[Bug]: Session write-lock timeouts block subagent delivery lanes

[galiniliev]

Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

No

Summary

Session JSONL write-lock timeouts block main, cron-nested, and subagent lanes, then surface as delivery/lifecycle failures without enough owner diagnostics.

Steps to reproduce

1. Run OpenClaw with main-session and subagent delivery lanes writing to session JSONL files.
2. Contend a session write lock long enough for lane tasks and final delivery to hit the write-lock timeout.
3. Observe lane errors and direct announce failure logs.

Expected behavior

Write-lock timeouts should preserve enough owner liveness/starttime/staleness evidence for recovery triage, and subagent final output should remain durable even when direct announce cannot acquire the lock.

Actual behavior

Gateway logs showed 161 SessionWriteLockTimeoutError lines, 41 subagent lane rejections, and repeated main-session lane errors in the 2026-05-23T14:42:08Z through 2026-05-25T14:42:08Z window.

OpenClaw version

2026.5.25 dev checkout

Operating system

Linux WSL2

Install method

pnpm dev

Model

NOT_ENOUGH_INFO

Provider / routing chain

NOT_ENOUGH_INFO

Additional provider/model setup details

NOT_ENOUGH_INFO

Logs, screenshots, and evidence

Window analyzed: 2026-05-23T14:42:08Z through 2026-05-25T14:42:08Z
Counts:
- 161 lines contained: SessionWriteLockTimeoutError
- 41 lines contained: lane task rejected after timeout
- 158 lines contained: lane task error

Redacted excerpts:
lane task rejected after timeout: lane=subagent timeoutMs=31000 error="SessionWriteLockTimeoutError: session file locked (timeout 60000ms): pid=[redacted pid] [redacted session lock path]"
lane task error: lane=cron-nested durationMs=380507 error="SessionWriteLockTimeoutError: session file locked (timeout 60000ms): pid=[redacted pid] [redacted session lock path]"
[warn] Subagent completion direct announce failed for run [redacted run id]: SessionWriteLockTimeoutError: session file locked (timeout 60000ms): pid=[redacted pid] [redacted session lock path]: code=OPENCLAW_SESSION_WRITE_LOCK_TIMEOUT

Impact and severity

Affected: main session, cron-nested, and subagent delivery lanes.
Severity: High, because completion output can fail after child work is otherwise done.
Frequency: 161 timeout lines were observed in the analyzed two-day log window.
Consequence: lifecycle delivery and direct announce can fail behind a session write lock.

Additional information

The implicated code paths were src/agents/session-write-lock.ts timeout reporting and subagent final-delivery persistence.

[clawsweeper]

Codex review: keeping this open for maintainer follow-up; there is still a little grit to resolve. Reviewed June 12, 2026, 5:22 AM ET / 09:22 UTC.

Summary
Codex review failed: retryable codex transport failure (capacity) (exit 1).

Reproducibility: unclear. The review failed before ClawSweeper could establish a reproduction path.

Ways to help us reproduce this

• Add a screenshot or short recording showing the behavior.
• Add expected vs actual behavior.

Next step
Review did not complete, so no work-lane recommendation was made.

Review details

Best possible solution:

Retry the Codex review after fixing the execution failure.

Do we have a high-confidence way to reproduce the issue?

Unclear. The review failed before ClawSweeper could establish a reproduction path.

Is this the best way to solve the issue?

Unclear. Retry the review first so ClawSweeper can evaluate the actual issue and fix direction.

AGENTS.md: unclear because the file could not be read completely.

Remaining risk / open question:

• No close action taken because the review did not complete.

Codex review notes: model internal, reasoning high; reviewed against d4819948f37d.

Label changes

Label changes:

• add issue-rating: 🦪 silver shellfish: Current issue advisory state selects this label.
• add clawsweeper:needs-info: Current issue advisory state selects this label.
• remove P1: Current review triage priority is none.
• remove clawsweeper:no-new-fix-pr: Current issue advisory state no longer selects this label.
• remove clawsweeper:source-repro: Current issue advisory state no longer selects this label.
• remove clawsweeper:linked-pr-open: Current issue advisory state no longer selects this label.
• remove impact:session-state: Current review selected no impact labels.
• remove impact:message-loss: Current review selected no impact labels.
• remove issue-rating: 🦞 diamond lobster: Current issue advisory state no longer selects this label.

