[Bug]: openclaw-agent ignores SIGTERM under cron, accumulates hung process chains and exhausts host RAM/swap

[nikolaykazakovvs-ux]

Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

No

Summary

openclaw agent processes spawned by cron with timeout 600 openclaw agent ... (without -k <delay>) accumulate as long-lived hung chains because the agent does not exit on SIGTERM. Within ~2.5 days a multi-firing-per-day cron schedule exhausts host RAM and swap.

Steps to reproduce

1. On a Linux host with cron, schedule any agent with a wrapper that has no SIGKILL escalation, e.g.:

   0 2,8,14,20 * * * timeout 600 openclaw agent --agent <X> --message "HEARTBEAT: ..." >> ~/logs/<X>.log 2>&1
   0 */2 * * *      timeout 600 openclaw agent --agent <X> --message "HEARTBEAT: ..." >> ~/logs/<X>.log 2>&1
   

2. Let it run for ≥48 hours. Each time the agent does something that blocks past the 600s budget (synchronous gateway call, slow tool, networked search, etc.), the wrapper sends SIGTERM at 600s — the agent does not exit.
3. Inspect ps -eo pid,ppid,stat,etime,rss,cmd | grep openclaw-agent | sort -k4. You will see process trees layered as /bin/sh -c "timeout 600 openclaw agent ..." -> timeout -> openclaw-agent, all of them surviving across many cron firings.

Expected behavior

One of:

• (a) The agent installs an async-safe SIGTERM handler that drains in-flight work and exits within a small bounded grace window (e.g. ≤30s), or
• (b) The shipped CLI/cron documentation explicitly requires timeout -k <delay> <duration> (or equivalent) for any cron-spawned agent and warns about the leak otherwise.

Either is acceptable; (a) is the proper fix, (b) is the minimal documentation fix that prevents new users from being burned.

Actual behavior

Real incident timeline observed on this host:

• 2026-04-17 17:34 UTC — first occurrence. 14 hung openclaw-agent processes accumulated across two cron schedules (4×/day karma + 12×/day intel). Swap 96%, RAM 4.0 GiB used / 11 GiB available; Opus turn failed because the local Ollama RAM-fallback couldn't allocate 13.7 GiB.
• Initial mitigation (same day) — wrapped both cron lines in timeout 300 openclaw agent .... This stopped future indefinite growth but did not prevent SIGTERM-swallowed leaks beyond the 300s budget. Eight days later the chains were back, just slower.
• 2026-04-25 00:14 UTC — second occurrence after we extended the budget to timeout 600. 23 hung chains accumulated over 2.5 days, RSS ~7 GiB combined, swap 100% (4.0 / 4.0 GiB), available 3.6 GiB. RAM used 11 / 15 GiB. Gateway PID was at risk of OOM-kill.

Process layering observed (from ps -ef and pstree):

/bin/sh -c "timeout 600 openclaw agent --agent social-director --message ..."
 └── timeout 600 openclaw agent --agent ... (waiting for child after SIGTERM at t=600s)
      └── openclaw-agent (still alive, RSS 40-730 MB depending on age)

pkill -TERM on openclaw-agent had no effect — only pkill -9 (SIGKILL) freed the chain. Cleanup required two passes:

1. pkill -9 -f "/bin/sh -c timeout 600 openclaw agent --agent social-director" — outer shells
2. pkill -9 -f "^openclaw-agent" --older 600 — orphaned agents reparented to init

After cleanup: chains 69 → 0, RAM 11 → 4.6 GiB, swap 4.0 GiB → 374 MiB. Gateway untouched, uptime preserved.

OpenClaw version

2026.4.23 (incident reproduced on the same version family across 2026.4.17–2026.4.23)

Operating system

Ubuntu 24.04.4 LTS (kernel 6.8.0-107-generic), systemd 255

Install method

npm global (/home/ubuntu/.npm-global/lib/node_modules/openclaw), Node v22.22.1

Model

claude-cli/claude-opus-4-7 (the agent under cron is social-director running on this primary)

Provider / routing chain

cron -> /bin/sh -> coreutils timeout -> openclaw agent (CLI) -> openclaw gateway (systemd --user) -> auth-profile anthropic:claude-cli -> claude (CLI) -> anthropic.com

Additional provider/model setup details

Workaround currently in production:

0 2,8,14,20 * * * timeout -k 60 600 openclaw agent --agent social-director --message "..." >> ~/logs/social-director.log 2>&1
0 */2 * * *      timeout -k 60 600 openclaw agent --agent social-director --message "..." >> ~/logs/social-director.log 2>&1

The -k 60 flag tells coreutils-timeout to send SIGKILL 60s after the SIGTERM if the child hasn't exited. This mitigates the symptom but does not address the root cause — the agent still ignores SIGTERM, which means any other supervisor that doesn't escalate to SIGKILL has the same leak.

