04:31:25 not sure if it's a bug, but i've noticed if i have an iov virtual function, e.g., iavf1, to a jail, and i restart the jail, sometimes the virtual function isn't ready when the jail tries to start and so it fails. bug worthy? 04:44:13 markmcb: i'm guessing it's due to other jail lifetime issues 04:44:55 iirc all of 13.x is affected, where a jail will stay alive for some seemingly random (but not actually) period of time after it's killed 04:45:44 ah, good to know. sounds like there's no need to report it then. thanks! 04:46:02 maybe- but, there is a way to know 04:46:17 one second 04:47:13 I think the problem I'm thinking of 04:47:46 bah, sorry. was fixed in https://cgit.freebsd.org/src/commit/?id=5fd1a67e885e834cda8f1d122e9b0f9d47977e54. If you can try a -CURRENT snapshot after late April, that should tell you whether it's worth reporting or not 04:48:19 just so that you're not taking my word for it, you can observe if it's both the same problem and fixed in upcoming versions 05:03:34 markmcb: ^ even 05:06:30 thanks. i'll check it out 06:40:22 kevans: why isn't that an MFC candidate? 06:58:52 I have a broken disk (da0) in a zraid2 pool (with no free slots), am I correct to use: 1) zpool offline zroot da0p3 2) remove da0 disk / insert new disk at the same place 3) gpart backup da1|gpart restore -F da0p3 4) zpool online zroot da0p3 07:12:51 mage you also need zpool replace after online. 07:13:29 ok :) and couldn't I use detach/attach rather than offline/online/replace? 07:14:38 for mirror, you can detach and attach instead - if you are replacing in the same disk slot, that can make sense. 07:14:57 something like: 1) zpool detach zroot da0p3 2) remove da0 disk / insert new disk at the same place 3) gpart backup da1|gpart restore -F da0 4) zpool attach zroot da0p3 07:15:41 if you have free slots, I would attach new disk first, when resilver is complete, detach old one. 07:16:00 I don't have free slots unfortunately 07:16:51 yes, in that case, you have to do disk swap. 07:16:51 (it's a dell r340 with a HBA330 and 4x3,5 disks) 07:17:21 and what would be the difference between offline/online and detach/attach? 07:17:53 offline does not change pool configuration, detach does. 07:18:19 ok, so in my case offline/online is better 07:18:24 thanks :) 07:18:42 in your case, actually, it doe not really make much difference:) 07:19:13 both methods do work. 07:19:27 do you have spare? 07:21:19 with 2-way mirror the obvious risk is about good disk going bad while resilvering (or discovery of checksum errors/bad blocks). 07:22:34 zpool scrub before replace may be good idea if the broken disk is not dead or blocking the IO 07:25:23 tsoome: no I don't have space, it's a raidz2 over 4 disks 07:26:00 it is not dead but I have a bunch of: 07:26:01 (da0:mrsas0:1:0:0): READ(10). CDB: 28 00 33 9f ac 48 00 00 f0 00 07:26:01 (da0:mrsas0:1:0:0): CAM status: SCSI Status Error 07:26:01 (da0:mrsas0:1:0:0): SCSI status: OK 07:26:23 with some CKSUM: da0p3 ONLINE 0 0 30 07:30:18 ou, you do not have mirror, but raidz? 07:30:26 yes 07:30:44 with raidz, you only can use zpool offline, no detach for raidz 07:31:10 ah.. ok! 07:31:42 this is because detach will change pool layout, but we can not do that with raidz 07:32:08 sigh. disk replacement at home in raidz1 is waiting for me also. good that you reminded me. 07:33:52 anyhow, since you do have raidz2 (2 parity), scrub before replacing the disk is not that critical. 08:18:37 i, I am trying to build latest opensmtpd 7.3.0p0 with libressl 3.7.3. I have build it with -g3 -O0. Package is build ok but smtpd crashes. I need core dump but for some reason is not created. What could be wrong? When I try run simple C test program dereferencing null pointer core dump is created. Thanks 08:19:26 is the binary installed setuid? 08:21:01 RhodiumToad, no, it's not -> -r-xr-xr-x 1 root wheel 568080 Jun 19 19:59 /usr/local/sbin/smtpd 08:21:33 is it started under a resource limit that disables cores, or does it use setrlimit itself to disable them? 08:22:18 or perhaps it is running in a directory that it doesn't have permission to write to? 08:22:39 that last one can be worked around by setting kern.corefile to an absolute path 08:24:16 RhodiumToad, it's started under jail so it's possible there are some limits ..... i have run it by hand from /root so core dump should be there 08:25:30 RhodiumToad, kern.corefile: %N.core 08:26:25 that means the core dump is named progname.core in whatever dir is current for the process at the time it dies 08:26:43 (which might not be the current dir it's started from) 08:27:15 unless you change kern.corefile setting to a predictable location 08:27:27 ah, RhodiumToad already mentioned. sorry. 08:27:32 you could for example do sysctl kern.corefile="/var/tmp/%N.%P.core" 08:30:37 thanks, I try it 08:32:53 but dmesg show > pid 31929 (smtpd), jid 102, uid 257: exited on signal 11 .....and for test -> pid 91544 (test), jid 102, uid 0: exited on signal 11 (core dumped) 08:35:09 did you check whether smtpd is itself calling setrlimit() to disable cores? 08:35:56 and if so, whether it has some runtime or compile-time option to have it not do that 08:38:30 i have ktrace it and in kdump is no mention about setrlimit 08:41:13 is there any chdir in the kdump? 08:47:09 no, it's not .. my another try was -> lldb -o run -- /usr/local/sbin/smtpd -dv -f /usr/local/etc/mail/smtpd.conf ... but nothing useful is displayed when it crashes 08:48:14 what actually is displayed and can you get a backtrace? 