...  (all the agent work)
line 2876: } finally {
line 2894:   await sessionLock.release()
line 2895: }
line 2896: } finally {
             restoreSkillEnv?.()   // ← outer finally, no lock release here
             process.chdir(prevCwd)
           }

The lock is acquired at line 1732, but only enters the try scope at line 1745. Any throw between those 13 lines (e.g., in repairSessionFileIfNeeded at line 1746) would propagate to the outer finally at line 2896, which does not call sessionLock.release(). This is a narrow but real orphan window.

---

4. Unhandled rejections: process.exit(1) does trigger lock cleanup — for signals, not rejections

src/infra/unhandled-rejections.ts (the installUnhandledRejectionHandler that runs at Gateway startup via src/index.ts) calls process.exit(1) for non-transient, non-abort rejections. This does fire the process.on("exit", ...) handler registered in session-write-lock.ts line 252, which calls the synchronous releaseAllLocksSync().

However: releaseAllLocksSync only releases locks tracked in the in-process HELD_LOCKS map. The PID-still-alive scenario Ryce described — where the promise chain abandons the release path without the process exiting — does NOT trigger releaseAllLocksSync. In that case, the lock file on disk stays live, PID-check passes (process is still running), and only the watchdog or the stale timeout can reclaim it.

---

Smallest credible fix surface

Three independent mitigations, ranked by bang-for-buck:

1. Wrap the acquire inside the outer try (attempt.ts:1732): move acquireSessionWriteLock inside the try block so the outer finally at line 2876 unconditionally covers it — or initialize sessionLock as undefined above the try and add a sessionLock?.release() call in the outer finally at line 2896.

2. Cap maxHoldMs more aggressively: the resolveSessionLockMaxHoldFromTimeout path in session-write-lock.ts:116–124 allows the ceiling to hit MAX_LOCK_HOLD_MS = 2_147_000_000. Lowering this ceiling (or adding a separate hard cap on per-acquire maxHoldMs) ensures the watchdog always fires within a predictable window even for Infinity-timeout sessions.

3. Register an unhandledRejection handler that calls releaseAllLocksSync for cases where the process doesn't exit but the rejection escapes the per-attempt promise chain. session-write-lock.ts already registers SIGINT/SIGTERM/SIGQUIT/SIGABRT handlers (lines 259–268) — unhandledRejection is the missing entry for the stay-alive-but-abandon-release case.

🤖 Triage via GMTekAI with Claude + Codex

[GMTekAI]

Current source supports the deadlock symptom, but the root cause looks narrower than "session locks only clear after the 30-minute stale timeout."

What I verified in code:

• src/agents/session-write-lock.ts:44 does set DEFAULT_STALE_MS = 30 minutes, so a contended on-disk lock can wait that long before stale-file reclaim.
• But there is also an in-process watchdog: DEFAULT_MAX_HOLD_MS = 5m, DEFAULT_WATCHDOG_INTERVAL_MS = 60s, and runLockWatchdogCheck()/ensureWatchdogStarted() in src/agents/session-write-lock.ts:45-46 and src/agents/session-write-lock.ts:193-223.
• The important wrinkle is resolveSessionLockMaxHoldFromTimeout() in src/agents/session-write-lock.ts:111-123: long or infinite run timeouts can push maxHoldMs all the way up to MAX_LOCK_HOLD_MS = 2_147_000_000. The embedded runner passes that value directly when acquiring the session lock in src/agents/pi-embedded-runner/run/attempt.ts:1704-1709.
• So the real risk is not "no watchdog," but "watchdog reclaim can be effectively disabled by oversized per-run maxHoldMs."
• The main run path does release the lock in a finally at src/agents/pi-embedded-runner/run/attempt.ts:2786-2803, and fatal unhandled rejections should still drop locks because installUnhandledRejectionHandler() exits the process in src/infra/unhandled-rejections.ts:220-253 and the lock layer cleans up on process.on("exit") in src/agents/session-write-lock.ts:252-257.

My read: the issue looks valid, but the smallest fix is probably to cap session-lock maxHoldMs much more aggressively for embedded runs, then add a regression test for the "process stays alive, lock-holding run context dies" case. I would not start with a heartbeat/lease redesign unless there is evidence that the current finally path is being bypassed in a way the watchdog cannot cover.

[GMTekAI]

Useful extra theory in the thread, but after re-reading the current code I still think the smallest credible fix is narrower than a full lease/heartbeat lock redesign.

What looks most actionable in the present tree:

• there is already a watchdog in src/agents/session-write-lock.ts, so the problem is not simply “locks only clear after 30 minutes”
• the sharper risk remains the oversized maxHoldMs path derived from long/infinite run timeouts, plus the narrow acquisition/release seam in the embedded runner
• that means the first fix pass should probably be:
  1. cap per-run session lock hold windows much more aggressively
  2. tighten the acquire/release coverage in the embedded runner path
  3. add a regression for “process stays alive but the lock-holding run context dies”

I’d still treat lease-heartbeat locks as a possible later hardening step, but it feels like phase 2, not the minimum fix to unblock maintainers here.

[clawsweeper]

Thanks for the context here. I swept through the related work, and this is now duplicate or superseded.

Close as duplicate/superseded: the reported lock-leak/deadlock concern is valid, but the same remaining stale/max-hold policy and embedded transcript-lock lifecycle work is already tracked by the open canonical session-lock issue.

So I’m closing this here and keeping the remaining discussion on the canonical linked item.

Review details

Best possible solution:

Keep #13744 as the canonical tracker for stale/max-hold policy and embedded transcript-lock lifecycle, and preserve this issue's field evidence by linking it there.