Evidence reviewed

What I checked:

• failure reason: retryable codex transport failure (capacity)
• codex failure detail: Codex review failed for this issue with exit 1.
• codex stderr: replyRunRegistry.waitForIdle(\n params.sessionKey, waitTimeoutMs, { signal: params.upstreamAbortSignal }\n )) return { status: "skipped", reason: "active-run" };\n }\n }\n}\n\n\n**`reply-run-registry-*.js` → `waitForIdle()`** (line ~248):\n\njs\nwaitForIdle(sessionKey, timeoutMs, opts) {\n // ...\n return new Promise((resolve) => {\n const waiter = { finish: (ended) => { /* ... */ resolve(ended); } };\n // Only sets timeout if timeoutMs is a finite number:\n if (typeof timeoutMs === "number" && Number.isFinite(timeoutMs))\n waiter.timer = setTimeout(() => waiter.finish(false), Math.max(100, timeoutMs));\n // When timeoutMs is undefined → no timer → waits forever\n // ...\n });\n}\n```\n\n### Why the lock leaks\n\nThe stale entry in replyRunState.activeRunsByKey persists because a prior reply operation was created (`createReplyOperation` added it to the map) but never completed its lifecycle (the `clearState()` callback was never invoked). Possible triggers:\n\n1. Unhandled promise rejection during the model API call that bypasses the `finally` block\n2. A heartbeat-driven run that set `pendingFinalDelivery` without clearing it (see [Bug]: Heartbeat-driven agent replies leave pendingFinalDelivery stuck, blocking subsequent heartbeats #83184)\n3. An embedded run (e.g. Codex app-server) that emitted `notification:turn/started` then went silent (see Codex app-server emits notification:turn/started then goes silent; embedded run wedges for the full stuck-session recovery window #85251)\n4. A native tool call that never emitted a completion event (see Stale diagnostic tool_call activity can survive recovery/reset and re-block sessions as blocked_tool_call #87310)\n\n### Why there is no log output\n\nTh.

Likely related people:

• unknown: Codex failed before it could trace repository history. (role: review did not complete; confidence: low)

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[robertdonnellyiii]

Me-too repro on 2026.5.28-beta.1, macOS 25.5.0, requester session = webchat dashboard, model = anthropic/claude-opus-4-7.

User spawned 5 parallel research subagents (council pattern) on Opus 4.7 via sessions_spawn from a webchat main session. All 5 children completed cleanly, wrote their deliverables to disk, and ended with substantive (~10KB) final assistant text. openclaw tasks shows the consistent signature:

<id>… subagent succeeded  failed   …  Required completion delivery failed before reaching the requester: SessionWrite…

Gateway log shows the announce path hitting the 180s ceiling, exactly 4 retries, then giving up:

[warn] Subagent announce completion direct announce agent call transient failure, retrying 2/4 in 5s: gateway timeout after 180000ms
[warn] Subagent announce completion direct announce agent call transient failure, retrying 3/4 in 10s: gateway timeout after 180000ms

…repeated for each of the 5 children. No completion ever delivered to the parent webchat session. From the user's perspective: parent session went silent after sessions_yield; user had to manually nudge ("did it land without an announcement again?") for the parent to discover, via subagents/openclaw tasks, that the children had in fact succeeded.

Two extra data points worth noting:

1. Failure-status completions DO deliver. A separate diagnostic spawn the same session crashed early with FailoverError: Unknown model: anthropic/claude-haiku-4-5 (separate model-whitelist issue). Its status: failed completion event delivered to the parent webchat without issue. So the SessionWriteLockTimeout appears to bite specifically on success-path announce-writes carrying real payload, not on failure-path short events. Useful narrowing if the linked PR doesn't already cover both lanes.

2. 5/5 children hit the same write-lock window. Five concurrent direct-announce writes targeting the same parent webchat session JSONL appear to mutually contend for the parent's write lock. The N-concurrent-spawn case might warrant explicit serialization of announce-writes against a single requester session even after the underlying timeout fix, since 60s × 5 children > 180s ceiling on its own.

User-side impact: durable artifact loss is small (children write deliverables to disk before final reply, so files persist), but trust impact is real — the parent agent looks like it silently abandoned the work, and discovers success only by polling openclaw tasks. Until this lands, our workaround is to instruct the parent to always openclaw tasks + read the lane files itself on the next user turn rather than trust the announce path, which defeats the point of sessions_yield.

Happy to capture full raw gateway log slice if useful — the four [warn] lines per child are the only emitted signal at default log level.