Exit quiescence when tx_init_rbf is rejected with Abort

jkczyz · claude · jkczyz · commit a1fc8627dbe6 · 2026-03-18T13:54:02.000-05:00
When tx_init_rbf is rejected with ChannelError::Abort (e.g.,
insufficient RBF feerate, negotiation in progress, feerate too high),
the error is converted to a tx_abort message but quiescence is never
exited and holding cells are never freed. This leaves the channel stuck
in a quiescent state.

Fix this by intercepting ChannelError::Abort before try_channel_entry!
in internal_tx_init_rbf, calling exit_quiescence on the channel, and
returning the error with exited_quiescence set so that handle_error
frees holding cells. Also make exit_quiescence available in non-test
builds by removing its cfg gate.

Update tests to use the proper RBF initiation flow (with tampered
feerates) so that handle_tx_abort correctly echoes the abort and exits
quiescence, rather than manually crafting tx_init_rbf messages that
leave node 0 without proper negotiation state.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
@@ -13851,8 +13851,6 @@ where
 		Some(msgs::Stfu { channel_id: self.context.channel_id, initiator })
 	}
 
-	#[cfg(any(test, fuzzing, feature = "_test_utils"))]
-	#[rustfmt::skip]
 	pub fn exit_quiescence(&mut self) -> bool {
 		// Make sure we either finished the quiescence handshake and are quiescent, or we never
 		// attempted to initiate quiescence at all.
diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
@@ -13118,6 +13118,15 @@ This indicates a bug inside LDK. Please report this error at https://github.com/
 						&self.fee_estimator,
 						&self.logger,
 					);
+					if let Err(ChannelError::Abort(_)) = &init_res {
+						funded_channel.exit_quiescence();
+						let chan_id = funded_channel.context.channel_id();
+						let res = MsgHandleErrInternal::from_chan_no_close(
+							init_res.unwrap_err(),
+							chan_id,
+						);
+						return Err(res.with_exited_quiescence(true));
+					}
 					let tx_ack_rbf_msg = try_channel_entry!(self, peer_state, init_res, chan_entry);
 					peer_state.pending_msg_events.push(MessageSendEvent::SendTxAckRbf {
 						node_id: *counterparty_node_id,
diff --git a/lightning/src/ln/splicing_tests.rs b/lightning/src/ln/splicing_tests.rs
@@ -4404,33 +4404,54 @@ fn test_splice_rbf_insufficient_feerate() {
 		.is_ok());
 
 	// Acceptor-side: tx_init_rbf with an insufficient feerate is also rejected.
-	reenter_quiescence(&nodes[0], &nodes[1], &channel_id);
+	// Node 0 initiates a proper RBF but we tamper the feerate to be insufficient.
+	provide_utxo_reserves(&nodes, 2, added_value * 2);
+	let _funding_contribution =
+		do_initiate_rbf_splice_in(&nodes[0], &nodes[1], channel_id, added_value, min_rbf_feerate);
 
-	let tx_init_rbf = msgs::TxInitRbf {
-		channel_id,
-		locktime: 0,
-		feerate_sat_per_1000_weight: FEERATE_FLOOR_SATS_PER_KW,
-		funding_output_contribution: Some(added_value.to_sat() as i64),
-	};
+	let stfu_0 = get_event_msg!(nodes[0], MessageSendEvent::SendStfu, node_id_1);
+	nodes[1].node.handle_stfu(node_id_0, &stfu_0);
+	let stfu_1 = get_event_msg!(nodes[1], MessageSendEvent::SendStfu, node_id_0);
+	nodes[0].node.handle_stfu(node_id_1, &stfu_1);
 
+	let mut tx_init_rbf = get_event_msg!(nodes[0], MessageSendEvent::SendTxInitRbf, node_id_1);
+	tx_init_rbf.feerate_sat_per_1000_weight = FEERATE_FLOOR_SATS_PER_KW;
 	nodes[1].node.handle_tx_init_rbf(node_id_0, &tx_init_rbf);
 
 	let tx_abort = get_event_msg!(nodes[1], MessageSendEvent::SendTxAbort, node_id_0);
 	assert_eq!(tx_abort.channel_id, channel_id);
 