Do we have a high-confidence way to reproduce the issue?

Yes, at source level: a fresh lock owned by a live different OpenClaw process is not stale until age exceeds DEFAULT_STALE_MS, while maxHoldMs remains an internal policy. I did not run a live two-process Gateway repro in this read-only pass.

Is this the best way to solve the issue?

Yes for cleanup. Closing this as a duplicate is the best maintainer path because the remaining implementation choices belong in the existing canonical session-lock policy/lifecycle tracker.

Security review:

Security review: No patch is under review, and the issue is not a security-sensitive report.

What I checked:

• live-thread-state: Live GitHub shows this issue is open, has no protected labels, and has no closing pull request; the useful discussion includes source-verified analysis plus later operator field evidence.
• canonical-tracker: The open canonical tracker Make session write lock configurable + narrow lock scope (avoid timeout=All models failed) #13744 already covers the remaining session write-lock policy and lifecycle work: stale/max-hold/env policy, public config boundaries, and a narrower embedded lock lifecycle.
• current-lock-policy: Current main still keeps the stale timeout at 30 minutes and derives max-hold internally; the watchdog releases held in-process locks only after the configured maxHoldMs, which is the same policy gap tracked by the canonical issue. (src/agents/session-write-lock.ts:39, 838956becd49)
• embedded-run-lock-lifecycle: The embedded runner acquires the session lock for transcript/session mutations and passes maxHoldMs derived from run timeout, so remaining lifecycle-scope decisions overlap the canonical tracker instead of needing a second issue. (src/agents/pi-embedded-runner/run/attempt.ts:1589, 838956becd49)
• public-config-boundary: The current public session config schema exposes only writeLock.acquireTimeoutMs; staleMs and maxHoldMs remain separate internal policies, matching the unresolved scope in the canonical issue. (src/config/zod-schema.session.ts:59, 838956becd49)
• docs-confirm-boundary: The session management docs document session.writeLock.acquireTimeoutMs and explicitly say stale-lock detection and maximum hold warnings remain separate policies. Public docs: docs/reference/session-management-compaction.md. (docs/reference/session-management-compaction.md:97, 838956becd49)

Likely related people:

• steipete: Authored session-lock max-hold alignment and hardening commits, committed adjacent orphan-self cleanup work, and is the heaviest recent contributor in the sampled central files. (role: recent area contributor and merger; confidence: high; commits: fb6e415d0c52, 1becebe188eb, 4985c561dfc4; files: src/agents/session-write-lock.ts, src/agents/pi-embedded-runner/run/attempt.ts)
• Grynn: Authored the commit that added the in-process session-lock watchdog for hung API calls, directly adjacent to this issue's still-running-Gateway lock concern. (role: introduced watchdog behavior; confidence: high; commits: e91a5b021648; files: src/agents/session-write-lock.ts, src/agents/pi-embedded-runner/run/attempt.ts)
• bmendonca3: Authored the orphan self-PID lock reclaim behavior that is relevant when a live Gateway process loses its in-memory held-lock state. (role: orphan-self reclaim contributor; confidence: high; commits: 4985c561dfc4; files: src/agents/session-write-lock.ts, src/agents/session-write-lock.test.ts)
• samzong: Authored the merged teardown change that isolated cleanup steps so session lock release remains unconditional in the embedded attempt path. (role: release-cleanup contributor; confidence: medium; commits: 61fef8c6894d; files: src/agents/pi-embedded-runner/run/attempt.ts, src/agents/pi-embedded-runner/run/attempt.subscription-cleanup.ts)
• vincentkoc: Authored recent listener-lifecycle hardening on the same session-lock primitive. (role: recent session-lock lifecycle contributor; confidence: medium; commits: f00f0a95968f; files: src/agents/session-write-lock.ts, src/agents/session-write-lock.test.ts)

Codex review notes: model gpt-5.5, reasoning high; reviewed against 838956becd49.

[slideshow-dingo]

Adding field evidence: the lock-leak is self-perpetuating because the cleanup mechanism itself is blocked by the same lock.

In my gateway logs (v2026.4.29, Linux 6.8, Node 24.14.1, 24-core VM):

[module:cron] cron-reaper: failed to sweep session store: SessionWriteLockTimeoutError: session file locked (timeout 10000ms): pid=1076774 ...

The cron-reaper is an internal cleanup job that should be pruning old sessions. It is hitting SessionWriteLockTimeoutError on every run, meaning it never successfully cleans up. This creates a feedback loop:

1. Lock contention → lock timeout → cron-reaper fails
2. cron-reaper failure → stale session entries accumulate in sessions.json
3. Larger sessions.json → longer read/write times → more lock contention
4. Back to step 1

Additional evidence: 295 .deleted.* orphaned transcript files and 135 .reset.* files exist in ~/.openclaw/agents/main/sessions/. These are leftover sidecars from compacted/deleted sessions that the cron-reaper should be removing — but it can't, because it's blocked by the same lock it's trying to clean.

The sessions.json index file is currently 9.5MB with 131 active entries. The registry never shrinks because the cleanup job that would prune it is itself a casualty of the lock contention.

Operational mitigation: Running openclaw sessions cleanup manually works (I just confirmed it). Scheduling it as a recurring cron job every 4h keeps the registry from growing indefinitely. But the root cause — the lock blocking the cleanup that would relieve the lock — remains unfixed upstream.

For the fix: the cleanup path needs a way to run without acquiring the same store lock it's trying to relieve. Consider making maintenance reads lock-free (snapshot) or adding a separate process/thread for cleanup that bypasses the main lane's lock.