SessionWriteLockTimeoutError: gateway never releases session file lock after embedded run timeout

[conini]

Bug Report

Version: 2026.5.22 (also present in 2026.5.20)
Platform: Docker (Debian-based), init: true (tini PID 1), Node.js v24.14.0

Summary

The gateway acquires a write lock on a session .jsonl file during an embedded agent run. If the run times out or fails, the lock is never released. All subsequent requests to that session block for 60 seconds waiting on the lock, then fail with SessionWriteLockTimeoutError. The retained session context leaks memory, contributing to monotonic RSS growth.

Reproduction Steps

1. Configure an agent with timeoutSeconds: 300 (or any finite timeout)
2. Trigger an embedded agent run (e.g., via cron agentTurn payload, or subagent spawn)
3. Ensure the run exceeds the timeout, or a tool call inside it errors/stalls
4. Observe that the .lock file on the session .jsonl persists indefinitely
5. Any subsequent request to the same session fails with SessionWriteLockTimeoutError

Observed Behavior

The lock file remains on disk with pid matching the gateway process. The gateway itself holds the lock — it is not an orphaned child process. The lock's maxHoldMs grows unboundedly.

Log Evidence

2026-05-24T10:10:19.763+00:00 [agent/embedded] embedded run timeout: runId=e295c559-441d-459e-aea1-a5f2268a8a10 sessionId=555b0189-2ff8-483b-87f5-ebab41995342 timeoutMs=300000

2026-05-24T10:11:51.382+00:00 [ws] ⇄ res ✗ agent errorCode=UNAVAILABLE errorMessage=SessionWriteLockTimeoutError: session file locked (timeout 60000ms): pid=7 /root/.openclaw/agents/main/sessions/555b0189-2ff8-483b-87f5-ebab41995342.jsonl.lock: code=OPENCLAW_SESSION_WRITE_LOCK_TIMEOUT

2026-05-24T10:14:01.488+00:00 Embedded agent failed before reply: session file locked (timeout 60000ms): pid=7 /root/.openclaw/agents/main/sessions/555b0189-2ff8-483b-87f5-ebab41995342.jsonl.lock

Lock File Contents (19 minutes after timeout)

{
  "pid": 7,
  "createdAt": "2026-05-24T10:29:15.171Z",
  "maxHoldMs": 1020000,
  "starttime": 76698844
}

Note: pid: 7 is the gateway process itself (PID 1 is tini). The lock is held by the gateway, not an orphaned child.

Impact

• Memory leak: Each stuck lock holds the full session object graph in memory (message history, tool results, thinking blocks). With cron jobs spawning dozens of agentTurn sessions, RSS grows monotonically at 40–160 MB/min until OOM.
• Session unavailability: The locked session becomes permanently inaccessible until the container is restarted or the lock file is manually deleted.
• Cascading failures: With runRetries at default (max: 160), each retry attempt against the locked session adds more to the retained graph without releasing the previous attempt.

Root Cause Hypothesis

The embedded run timeout/error handler does not release the session file write lock in its cleanup path. The lock acquisition likely happens in the session write pipeline, and the timeout interrupts execution after the lock is acquired but before the finally block (or equivalent cleanup) runs.

Specifically:

1. Gateway acquires write lock on {session}.jsonl.lock
2. Embedded run starts (tool calls, model API calls)
3. Run times out or tool call fails
4. Error propagates but bypasses the lock release path
5. Lock file persists on disk, gateway retains in-memory references

Environment Details

• Docker container with init: true (tini as PID 1 for zombie reaping)
• 74 cron jobs using agentTurn payload (each spawns a full LLM session)
• Multiple agents configured in single container
• Gateway PID: 7, Docker memory limit: 6GB
• Host: 2× Xeon Gold 6248 (40C/80T), 125GB RAM

Workaround

1. Automated stale lock cleanup (delete .lock files older than 2 minutes via cron)
2. Reduce runRetries.max from 160 to 32 (limits churn on stuck sessions)
3. Set timeoutSeconds and subagents.runTimeoutSeconds to finite values (prevents unbounded runs)
4. Container restart clears all locks and releases retained memory

Expected Behavior

When an embedded run times out or fails, the gateway should:

1. Release the session file write lock immediately
2. Release all in-memory references to the session context
3. Log the timeout/failure cleanly
4. Allow subsequent requests to the session to proceed normally

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve.

Latest ClawSweeper review: 2026-05-24 10:44 UTC / May 24, 2026, 6:44 AM ET.

Workflow note: Future ClawSweeper reviews update this same comment in place.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

Summary
Keep open: the report is detailed, recent, and current main does not show a post-release fix for the embedded-run timeout/session-lock cleanup path. Source review confirms this is the same session write-lock surface that can make later requests fail with SessionWriteLockTimeoutError, but a focused regression proof is still needed before claiming the exact leak path.

