So, apparently, this is not a sys-firewall, but a clocksync issue. To root out any causes, I moved the clocksync service to a separate, brand new qube (named sys-clock). And voila: sys-firewall no longer 'crashes' on resume from suspend, now it's sys-clock.

The cause is probably somewhere in some logfile, but with the many moving parts, Qubes really needs a better bugfixing howto. With relatively many minor bugs like this, bugfixing takes too much time. I don't mind spending some time fixing bugs, but lately it is really becoming too much, to the extend that I am considering switching back to an easier regular Linux distro. I have been a paid Linux sysadmin, no total expert, but that is also not a requirement to use Qubes. I should be able to diagnose bugs on my own laptop (and contribute to the project by properly reporting them).

On 5/28/22 01:15, qtpie wrote:

I have a really annoying issue with resume from suspend. On resume, sys-firewall is crashed/freezed/unresponsive. So on every resume from suspend, I need to kill and restart this VM if I want to use networking. Other qubes are fine, except that sys-whonix also freezes, but this is because it can't get a network connection to sys-firewall.

The VM is based on the default debian 11 template without any special modifications. It has worked fine this way for years. Qubes is the latest version. Kernel used 4.10.112.

- High reported ram/cpu use, cpu hovering around 10-20%
- vm terminal: shows a blank window, no input/output shown
- xen console in dom0: no output
- does not pass networktraffic from connected VM's
- stopped connected VM's can't start because of failed vif (network connection) creation. - sometimes, after a shorter suspend, the VM still works, or it does pass networktraffic while the vm still can't open a terminal window.

I've tried:
- checking both before and after suspend the VM console and syslog, dom0 journal, dmesg, xen logs. It doesn't show any relevant error as far as I can tell.
- creating a fresh sys-firewall VM. No change.
- switching the VM to a fedora 35 template, fully upgraded. No change
- checking possibly related issues on qubes github. But those are all either fixed with updates, or about VM's with PCI devices connected, which this VM doesn't.

What is this problem? Why does it only occur with sys-firewall VM? Which logs to doublecheck? Any suggestions welcome.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To view this discussion on the web visit

Reply via email to