Control: severity -1 normal

On 28 May 2017 at 00:54, Harlan Lieberman-Berg
<h.liebermanb...@gmail.com> wrote:
>
> Bizarrely, the quite simple "workstation" example causes the language picker 
> in
> gdm3 to disappear and the default layout to switch back to qwerty.  As far as 
> I
> can tell this doesn't happen on the next boot, but rather a couple of boots
> later.
>
> Disabling the nftables ruleset and rebooting fixes the problem completely.
>
> I'm not sure whether this is an nftables bug or a gdm bug, but I'm putting it
> here as similar iptables rules don't cause this behavior.
>

Hi,

I've been using this example ruleset for years now, with no issues.
The example ruleset isn't buggy. Generally, if a machine is
misbehaving after loading a firewall ruleset, it usually means that
the ruleset policy is wrong for your environment/configuration. This
is highly possible, and that's why the file is just an example: you
will probably need to tune the ruleset or the rest of the
configuration of your machine.

Regarding the 'uninterruptable sleep', the nft command line interface
tool (what the nftables package contains) is by no means intended to
interfere with kernel ability to send signals to other running process
(i.e. to interrupt others processes). No code is included in this
package. How could a bug in the nftables CLI tool led to chrome to
hang?

So your problem is likely in another place. Probably the kernel. Did
you check 'dmesg' after the issue happens? Perhaps you are hitting an
oops related to the network stack. The strace you attached shows that
nftables hangs when trying to talk to the netlink subsystem.

A nfnetlink/nf_tables kernel bug is indeed more likely, but then this
bug belongs to the linux package.

To summarise, this is my opinion on the possibilities of this bugs:
* configuration issue in your machine
* linux kernel bug

I'm Lowering the severity right now because of this.

Reply via email to