Reproducibility: no. high-confidence live reproduction was run in this read-only review. The issue provides concrete Docker steps and logs, and source inspection confirms the current lock path can produce the exact 60s SessionWriteLockTimeoutError when a same-process session lock remains held.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.
• Share version, platform, channel/provider, and relevant config details.

Next step
This is a bounded stability bug with clear likely files, but the repair lane must first add a regression proof for the timeout cleanup path.

Review details

Best possible solution:

Keep the issue open and land a narrow embedded-runner/session-lock fix that guarantees timeout/error cleanup releases or safely force-clears same-process session locks, with regression coverage for the reported timeout path.

Do we have a high-confidence way to reproduce the issue?

No high-confidence live reproduction was run in this read-only review. The issue provides concrete Docker steps and logs, and source inspection confirms the current lock path can produce the exact 60s SessionWriteLockTimeoutError when a same-process session lock remains held.

Is this the best way to solve the issue?

Yes: the best fix direction is a narrow cleanup/lock-lifecycle repair in the embedded runner rather than a new user-facing cleanup mode. The patch should prove timeout, tool-error, and abort paths release or force-clear the session lock before later requests retry.

Label changes:

• add P1: The report describes a live gateway/session workflow that becomes unavailable after embedded run timeouts and can grow memory until OOM.
• add impact:crash-loop: The issue is about process-level availability risk from retained session state and OOM after repeated stuck timeout retries.
• add impact:session-state: The failing surface is session transcript locking and retained session context after embedded run timeout cleanup.
• add issue-rating: 🐚 platinum hermit: Current issue advisory state selects this label.
• add clawsweeper:needs-live-repro: Current issue advisory state selects this label.

Label justifications:

• P1: The report describes a live gateway/session workflow that becomes unavailable after embedded run timeouts and can grow memory until OOM.
• impact:crash-loop: The issue is about process-level availability risk from retained session state and OOM after repeated stuck timeout retries.
• impact:session-state: The failing surface is session transcript locking and retained session context after embedded run timeout cleanup.

Acceptance criteria:

• node scripts/run-vitest.mjs src/agents/pi-embedded-runner/run/attempt.session-lock.test.ts src/agents/pi-embedded-runner/run/attempt.subscription-cleanup.test.ts src/agents/session-write-lock.test.ts
• node scripts/run-vitest.mjs src/gateway/server-methods/agent.test.ts -t timeout

What I checked:

• Reporter evidence: The issue reports v2026.5.22 and v2026.5.20 on Docker, with logs showing an embedded run timeout followed by repeated SessionWriteLockTimeoutError against the same session lock path and a lock payload owned by the gateway PID.
• Documented lock contract: The docs say transcript writes are protected by a process-aware per-session write lock and callers wait up to session.writeLock.acquireTimeoutMs, defaulting to 60000 ms before reporting the session busy. Public docs: docs/concepts/agent-loop.md. (docs/concepts/agent-loop.md:51, 295339d616f5)
• Current lock timeout behavior: Current main writes lock metadata including pid, createdAt, starttime, and maxHoldMs, then turns file-lock acquisition timeouts into SessionWriteLockTimeoutError with the lock owner and path. (src/agents/session-write-lock.ts:711, 295339d616f5)
• Embedded timeout cleanup path: The embedded runner abort timer logs embedded run timeout, calls abortRun(true), and later tries to acquire a cleanup lock before disposing session resources and releasing that cleanup lock. (src/agents/pi-embedded-runner/run/attempt.ts:3405, 295339d616f5)
• Cleanup release guard: cleanupEmbeddedAttemptResources releases the provided session lock in a finally, so the remaining bug is likely before or around cleanup lock acquisition, queued event drain, abort settlement, or an untracked held lock. (src/agents/pi-embedded-runner/run/attempt.subscription-cleanup.ts:55, 295339d616f5)
• Current-main/release check: The issue targets the latest release v2026.5.22, and git log v2026.5.22..HEAD over the relevant session-lock/embedded-runner files shows only adjacent thinking replay/OpenClaw home/test changes, not a clear fix for this lock timeout report. (295339d616f5)

Likely related people:

• Gio Della-Libera: Current blame in the checked-out history attributes the central embedded-runner cleanup and session-lock implementation to the current grafted base, and a post-release agent commit also touches the same runner surface. (role: recent area contributor; confidence: medium; commits: 82af6119faff, af765100ffa7; files: src/agents/pi-embedded-runner/run/attempt.ts, src/agents/pi-embedded-runner/run/attempt.session-lock.ts, src/agents/pi-embedded-runner/run/attempt.subscription-cleanup.ts)
• samzong: The changelog credits @samzong on the prior Agents/Pi abort-cleanup/session-write-lock race fix, which is directly adjacent to this remaining timeout cleanup report. (role: prior related fix contributor; confidence: medium; files: CHANGELOG.md)
• steipete: Local shortlog and recent post-release history show adjacent touches to the embedded attempt runner files and the latest release provenance, making this a useful routing candidate if the area needs owner review. (role: recent adjacent contributor; confidence: low; commits: d6c9387c0fbb; files: src/agents/pi-embedded-runner/run/attempt.ts)

Remaining risk / open question:

• No live Docker reproduction was run during this read-only sweep, so the exact mechanism still needs a regression test to distinguish a held in-process lock, an untracked self-owned lock file, a stuck event queue, or abort cleanup that never reaches finally.
• The existing watchdog and stale-lock cleanup paths are already security/stability-sensitive; a fix should prove why the reported same-process lock outlives maxHoldMs instead of layering an external cron-style cleanup into runtime behavior.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 295339d616f5.

[Forex666]

Windows Native Reproduction — Same Bug

Can confirm this also reproduces on Windows 10 native (no Docker), providing an additional platform data point.

Environment

• OpenClaw: 2026.5.22 (node_modules install, not Docker)
• Node: v24.13.0
• OS: Windows 10 22H2 (x64), no WSL
• Gateway: loopback (127.0.0.1:18789), running as scheduled task
• Config: agents.defaults.model.primary: iwhalecloud/deepseek-v4-pro, 26 cron jobs

Reproduction path (same root cause, different trigger)

Unlike the Docker case where embedded run timeout triggers the lock leak, on our Windows instance the lock leak was triggered by subagent completion announce writing back to the parent session:

1. Parent session (management-expert main session 49597be5) spawns 4 subagents
2. Subagents complete and try to announce results back to parent session
3. Session file lock .jsonl.lock is acquired for the announce write
4. Lock is never released — subsequent subagent announces all timeout at 60s

Full timeline from logs

12:22 CST — EmbeddedAttemptSessionTakeoverError: lock was *released prematurely* (not held until completion)
21:35 CST — Gateway restarted, old PID lock file cleaned as "dead-pid"
22:05 CST — SessionWriteLockTimeoutError begins: pid=23100 holds lock, never releases
22:05~22:50 — All subagent announces fail with SessionWriteLockTimeoutError (60s timeout × multiple retries)
22:57 CST — Final subagent gives up after retry-limit (3 retries)

Lock file evidence

{"pid": 5252, "maxHoldMs": 1020000}

Lock held by the gateway process itself (PID 5252 at time of incident), not an orphaned child.

Key log lines

SessionWriteLockTimeoutError: session file locked (timeout 60000ms): pid=5252
  ...\management-expert\sessions\49597be5-...jsonl.lock

EmbeddedAttemptSessionTakeoverError: session file changed while embedded prompt lock was released
  (earlier in the day — lock released prematurely before this session eventually deadlocked)

[warn] Subagent announce give up (retry-limit) run=... child=agent:technical-expert:subagent:...
  requester=agent:management-expert:main retries=3

User impact

• Webchat frontend: message sent → no reply → refresh browser → message lost
• Parent session aborted with stopReason: aborted
• Subagent results permanently lost (announce dead-lettered)

Workaround we deployed

1. Zombie lock cleanup cron (every 30min, scans for dead-pid .lock files)
2. Weekly session log cleanup (removes .trajectory.jsonl + 30d-old transcripts)
3. Gateway restart clears the immediate deadlock

Note

Not a concurrency limit issue — default maxChildrenPerAgent: 5 was not exceeded (4 subagents spawned). The lock bug triggers even under normal load.

[jpplaisted]

Confirmed on macOS native (arm64) — Discord channel rendered completely unavailable

OpenClaw 2026.5.22, macOS arm64, Node v25.9.0, native LaunchDaemon (not Docker)
Upgrading from v2026.5.20 with an in-flight Discord embedded run at restart time

The stuck lock was on the main Discord channel session, not a cron session. This caused sidecars.session-locks to block for 31,000ms+ on every boot, starving the event loop before the Discord WebSocket handshake could complete — so Discord never reached READY at all.

Manually deleting the .lock file and kickstarting the gateway did not stabilize it — event loop starvation persisted, likely due to the retained in-memory session context your report describes. Only rolling back to v2026.5.20 resolved it. Total Discord downtime: ~1h 45m.

This confirms the impact extends beyond session unavailability to full channel outage when the locked session is a channel session rather than an isolated cron run.