Session file lock leak when user manually aborts agent (non-timeout abort never releases lock)

[williammu]

Description

When a user manually stops an agent, the session file lock is never released, causing subsequent turn attempts to fail with SessionWriteLockTimeoutError for 60+ seconds.

Steps to Reproduce

1. Start any agent conversation
2. While agent is mid-response (e.g., waiting on LLM API), manually stop the agent
3. Immediately try to send another message to the same agent

Expected Behavior

Agent should recover and accept new messages immediately after abort.

Actual Behavior

Root Cause

File: selection-C4e-Qn9W.js (bundled), function abortRun:

const abortRun = (isTimeout = false, reason) => {
    aborted = true;
    // ...
    abortCompaction();
    abortActiveSession();
    // BUG: releaseHeldLockForAbort() only called for timeout abort
    if (isTimeout) sessionLockController.releaseHeldLockForAbort().catch(...)
};

releaseHeldLockForAbort() is guarded by if (isTimeout). When user aborts manually, isTimeout=false, so the lock is never released.

Failure Chain

1. User manual abort → abortRun(isTimeout=false) → releaseHeldLockForAbort() SKIPPED → lock remains held
2. Run cleanup → acquireForCleanup() → acquireCleanupLock() → takeHeldLockAfterRetainedIdle() fails (lock in use)
3. Falls back to acquireLock() → lock already held → waits 60s → SessionWriteLockTimeoutError
4. cleanupEmbeddedAttemptResources() never reached → lock NEVER released
5. Only freed by watchdog (maxHoldMs, default 300s) or gateway restart

Relevant Logs

Suggested Fix

- if (isTimeout) sessionLockController.releaseHeldLockForAbort().catch(...);
+ sessionLockController.releaseHeldLockForAbort().catch((err) => {
+     log.warn("failed to release session lock on abort: runId=" + params.runId + " " + String(err));
+ });

Environment

• OpenClaw version: 2026.5.27
• Node: v22.22.1
• OS: Linux (Ubuntu 7.0.0-15-generic)
• Provider: DeepSeek (deepseek-v4-pro)

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed May 31, 2026, 7:38 AM ET / 11:38 UTC.

Summary
Keep open: current main and the latest release still keep releaseHeldLockForAbort() behind the timeout-only branch, while the manual user-abort path calls abortRun(false), so the reported lock leak remains a narrow valid bug.

Reproducibility: yes. at source level: user abort routes to abortRun(false), and current main only releases the retained lock for timeout aborts. I did not run a live gateway reproduction in this read-only review.

Next step
This is a narrow source-backed repair candidate with clear files, no new config, and no product decision required.

Review details

Best possible solution:

Release the retained session lock for every abort path while keeping timeout-only abandoned-run marking timeout-only, then add a regression test for manual user abort cleanup.

Do we have a high-confidence way to reproduce the issue?

Yes at source level: user abort routes to abortRun(false), and current main only releases the retained lock for timeout aborts. I did not run a live gateway reproduction in this read-only review.

Is this the best way to solve the issue?

Yes, the suggested fix direction is the narrow maintainable path if it releases the lock on all aborts while preserving timeout-only abandonment semantics. The fix should not broaden into unrelated session-lock reliability reports.

AGENTS.md: found and applied where relevant.

Remaining risk / open question:

• The issue body does not include runtime logs, so the repair should add focused regression coverage for the manual-abort path before landing.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 1cb5a57631c3.

Label changes

Label changes:

• add P1: A manual stop can leave an agent session unable to accept follow-up turns until timeout/watchdog or restart, which is a broken agent workflow for affected users.
• add impact:message-loss: Subsequent user messages can fail before the agent produces a reply because the same session file remains locked.
• add impact:session-state: The reported bug leaves live session lock state inconsistent with the user-aborted run lifecycle.
• add issue-rating: 🦞 diamond lobster: Current issue advisory state selects this label.
• add clawsweeper:source-repro: Current issue advisory state selects this label.
• add clawsweeper:queueable-fix: Current issue advisory state selects this label.
• add clawsweeper:fix-shape-clear: Current issue advisory state selects this label.

Label justifications:

• P1: A manual stop can leave an agent session unable to accept follow-up turns until timeout/watchdog or restart, which is a broken agent workflow for affected users.
• impact:session-state: The reported bug leaves live session lock state inconsistent with the user-aborted run lifecycle.
• impact:message-loss: Subsequent user messages can fail before the agent produces a reply because the same session file remains locked.

