[bug]: crash-loop on startup: unmatched backend error: -26: mempool min fee not met

[dannydeezy]

Background

During a mempool spike, I had some low-fee-rate on-chain transactions from my lnd wallet that got dropped from default mempools. Then on startup I got into a crash loop with the following error:

unable to start server: unmatched backend error: -26: mempool min fee not met, 3241 < 3909

I was able to unblock by going into my bitcoin.conf and increasing maxmempool, but I don't think that is a sustainable solution.

Your environment

• lnd version 0.15.4-beta commit=v0.15.4-beta
• Linux Ubuntu
• bitcoind version v22.0.0

[dannydeezy]

some logs:

Nov 15 01:12:56 : 2022-11-15 01:12:56.498 [WRN] FNDG: fundingManager shutting down, stopping funding flow for ChannelPoint(672ee454ac5ac912ee99fd6f9788b8b058c291fc8840f0ddfbd3e6ae2a3273fd:1)
Nov 15 01:12:56 : 2022-11-15 01:12:56.498 [INF] BRAR: Breach arbiter shutting down
Nov 15 01:12:56 : 2022-11-15 01:12:56.498 [INF] UTXN: UTXO nursery shutting down
Nov 15 01:12:56 : 2022-11-15 01:12:56.498 [INF] NTFN: Cancelling epoch notification, epoch_id=2
Nov 15 01:12:56 : 2022-11-15 01:12:56.498 [INF] SWPR: Sweeper shutting down
Nov 15 01:12:56 : 2022-11-15 01:12:56.498 [INF] NTFN: Cancelling epoch notification, epoch_id=1
Nov 15 01:12:59 : 2022-11-15 01:12:59.202 [ERR] RPCS: [/routerrpc.Router/TrackPaymentV2]: context canceled
Nov 15 01:12:59 : 2022-11-15 01:12:59.515 [ERR] RPCS: [/lnrpc.Lightning/QueryRoutes]: insufficient local balance
Nov 15 01:13:00 : 2022-11-15 01:13:00.247 [INF] INVC: New invoice subscription client: id=1
Nov 15 01:13:00 : 2022-11-15 01:13:00.250 [INF] INVC: New single invoice subscription client: id=2, ref=(pay_hash=26c50faaf64a580e1fff49c9762aa1293fd5d8d97a44e4755588b8ec36087d40)
Nov 15 01:13:00 : 2022-11-15 01:13:00.275 [INF] INVC: New invoice subscription client: id=3
Nov 15 01:13:06 : 2022-11-15 01:13:06.499 [INF] WTCL: (anchor) Force quitting watchtower client
Nov 15 01:13:06 : 2022-11-15 01:13:06.500 [INF] WTCL: (anchor) Force quitting task pipeline
Nov 15 01:13:06 : 2022-11-15 01:13:06.500 [INF] WTCL: (anchor) Task pipeline unclean shutdown complete
Nov 15 01:13:06 : 2022-11-15 01:13:06.500 [INF] WTCL: (anchor) Watchtower client unclean shutdown complete, stats: tasks(received=0 accepted=0 ineligible=0) sessions(acquired=0 exhausted=0)
Nov 15 01:13:11 : 2022-11-15 01:13:11.508 [ERR] RPCS: [/routerrpc.Router/TrackPaymentV2]: context canceled
Nov 15 01:13:11 : 2022-11-15 01:13:11.865 [ERR] RPCS: [/lnrpc.Lightning/QueryRoutes]: insufficient local balance
Nov 15 01:13:16 : 2022-11-15 01:13:16.500 [INF] WTCL: (legacy) Force quitting watchtower client
Nov 15 01:13:16 : 2022-11-15 01:13:16.500 [INF] WTCL: (legacy) Force quitting task pipeline
Nov 15 01:13:16 : 2022-11-15 01:13:16.500 [INF] WTCL: (legacy) Task pipeline unclean shutdown complete
Nov 15 01:13:16 : 2022-11-15 01:13:16.501 [INF] WTCL: (legacy) Watchtower client unclean shutdown complete, stats: tasks(received=0 accepted=0 ineligible=0) sessions(acquired=0 exhausted=0)
Nov 15 01:13:16 : 2022-11-15 01:13:16.501 [INF] HSWC: HtlcNotifier shutting down
Nov 15 01:13:16 : 2022-11-15 01:13:16.501 [INF] PRNF: PeerNotifier shutting down
Nov 15 01:13:16 : 2022-11-15 01:13:16.501 [INF] CHNF: ChannelNotifier shutting down
Nov 15 01:13:16 : 2022-11-15 01:13:16.501 [INF] NTFN: bitcoind notifier shutting down
Nov 15 01:13:16 : 2022-11-15 01:13:16.535 [ERR] NTFN: Rescan to determine the spend details of outpoint=b89550a03f891b48061a5d0891162f5043d30fdfcc20fdb31331b74619158891:1, script=0 acd8f6a0ed87a778fae4469735666f3fd64d5e7da9e99fa55e88eeadbcdb8188 within range 762928-763200 failed: chain notifier shutting down
