retitle 863518 nftables: "workstation" example causes unkillable
application hangs
severity 863518 grave
submitter !
thanks
Dear Maintainer,
It seems the problem is more serious than I thought. Certain
applications -- chromium/google-chrome, nft itself -- can no longer
function with this ruleset in place. Running `nft flush ruleset`, for
example, hangs forever in uninterruptable sleep. An strace is
attached.
The only way I've found to fix the problem is to remove the
/etc/nftables.conf and reboot.
(Sorry for breaking the threading; accidentally sent the mail with a
bad reportbug conf.)
Sincerely,
--
Harlan Lieberman-Berg
~hlieberman
agartha 福 ~
10012 ◯ : sudo strace -fff nft flush ruleset ⏎
execve("/usr/sbin/nft", ["nft", "flush", "ruleset"], [/* 23 vars */]) = 0
brk(NULL) = 0x55599d8c5000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f6ee430a000
access("/etc/ld.so.preload", R_OK) = 0
open("/etc/ld.so.preload", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
close(3) = 0
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=210070, ...}) = 0
mmap(NULL, 210070, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f6ee42d6000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libmnl.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\33\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=26616, ...}) = 0
mmap(NULL, 2121744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6ee3ee3000
mprotect(0x7f6ee3ee8000, 2097152, PROT_NONE) = 0
mmap(0x7f6ee40e8000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0x7f6ee40e8000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libnftnl.so.4", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\257\0\0\0\0\0\0"..., 832) =
832
fstat(3, {st_mode=S_IFREG|0644, st_size=201728, ...}) = 0
mmap(NULL, 2296856, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6ee3cb2000
mprotect(0x7f6ee3ce1000, 2097152, PROT_NONE) = 0
mmap(0x7f6ee3ee1000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2f000) = 0x7f6ee3ee1000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libxtables.so.12", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\2401\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=51120, ...}) = 0
mmap(NULL, 2148184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6ee3aa5000
mprotect(0x7f6ee3ab1000, 2093056, PROT_NONE) = 0
mmap(0x7f6ee3cb0000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb000) = 0x7f6ee3cb0000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libreadline.so.7", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200f\1\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=309168, ...}) = 0
mmap(NULL, 2409704, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6ee3858000
mprotect(0x7f6ee389c000, 2093056, PROT_NONE) = 0
mmap(0x7f6ee3a9b000, 32768, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x43000) = 0x7f6ee3a9b000
mmap(0x7f6ee3aa3000, 5352, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f6ee3aa3000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libgmp.so.10", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\305\0\0\0\0\0\0"..., 832) =
832
fstat(3, {st_mode=S_IFREG|0644, st_size=537448, ...}) = 0
mmap(NULL, 2632576, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6ee35d5000
mprotect(0x7f6ee3656000, 2097152, PROT_NONE) = 0
mmap(0x7f6ee3856000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x81000) = 0x7f6ee3856000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\3\2\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1685264, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f6ee42d4000
mmap(NULL, 3791264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6ee3237000
mprotect(0x7f6ee33cc000, 2093056, PROT_NONE) = 0
mmap(0x7f6ee35cb000, 24576, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x194000) = 0x7f6ee35cb000
mmap(0x7f6ee35d1000, 14752, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f6ee35d1000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/usr/lib/x86_64-linux-gnu/libjansson.so.4", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320!\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=51872, ...}) = 0
mmap(NULL, 2146944, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6ee302a000
mprotect(0x7f6ee3036000, 2093056, PROT_NONE) = 0
mmap(0x7f6ee3235000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb000) = 0x7f6ee3235000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\r\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14640, ...}) = 0
mmap(NULL, 2109680, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6ee2e26000
mprotect(0x7f6ee2e29000, 2093056, PROT_NONE) = 0
mmap(0x7f6ee3028000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f6ee3028000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libtinfo.so.5", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\260\315\0\0\0\0\0\0"..., 832) =
832
fstat(3, {st_mode=S_IFREG|0644, st_size=170776, ...}) = 0
mmap(NULL, 2267936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x7f6ee2bfc000
mprotect(0x7f6ee2c21000, 2097152, PROT_NONE) = 0
mmap(0x7f6ee2e21000, 20480, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25000) = 0x7f6ee2e21000
close(3) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7f6ee42d2000
arch_prctl(ARCH_SET_FS, 0x7f6ee42d2fc0) = 0
mprotect(0x7f6ee35cb000, 16384, PROT_READ) = 0
mprotect(0x7f6ee2e21000, 16384, PROT_READ) = 0
mprotect(0x7f6ee3028000, 4096, PROT_READ) = 0
mprotect(0x7f6ee3235000, 4096, PROT_READ) = 0
mprotect(0x7f6ee3856000, 4096, PROT_READ) = 0
mprotect(0x7f6ee3a9b000, 8192, PROT_READ) = 0
mprotect(0x7f6ee3cb0000, 4096, PROT_READ) = 0
mprotect(0x7f6ee40e8000, 4096, PROT_READ) = 0
mprotect(0x7f6ee3ee1000, 4096, PROT_READ) = 0
mprotect(0x55599c25b000, 49152, PROT_READ) = 0
mprotect(0x7f6ee430d000, 4096, PROT_READ) = 0
munmap(0x7f6ee42d6000, 210070) = 0
brk(NULL) = 0x55599d8c5000
brk(0x55599d8e6000) = 0x55599d8e6000
open("/etc/iproute2/rt_marks", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/iproute2/rt_realms", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=112, ...}) = 0
read(3, "#\n# reserved values\n#\n0\tcosmos\n#"..., 4096) = 112
read(3, "", 4096) = 0
close(3) = 0
open("/etc/iproute2/group", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=31, ...}) = 0
read(3, "# device group names\n0\tdefault\n", 4096) = 31
read(3, "", 4096) = 0
close(3) = 0
open("/etc/iproute2/rt_realms", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=112, ...}) = 0
read(3, "#\n# reserved values\n#\n0\tcosmos\n#"..., 4096) = 112
read(3, "", 4096) = 0
close(3) = 0
open("/etc/connlabel.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER) = 3
fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
sendto(3, {{len=20, type=0xa10 /* NLMSG_??? */, flags=NLM_F_REQUEST, seq=0,
pid=0}, "\0\0\0\0"}, 20, 0, {sa_family=AF_NETLINK, nl_pid=0,
nl_groups=00000000}, 12