Suggested direction

• Primary: install an async-safe SIGTERM handler on the agent process that:
  • cancels any pending synchronous gateway HTTP call,
  • flushes the current message/log buffers,
  • exits within a bounded grace window (≤30s default, configurable).
• Secondary: document, in the CLI/cron docs, that timeout -k <delay> (or systemd-run --on-active=... --wait with KillMode=mixed) is required for cron-spawned agents until the primary fix lands.

Related signal-handling / supervisor issues that touch the same surface but from different angles:

• Process supervisor: graceful signal escalation and drain timeout for exec tool #66399 — Process supervisor: graceful signal escalation and drain timeout for exec tool — directly relevant; same direction of fix needed for the agent CLI entry-point.
• BUG: Supervisor sends SIGKILL instead of SIGTERM for long-running agents — causes session lock cascade #70026 — Supervisor sends SIGKILL instead of SIGTERM for long-running agents — causes session lock cascade — opposite end of the same problem (supervisor side).
• feat: wire SQLite message store into active gateway for SIGTERM resilience #65650 — feat: wire SQLite message store into active gateway for SIGTERM resilience — orthogonal; addresses message persistence across restarts.

---

Reported by @nikolaykazakovvs-ux via Cognitor (claude-opus-4-7 substrate).

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
Keep open. Current main still lacks a caller-side SIGTERM/SIGINT bridge for Gateway-backed openclaw agent runs, and the linked closing PR is open rather than merged.

Reproducibility: yes. at source level: hold a Gateway-backed openclaw agent request pending, send SIGTERM/SIGINT to the CLI, and current main has no caller abort or accepted-run cancellation path. I did not run a fresh live cron reproduction in this read-only review.

Next step
No new repair job should be queued because the issue already has an open linked implementation PR that owns the fix path.

Review details

Best possible solution:

Review and land #84381 if it passes Gateway/security/CI review, then close this issue and split any residual no-signal handle leak into a narrower follow-up if needed.

Do we have a high-confidence way to reproduce the issue?

Yes at source level: hold a Gateway-backed openclaw agent request pending, send SIGTERM/SIGINT to the CLI, and current main has no caller abort or accepted-run cancellation path. I did not run a fresh live cron reproduction in this read-only review.

Is this the best way to solve the issue?

Yes, the linked PR’s approach is the right fix shape because it bridges process signals into the existing Gateway chat.abort seam. The issue should stay open until that PR or an equivalent implementation merges.

Label changes:

• remove clawsweeper:no-new-fix-pr: Current issue advisory state no longer selects this label.
• remove clawsweeper:linked-pr-open: Current issue advisory state no longer selects this label.

Label justifications:

• P1: The report describes real cron-spawned agent processes accumulating until host RAM and swap are exhausted.
• impact:crash-loop: The issue is about hung process chains and process-level availability/resource exhaustion.

What I checked:

• Live issue has an open closing PR: GitHub shows this issue is open and linked to fix(agent): abort accepted gateway runs on signal #84381, which is still open and not merged.
• Current CLI call lacks signal cancellation: The one-shot agent command waits on callGateway({ method: "agent", expectFinal: true, timeoutMs }) without passing a caller AbortSignal, signal handler, accepted-run callback, or cancellation follow-up. (src/commands/agent-via-gateway.ts:193, 447a3643c69b)
• Gateway call options do not expose caller abort state: CallGatewayBaseOptions includes expectFinal and timeoutMs but no caller AbortSignal or accepted-run notification hook for the CLI to use on SIGTERM. (src/gateway/call.ts:48, 447a3643c69b)
• Accepted run context is hidden while awaiting final response: The Gateway client ignores status: "accepted" responses while expectFinal is true, and request() only accepts expectFinal and timeoutMs, so the waiting caller cannot learn the accepted run id for cancellation. (src/gateway/client.ts:930, 447a3643c69b)
• Server-side abort seam already exists: The Gateway agent handler registers a chat abort controller before sending the accepted ack and passes its signal into the dispatched agent run, so the missing part is forwarding the CLI signal into that seam. (src/gateway/server-methods/agent.ts:1442, 447a3643c69b)
• Docs do not yet cover the external cron hard-kill workaround: Current cron and agent docs describe internal cron timeouts and --timeout, but the searched docs do not document timeout -k or a SIGKILL backstop for external cron wrappers. Public docs: docs/automation/cron-jobs.md. (docs/automation/cron-jobs.md:56, 447a3643c69b)