Nov 15 01:13:16 : 2022-11-15 01:13:16.545 [ERR] NTFN: Rescan to determine the conf details of txid=b89550a03f891b48061a5d0891162f5043d30fdfcc20fdb31331b74619158891 within range 762893-763200 failed: chain notifier shutting down
Nov 15 01:13:16 : 2022-11-15 01:13:16.546 [INF] HLCK: Health monitor shutting down
Nov 15 01:13:16 : 2022-11-15 01:13:16.546 [ERR] LTND: Shutting down because error in main method: unable to start server: unmatched backend error: -26: mempool min fee not met, 3241 < 3941
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] RPCS: Stopping RPC Server
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] RPCS: Stopping SignRPC Sub-RPC Server
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] RPCS: Stopping PeersRPC Sub-RPC Server
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] RPCS: Stopping VersionRPC Sub-RPC Server
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] RPCS: Stopping WalletKitRPC Sub-RPC Server
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] RPCS: Stopping RouterRPC Sub-RPC Server
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] RPCS: Stopping AutopilotRPC Sub-RPC Server
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] INVC: Cancelling invoice subscription for client=1
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] INVC: Cancelling invoice subscription for client=3
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] RPCS: Stopping ChainRPC Sub-RPC Server
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] RPCS: Stopping InvoicesRPC Sub-RPC Server
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] RPCS: Stopping NeutrinoKitRPC Sub-RPC Server
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] RPCS: Stopping WatchtowerRPC Sub-RPC Server
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] RPCS: Stopping WatchtowerClientRPC Sub-RPC Server
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] TORC: Stopping tor controller
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [INF] INVC: Cancelling invoice subscription for client=2
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [ERR] TORC: DEL_ONION got error: invalid arguments: unexpected code
Nov 15 01:13:16 : 2022-11-15 01:13:16.547 [ERR] LTND: error stopping tor controller: invalid arguments: unexpected code
Nov 15 01:13:17 : 2022-11-15 01:13:17.130 [INF] LTND: Shutdown complete
Nov 15 01:13:17 : unable to start server: unmatched backend error: -26: mempool min fee not met, 3241 < 3941
Nov 15 01:13:17 ip-172-31-90-95 systemd[1]: lnd.service: Main process exited, code=exited, status=1/FAILURE
Nov 15 01:13:17 ip-172-31-90-95 systemd[1]: lnd.service: Failed with result 'exit-code'.

[Roasbeef]

Duplicate issue from the last time we had a fee spike: #5969. Other instances across time: https://github.com/lightningnetwork/lnd/issues?q=is%3Aissue+mempool+min+fee+not+met+is%3Aclosed.

I was able to unblock by going into my bitcoin.conf and increasing maxmempool, but I don't think that is a sustainable solution.

There's not a good way around it afaict: bitcoind will start to increase the min fee needed to get into the mempool and if you want to allow things lower than that to get in, you need to increase the max mempool size.

We likely should properly catch this error and proceed. However that would sort of mask the issue here, since ppl would wonder why their transactions aren't getting mined.