+	// Node 0 echoes tx_abort and exits quiescence.
+	nodes[0].node.handle_tx_abort(node_id_1, &tx_abort);
+	let tx_abort_echo = get_event_msg!(nodes[0], MessageSendEvent::SendTxAbort, node_id_1);
+
+	let events = nodes[0].node.get_and_clear_pending_events();
+	assert_eq!(events.len(), 2);
+	assert!(
+		matches!(&events[0], Event::SpliceFailed { channel_id: cid, .. } if *cid == channel_id)
+	);
+	assert!(
+		matches!(&events[1], Event::DiscardFunding { channel_id: cid, .. } if *cid == channel_id)
+	);
+
+	// Node 1 handles the echo (no-op since it already aborted).
+	nodes[1].node.handle_tx_abort(node_id_0, &tx_abort_echo);
+
 	// Acceptor-side: a counterparty feerate that satisfies the spec's 25/24 rule (264) is
 	// accepted, even though our own RBF floor (+25 sat/kwu = 278) is higher.
-	// After tx_abort the channel remains quiescent, so no need to re-enter quiescence.
-	nodes[0].node.handle_tx_abort(node_id_1, &tx_abort);
+	// Node 0 initiates another proper RBF but we tamper the feerate to the 25/24 value.
+	provide_utxo_reserves(&nodes, 2, added_value * 2);
+	let _funding_contribution =
+		do_initiate_rbf_splice_in(&nodes[0], &nodes[1], channel_id, added_value, min_rbf_feerate);
 
-	let rbf_feerate_25_24 = ((FEERATE_FLOOR_SATS_PER_KW as u64) * 25).div_ceil(24) as u32;
-	let tx_init_rbf = msgs::TxInitRbf {
-		channel_id,
-		locktime: 0,
-		feerate_sat_per_1000_weight: rbf_feerate_25_24,
-		funding_output_contribution: Some(added_value.to_sat() as i64),
-	};
+	let stfu_0 = get_event_msg!(nodes[0], MessageSendEvent::SendStfu, node_id_1);
+	nodes[1].node.handle_stfu(node_id_0, &stfu_0);
+	let stfu_1 = get_event_msg!(nodes[1], MessageSendEvent::SendStfu, node_id_0);
+	nodes[0].node.handle_stfu(node_id_1, &stfu_1);
 
+	let mut tx_init_rbf = get_event_msg!(nodes[0], MessageSendEvent::SendTxInitRbf, node_id_1);
+	let rbf_feerate_25_24 = ((FEERATE_FLOOR_SATS_PER_KW as u64) * 25).div_ceil(24) as u32;
+	tx_init_rbf.feerate_sat_per_1000_weight = rbf_feerate_25_24;
 	nodes[1].node.handle_tx_init_rbf(node_id_0, &tx_init_rbf);
 	let _tx_ack_rbf = get_event_msg!(nodes[1], MessageSendEvent::SendTxAckRbf, node_id_0);
 }
@@ -5118,10 +5139,25 @@ fn test_splice_rbf_tiebreak_feerate_too_high_rejected() {
 	assert_eq!(tx_init_rbf.feerate_sat_per_1000_weight, high_feerate.to_sat_per_kwu() as u32);
 
 	// Node 1 handles tx_init_rbf — TooHigh: target (100k) >> max (3k) and fair fee > budget.
+	// Node 1 exits quiescence upon rejecting with tx_abort, and since it has a pending
+	// QuiescentAction (from its own splice RBF attempt), it immediately re-proposes quiescence.
 	nodes[1].node.handle_tx_init_rbf(node_id_0, &tx_init_rbf);
 
-	let tx_abort = get_event_msg!(nodes[1], MessageSendEvent::SendTxAbort, node_id_0);
-	assert_eq!(tx_abort.channel_id, channel_id);
+	let msg_events = nodes[1].node.get_and_clear_pending_msg_events();
+	assert_eq!(msg_events.len(), 2);
+	match &msg_events[0] {
+		MessageSendEvent::SendTxAbort { node_id, msg } => {
+			assert_eq!(*node_id, node_id_0);
+			assert_eq!(msg.channel_id, channel_id);
+		},
+		_ => panic!("Expected SendTxAbort, got {:?}", msg_events[0]),
+	};
+	match &msg_events[1] {
+		MessageSendEvent::SendStfu { node_id, .. } => {
+			assert_eq!(*node_id, node_id_0);
+		},
+		_ => panic!("Expected SendStfu, got {:?}", msg_events[1]),
+	};
 }
 
 #[test]

Original file line number	Diff line number	Diff line change
`@@ -13851,8 +13851,6 @@ where`
`13851`	`13851`	`Some(msgs::Stfu { channel_id: self.context.channel_id, initiator })`
`13852`	`13852`	`}`
`13853`	`13853`
`13854`		`- #[cfg(any(test, fuzzing, feature = "_test_utils"))]`
`13855`		`- #[rustfmt::skip]`
`13856`	`13854`	`pub fn exit_quiescence(&mut self) -> bool {`
`13857`	`13855`	`// Make sure we either finished the quiescence handshake and are quiescent, or we never`
`13858`	`13856`	`// attempted to initiate quiescence at all.`