Likely related people:

• steipete: Peter Steinberger authored 9623bd77638e, which routed the agent CLI through the Gateway and introduced the central command path involved here. (role: introduced behavior and major area contributor; confidence: high; commits: 9623bd77638e; files: src/commands/agent-via-gateway.ts, src/commands/agent.ts)
• bitloi: Commit af4260806865 added Gateway chat.abort integration for stopping agent RPC runs, which is the server-side cancellation seam relevant to this issue. (role: adjacent abort seam contributor; confidence: high; commits: af4260806865; files: src/gateway/server-methods/agent.ts, src/gateway/server-methods/agent.test.ts)
• Hemant Sudarshan: Commit fbae2a644139 changed the same agent CLI boundary and docs around Gateway timeout fallback behavior. (role: recent adjacent CLI timeout contributor; confidence: medium; commits: fbae2a644139; files: src/commands/agent-via-gateway.ts, src/commands/agent-via-gateway.test.ts, docs/cli/agent.md)
• Ayaan Zaidi: Current-main blame for the affected command and Gateway files resolves through recent grafted commits by Ayaan Zaidi, so this is a recent-touch signal rather than clear feature ownership. (role: recent area contributor; confidence: low; commits: e067203b2217, f359299df47c; files: src/commands/agent-via-gateway.ts, src/gateway/call.ts, src/gateway/client.ts)
• Kaspre: Kaspre authored the open closing PR that implements the signal-to-Gateway abort bridge and supplied residual runtime data in the issue discussion. (role: active linked fix implementer; confidence: medium; commits: ea5dfbaf3246; files: src/commands/agent-via-gateway.ts, src/gateway/call.ts, src/gateway/client.ts)

Remaining risk / open question:

• No fresh multi-day cron reproduction was run in this read-only review; the keep-open decision is based on the detailed report plus source-level cancellation gaps on current main.
• The later no-signal --local handle-leak comment may be a distinct cleanup problem that should be split after the SIGTERM bridge lands if it still reproduces.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 447a3643c69b.

[Kaspre]

Adding a residual data point that complements the existing report: the same hung-process accumulation happens in our environment even without external SIGTERM, i.e., for invocations that aren't wrapped in timeout. The CLI process simply never exits after the model output is logically done.

Captured signal on two such PIDs this morning (openclaw agent --local spawned by cron, ages 4h and 24min):

• wchan = do_epoll_wait, worker threads in futex_wait_queue
• Event-loop-pinning handles are concrete: LCM SQLite handles, OTel exporter HTTP keep-alive socket to localhost:4318, Dagu runs.sqlite handles, plus orphaned codex stdio pipe pairs from already-exited codex children

Important caveat: both hung agents were openai/gpt-5.5 routed through codex, and the shape matches #82343 / #82403 (codex emits rawResponseItem/completed without turn/completed, OC waits for terminal idle timeout). #82403's release-on-raw-completion fix should land most of the codex-routed cases.

What clawsweeper's outlined SIGTERM-bridge fix catches is the timeout-wrapped external-supervisor case (cron jobs with hard wall-clock budgets). What it wouldn't catch is the "no signal sent, process never exits" shape — that needs either (a) the cleanup chain to actually run all the way through (OTel exporter shutdown(), LCM close(), etc.) on natural exit, or (b) a wall-clock self-kill in the CLI entry. We've added (b) locally as a 600s defense-in-depth, --timeout N honored.

Happy to file the post-completion handle-leak as a separate narrower issue once #82403 has shipped and we can measure what residual remains.