[Roasbeef]

Re being able to proceed, we need to add a case above this to allow that to go thru: https://github.com/btcsuite/btcwallet/blob/master/wallet/wallet.go#L3745-L3748

Main question is how to actually handle this properly:

• Should we then try to re-sign again (depending on the context) w/ a higher fee rate?
• Or just return the error

As is, we'll also remove that txn so we don't try to broadcast again.

[dannydeezy]

gotcha thanks @Roasbeef that makes sense.

now if i understand correctly:

say my bitcoin node now runs an extra large mempool, but all its peers run default mempools. i could get into a situation where my bitcoin node has my txs, but nobody else does, even when mempool congestion chills out. how do i ensure that my bitcoin node will eventually rebroadcast these low-fee transactions? if i recall correctly there was some in-progress work in bitcoin core perhaps to identify this situation and rebroadcast automatically?

[Roasbeef]

say my bitcoin node now runs an extra large mempool, but all its peers run default mempools. i could get into a situation where my bitcoin node has my txs, but nobody else does, even when mempool congestion chills out.

Correct, the mempool is truly a murky place unfortunately. Bitcoin nodes have something called a feefilter: as they start to increase their min fee amount, they'll tell their peers not to send things below that fee rate.

The only solution to something like this in site is the fabled package relay construction. This would let you send that transaction, then also couple w/ it something to allow the fee to be high enough for acceptance.

[dannydeezy]

The only solution to something like this in site is the fabled package relay construction. This would let you send that transaction, then also couple w/ it something to allow the fee to be high enough for acceptance.

so in the meantime I might just wanna keep some miners on speed-dial eh?

[dannydeezy]

so in the meantime I might just wanna keep some miners on speed-dial eh?

or i guess if any miners run large mempools too, i could deliberately peer with them

[dannydeezy]

just a little more context on my situation for others to learn from:

• My lnd had sent some 1 sat/byte transactions that were unconfirmed
• I was running a default bitcoind mempool (300mb)
• Mempool spiked and started purging low-fee transactions, including mine
• I do an LND restart but get into a crash loop with mempool min fee not met
• I stop bitcoind, set maxmempool=1000 in bitcoind.conf, which increased my mempool size to 1000mb. restart bitcoind
• Now LND is able to restart fine
• However, those original 1 sat/byte transactions were dropped from my LND wallet, so their input utxos were now available to spend, and I spent them again elsewhere

In general my takeaway is that a lot of problems can be avoided if you just run a larger bitcoind mempool. but there are caveats associated with this

[Roasbeef]

Closing as the config issue has been resolved.

[Roasbeef]

Gonna re-open this as Boltz ran into it recently, and it can cause lnd to not want to start up.

We should catch the error, remove the tx, but still proceed with start up. Ideally we also have another way of letting users know that their transactions have fallen out of the "default mempool".

[sangaman]

I'm in a spot where I tried opening a channel at the early stages of this this most recent (and prolonged) mempool traffic jam. I used a --conf_target value that was apparently too high, and even though the rpc call succeeded it was actually immediately rejected by the bitcoind node I'm using with the default mempool. Since then the mempool jam has gotten even worse, and currently the channel is still listed among the pending channels (even though it has not been broadcast) and the utxo I used when opening the channel is not available for spending. I'm hesitant to restart bitcoind, and I don't want to restart lnd and then have it fail to start back up because of this mempool min fee not met error.

Seems like a couple of things that would be nice to have (in addition to fixing the startup issue described above) would be:

1. The open channel RPC fails if the tx is rejected when it's attempted to be broadcast, the tx is discarded and the utxo becomes available to try again with a higher fee.
2. The ability to RBF channel opens that fall out of the mempool or that just take very long to confirm due to a mempool spike.

[ziggie1984]

The ability to RBF channel opens that fall out of the mempool or that just take very long to confirm due to a mempool spike.

I am not quite sure I understand this, so you want to RBF a channel opening although its not in your local mempool?

[ziggie1984]

I will take this one

[guggero]

You can't RBF a funding transaction, as that would invalidate any commitment transaction. Or do you mean a spec proposal for a new re-negotiation/signing message?