Evidence reviewed

Acceptance criteria:

• node scripts/run-vitest.mjs src/agents/embedded-agent-runner/run/attempt.session-lock.test.ts
• node scripts/run-vitest.mjs src/agents/embedded-agent-runner/runs.test.ts
• node scripts/run-vitest.mjs src/auto-reply/reply/reply-run-registry.test.ts src/auto-reply/reply/commands-session-abort.test.ts

What I checked:

• Current abort path keeps lock release timeout-only: On current main, abortRun aborts compaction and the active session, but releaseHeldLockForAbort() only runs inside if (isTimeout && queueHandleForAbandonment), so abortRun(false) does not release the retained lock. (src/agents/embedded-agent-runner/run/attempt.ts:2973, 1cb5a57631c3)
• Manual abort reaches abortRun(false): The active embedded run handle uses abortActiveRunExternally, which sets externalAbort = true and calls abortRun() without a timeout argument; abortEmbeddedAgentRun invokes that handle's abort() for user stop flows. (src/agents/embedded-agent-runner/run/attempt.ts:3134, 1cb5a57631c3)
• Abort command routes to active run abort: The user-facing abort flow calls abortSessionRunTarget, which calls replyRunRegistry.abort(key) and abortEmbeddedAgentRun(sessionId); abortByUser() creates an AbortError but does not mark the abort as a timeout. (src/auto-reply/reply/abort.ts:118, 1cb5a57631c3)
• Cleanup can collide with the retained lock: acquireForCleanup() first tries to take the retained lock after idle, then falls back to acquiring the session lock; if the retained lock is still held by the live process, this is the path that can surface a session write-lock timeout. (src/agents/embedded-agent-runner/run/attempt.session-lock.ts:859, 1cb5a57631c3)
• Latest release has the same timeout-only release guard: v2026.5.28 still has releaseHeldLockForAbort() only under the isTimeout && queueHandleForAbandonment branch, so this is not fixed in the latest shipped release either. (src/agents/embedded-agent-runner/run/attempt.ts:2891, e93216080aa1)
• History points to the current abort-run shape and recent manual-abort work: git blame ties the current timeout-only branch to commit 7606e1dd3d3fa9b311b6afc0bd92d03de00292bb, while f454d6202f1a2fe56f232cd469d47257cdd8cd65 recently changed explicit active-run abort handling adjacent to this path. (src/agents/embedded-agent-runner/run/attempt.ts:2958, 7606e1dd3d3f)

Likely related people:

• @steipete: git blame shows Peter Steinberger authored the current abortRun block where lock release remains inside the timeout-only branch. (role: introduced/current implementation provenance; confidence: medium; commits: 7606e1dd3d3f; files: src/agents/embedded-agent-runner/run/attempt.ts)
• @obviyus: Ayaan Zaidi recently changed the active-run abort/cancel path that now calls abortRun() for explicit external aborts, directly adjacent to the reported manual-abort behavior. (role: recent adjacent contributor; confidence: medium; commits: f454d6202f1a; files: src/agents/embedded-agent-runner/run/attempt.ts)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[steipete]

Fixed on main via #88623 / 95890fe.

Manual embedded-attempt aborts now release the retained session lock through the same best-effort abort lock-release path used by timeout aborts, while timeout abandonment remains timeout-only.

Proof:

• node scripts/run-vitest.mjs src/agents/embedded-agent-runner/run/attempt-abort.test.ts src/agents/embedded-agent-runner/run/attempt.session-lock.test.ts src/agents/embedded-agent-runner/run/attempt.subscription-cleanup.test.ts test/scripts/plugin-prerelease-test-plan.test.ts
• pnpm check:test-types
• pnpm exec oxfmt --check --threads=1 src/agents/embedded-agent-runner/run/attempt.ts src/agents/embedded-agent-runner/run/attempt-abort.ts src/agents/embedded-agent-runner/run/attempt-abort.test.ts
• git diff --check
• Branch autoreview clean
• Full PR CI on 56fa542 passed, including Real behavior proof, build-artifacts, check-test-types, check-prod-types, check-lint, security-fast, and agent/runtime shards.