[ziggie1984]

You can't RBF a funding transaction, as that would invalidate any commitment transaction. Or do you mean a spec proposal for a new re-negotiation/signing message?

exactly that's also what I was thinking about, maybe he was thinking about making the ChannelOpening RBFable in the first place(sequence below FFFFFFFd) so one could essentially double-spend it in case its lingering in the mempool for too long, which might be cheaper than hitting the Chain with the Commitment Transaction (apart from the timelock I am putting on the funds in case I force-close the channel) ?

[guggero]

I don't think we should do that either. It will just encourage users to actually do RBF. There were at least two cases I know of where users imported lnd keys into Electrum to create an RBF replacement TX for a funding transaction, putting their funds at risk. This only worked because the original one was already evected from the mempool. But IMO we shouldn't encourage being able to do that while the original TX is still present. Also the "RBF enabled" label on a block explorer might give users wrong ideas too.

[sangaman]

You can't RBF a funding transaction, as that would invalidate any commitment transaction. Or do you mean a spec proposal for a new re-negotiation/signing message?

Oops yeah my mistake, I'd overlooked that and oversimplified it. It looks like it would have to be some sort of spec change to renegotiate a pending channel which I think is well out of scope of this issue.

Still though, it seems like there is some undesirable behavior. The channel from my last post is still in pending status, but that was well over the 2016 blocks before a pending channel should timeout and I believe that means the remote peer has forgotten about the channel and it can never properly open. Ideally lnd would fail this pending channel itself after this delay, and if the tx hasn't even been broadcast yet it should jsut drop it entirely. Then a second channel opening attempt can be performed.

[ziggie1984]

Ok I analysed the situation regarding the startup issue and my analysis showed exactly 2 cases where we end up not starting because we could not broadcast the transaction (mempool-fee was not enough).

1. First situation is where we Force-Close a channel and the Force-Close Transaction is not broadcasted.
   

   lnd/contractcourt/channel_arbitrator.go

   Line 994 in bbbf7d3

   if err := c.cfg.PublishTx(closeTx, label); err != nil {

   .

So one downside of dropping this transaction is in an Anchor-Channel Case that we will not be able to FeeBump the transaction because the sweeper which sweeps the anchor (CPFP the Commitment) will fail with the missing input error so it might be good to keep failing the startup in this case because then by increasing the mempool we make sure that we can CPFP the Commitment? Wdyt? ⚠️

Another way would be:

The solution as @Roasbeef described would be to just include a case for the minrelay broadcast fail and proceed, but there is a small problem. We mark the Channel as StateCommitmentBroadcasted which is not quite right if we consider that the commitment was not broadcasted. So I think we should only mark the channel as StateCommitmentBroadcasted if the transaction successfully got placed in the mempool. Now problem is that we are not gonna rebroadcast the transaction as is, because we remove it and the User has to restart his node to trigger another retry. So I propose to keep the Channel in the state StateBroadcastCommit and maybe return the CommitmentTx in the lncli pendingchannels cmd to allow the user manually broadcast it again if he sees the mempool-minfee go down? Or maybe not remove it and keep rebroadcasting it, but then we should think of a way to hide the error because it would fill the logs and disturb the user ?

2. Second scenario is when we have the tweakless channel type (STATIC_REMOTE_KEY) and a timeout-htlc which we cannot broadcast because of the min-relayfee when restarting. Relevant codepart is here:
   

   lnd/contractcourt/utxonursery.go

   Line 291 in bbbf7d3

   if err := u.reloadClasses(uint32(bestHeight)); err != nil {

   
   which fails here:
   

   lnd/contractcourt/utxonursery.go

   Line 659 in bbbf7d3

   if err = u.graduateClass(classHeight); err != nil {

I think for the second case we should not remove the transaction but keep trying rebroadcasting it (but change the log level for the min-mempool-fee failure, or give the user the possibility to fetch the rawtx in case he wants to broadcast it via other transaction relayers where the purging fee is lower?

Happy to receive feedback in which direction we wanna go, if we have consensus I will code it.

I would do the following:

For case 1 where we are not able to broadcast the Commitment Transaction, still fail lnd to start to let the node-runner know that with the current mempool architecture his Commitment Transaction will not be able to confirm (because the anchor cannot bump a non-existent parent output (without package-relay)

For the second case I would lnd continue to startup successfully but rebroadcast the crib-transaction in a timely manner. Maybe change the log-level for the min-relay-fee not met error, to not spam the log with errors and give the user the possibility via an RPC command to fetch the rawTx for this Crib-Transaction?

[SunnySarahNode]

I have the same issue.

[ERR] CNCT: ChannelArbitrator(xxx:1): unable to broadcast close tx: unmatched backend error: -26: mempool min fee not met, 285 < 2232
[ERR] CNCT: ChannelArbitrator(xxx:1): unable to advance state: unmatched backend error: -26: mempool min fee not met, 285 < 2232
[INF] CNCT: ChainArbitrator shutting down
[ERR] LTND: Shutting down because error in main method: unable to start server: unmatched backend error: -26: mempool min fee not met, 285 < 2373

This is the force-close transaction, manually initiated by me ( lncli closechannel --force without any additional options like --conf_target or --sat_per_vbyte )

Upgrade to the latest version 0.16.3-beta.rc1 did not help.

Increasing maxmempool in bitcoin.conf like dannydeezy said (from default 300 to 3000) worked for me.

@dannydeezy thank you very much!

[ziggie1984]

@SunnySarahNode was this an anchor-channel ? If so I doubt there is a current fix to this issue because you can only bump the commitment-tx if it is in the mempool meaning that without you increasing your mempool you wouldn't be able to confirm your transaction anytime soon. Tho increasing the mempool and therefore being able to bump the transaction with your Anchor is imo a good approach.

[Roasbeef]

So to resolve this issue, we just need to make sure that on start up, we don't refuse to start if we get this error.

See this issue: #4616

This code block needs to be updated to catch this error: https://github.com/btcsuite/btcwallet/blob/50978fcf79f8100eb62c185606c66367cc03b03e/wallet/wallet.go#L3463

With this recent PR, transactions should always be above the min relay fee at the time of tx creation. It's possible that things drop below that value, but until wide spread package relay, there's really nothing we can do about that.

The choice is essentially to:

• Silently eat this error to ensure we can start up, but the users transaction is hung and won't confirm for some time.
• Block start up with the error, to force the user to increase their bitcoind settings to allow it to enter their mempool.

Note that even with the second option, the transaction won't propagate since nodes will send a feefilter message telling peers to not send them transactions below that fee rate value.

[Roasbeef]

@ziggie1984

so it might be good to keep failing the startup in this case because then by increasing the mempool we make sure that we can CPFP the Commitment? Wdy

Yeah tough choice, see my message above. Either way things are sort of hosed...we can choose to force user intervention or handle it in the background and pray to satoshi that things drop enough to let the tx enter the mempool of nodes with default policy.

. We mark the Channel as StateCommitmentBroadcasted which is not quite right if we consider that the commitment was not broadcasted. So I think we should only mark the channel as StateCommitmentBroadcasted if the transaction successfully got placed in the mempool. Now problem is that we are not gonna rebroadcast the transaction as is, because we remove it and the User has to restart his node to trigger another retry

The issue here is that we never really know if the transaction is "in the mempool" or not. Node policy is less uniform these days, and a big transaction spike can quickly cause the min relay fee to jump up.

y. So I propose to keep the Channel in the state StateBroadcastCommit and maybe return the CommitmentTx in the lncli pendingchannels cmd to allow the user manually broadcast it again if he sees the mempool-minfee go down?

I think it's a good idea to optionally allow RPC calls to print out the full hex of the broadcasted transaction so users can rebroacast on their own. Note that we'll now also rebroadcast ourselves, so if the min relay fee drops down, then things should propagate.

I think for the second case we should not remove the transaction but keep trying rebroadcasting it (but change the log level for the min-mempool-fee failure, or give the user the possibility to fetch the rawtx in case he wants to broadcast it via other transaction relayers where the purging fee is lower?

The way the rebroadcaster works, it'll keep going until things confirm or the sweeper removes it as a conflict is mined. So on start up, those should be broadcast again.

[Roasbeef]

I would do the following:

For case 1, if we do this, then I think we should have a clearer error message to force the user to action. So something like "consider raising your maxmempool value to xxx GB". This way they know what to do and we can just close any other incoming issues, saying "works as expected".

Maybe change the log-level for the min-relay-fee not met error, to not spam the log with errors and give the user the possibility via an RPC command to fetch the rawTx for this Crib-Transaction?

I'm on board with having the relevant RPCs also allow users to get the raw hex. We log it each time, but logs can be spammy at times on trace/debug, so it might be hard for users to find.

[sangaman]

• Block start up with the error, to force the user to increase their bitcoind settings to allow it to enter their mempool.

Note that even with the second option, the transaction won't propagate since nodes will send a feefilter message telling peers to not send them transactions below that fee rate value.

The way the rebroadcaster works, it'll keep going until things confirm or the sweeper removes it as a conflict is mined. So on start up, those should be broadcast again.

Should the sweeper remove channel open attempts that have not confirmed (and possibly not even been broadcasted successfully due to peers rejecting it for too low fee regardless of what our mempool settings are) after 1000 blocks? IIUC, that's the point at which peers will "forget" our channel open attempt if they haven't seen a confirmation on chain. It seems like we shouldn't try to rebroadcast or wait for confirmation of a channel opening transaction that is stale. It would be better to just discard the transaction and the pending channel, and free up the utxo(s) consumed by it to be able to try opening another channel (with a higher fee).

[guggero]

That could be an option after 2016 blocks, yes. Though just because a transaction isn't in the local mempool doesn't mean it will never confirm. So to be absolutely certain that a channel can be discarded, the inputs to the funding transaction need to be double spent and confirmed. Otherwise you lose access to the funds if the funding transaction confirms for whatever reason.

[sangaman]

That could be an option after 2016 blocks, yes. Though just because a transaction isn't in the local mempool doesn't mean it will never confirm. So to be absolutely certain that a channel can be discarded, the inputs to the funding transaction need to be double spent and confirmed. Otherwise you lose access to the funds if the funding transaction confirms for whatever reason.

That makes sense, although if we detect that it hasn't been broadcast successfully it should still be safe to discard right? That seems like it'd be like a less likely scenario with the change to ensure that the fee is above the min relay fee at the time of tx creation, though.

Double spending the broadcasted, but unconfirmed and possibly out of (most) mempools, transactions via lnd would be cool. To do something like this now, I figure you'd need to create and broadcast a transaction using the same utxo manually outside of lnd? And then once lnd detects the double spend, it would remove the pending channel and opening transaction?

[guggero]

Double spending the broadcasted, but unconfirmed and possibly out of (most) mempools, transactions via lnd would be cool. To do something like this now, I figure you'd need to create and broadcast a transaction using the same utxo manually outside of lnd? And then once lnd detects the double spend, it would remove the pending channel and opening transaction?

Correct. We recently added this to chantools, but it would be cool to have that option within lnd as well.

[sangaman]

Correct. We recently added this to chantools, but it would be cool to have that option within lnd as well.

Awesome, somehow I wasn't aware of this set of tools. Do you know if the removechannel would make sense in the case of a pending channel open for which the funding transaction was never broadcast? E.g. was never even accepted by the backing bitcoind node. It looks like it is, but it's not totally clear if the channel is removed or if lnd also knows to add the utxo(s) consumed by the funding transaction back to the wallet.

[guggero]

You can use lncli abandonchannel once you are certain that the funding transaction never can confirm.

for which the funding transaction was never broadcast

That shouldn't happen anymore with the recent change to force at least the mempool/relay fee rate.

but it's not totally clear if the channel is removed or if lnd also knows to add the utxo(s) consumed

I think that's another in-flight PR to detect double spends of channel funding inputs.