08:48:52 oh, your message said uid 257 not uid 0, so something called setuid() ? 08:51:46 any successful call to set*uid etc. will set the SUGID flag, disabling coredumps unless sysctl kern.sugid_coredump=1 has been set 08:52:08 (which is a fairly major security hazard, so don't leave it enabled) 09:08:42 backtrace is what i want but i need coredump before ...smtpd in lldb crashes and 'bt' says anything about no process running 09:09:26 RhodiumToad, i will test sysctl kern.sugid_coredump=1 .....and we will see 09:10:03 remember that the location of the core file is still controlled by sysctl kern.corefile 09:10:11 btw there is no setuid call in kdump 09:10:26 might be seteuid, setreuid, setresuid, etc. 09:12:43 i searched for uid .....and there was many struct stat { ... uid=0 ... } and a few geteuid 09:13:18 well somehow it got to be uid 257 rather than 0 09:14:58 I also notice this: 09:15:00 _smtpd:*:257:257::0:0:OpenSMTPD:/var/empty:/usr/sbin/nologin 09:15:02 RhodiumToad: can you explain why kern.sugid_coredump=1 is a security hazard? 09:15:39 note that /var/empty is a directory which has its immutable flag set, so not even root can put files there 09:16:01 meena: it allows data read by root to be written to a file owned and readable by non-root 09:19:09 *nod* 09:20:49 the SUGID flag basically indicates whether the current process image may contain data belonging to more than one user/group, or belonging to some user/group other than the one that would own the core file 09:21:15 it's cleared by an exec() of a non-setuid/setgid program, since that replaces the image 09:21:48 it's set by exec() of a setuid/setgid program or by any successful change of credentials 09:24:35 RhodiumToad, running user is compile time option -> ./configure --with-user-smtpd=_smtpd --with-user-queue=_smtpq --with-group-queue=_smtpq ....so somehow it changes uid, you are right 09:25:33 i will try sysctl kern.sugid_coredump=1 and sysctl kern.corefile="/tmp/%N.core" 09:28:27 RhodiumToad, but interesting fact is I have opensmtpd 7.3.0 working builded with openssl base, openssl30 from ports too,...but with libressl not 09:30:33 * RhodiumToad not an expert on libressl 12:37:18 so my buildworld, run with /usr/bin/time -h make buildworld came out to 1d5H21m53 Real, 1d4H13m User and 56m49 Sys. du -s shows 16938560 or 16G. Good times. it finally finished overnight 13:39:56 hey folks, how can i enable permissions to write to a mounted disk drive? i am trying to install a bootloader into it with extlinux64, but a mounted drive cannot be written to via raw-device 13:41:43 as root ? you can shoot yourself in the foot with kern.geom.debugflags=16 and assuming vfs.zfs.debugflags= does the same thing but haven't used it 13:44:41 i am root, that is why i am asking 13:45:30 if i do `echo 1 >>/dev/da0` or `echo 1 >>dev/da0s1` on a disk that is mounted in /mnt i get 'Permission Denied' 13:46:32 sysctl kern.geom.debugflags=16 and try again 13:46:52 keep in mind you are turning restriction and checks nearly completely off 13:47:16 i understand, i just need this for 1 usb drive 13:47:48 think thats why that was there in the first place 13:48:03 sidecases need a little extra help 13:48:42 still nothing 13:49:09 you very well may just need to unmount it first 13:49:57 nope 13:51:18 could it have anything to do with the filesystem being msdosfs with FAT32 ? 13:53:01 no it shouldn't 13:53:31 if its a usb disk could there be a switch on the side to make it read-only ? 13:54:28 if anything you should be able to also boot into single user mode attach the device and write to it there too 13:56:04 there is but i switched it off already, its an SD card attached via USB adapter. Its not read only because i can write files to it, i can also write to it IF its unmounted 13:56:49 but i need to run a script from within the usbdrive where i extracted a debian-slax distro and have it properly install its bootloader into the device 13:57:17 which requires the drive to be mounted AND writable via raw-device 13:57:34 maybe some mount flags ? 13:58:28 that im unsure of. why not just copy the contents off the disk to a obj directory and then unmount the device so you can worth with the raw dev ? 14:00:55 s/worth/work 14:16:25 because it uses extlinux64 and that needs a directory path 14:21:27 could be also be because i made the layout with gpart instead of fdisk? 14:23:13 kern.geom.disk.da0.flags: aa 14:23:27 maybe i could do soemthing with these flags? 14:24:57 that im unsure of. they could follow the kern.geom.debugflags=16 14:26:25 alright, gonna try in single user mode 14:26:35 ++ 15:18:22 didnt work 15:18:36 same errors, fbsd just wont allow me to do this 15:19:01 i suppose there isnt a super-root kind of mode 15:31:23 meena: I don't know, maybe it is 15:31:49 not explicitly mentioning it doesn't mean it can't/won't happen, just that the author didn't mention it 15:32:23 you'd have to ask him if there's some kbi implication in that stack that might prevent it 15:34:28 is it possible to write to a raw disk while it is mounted 15:41:35 gzar: how are testing that you can write? 15:41:46 that 'echo >>' does not seem to be a valid test 15:42:06 mounting it an writing to it works fine 15:42:17 i can do a dd if=/dev/zero of=/dev/da0 as well 15:42:24 if its unmounted of course 15:44:32 whats the proper way to start dbus? i have `dbus_enable="YES"` in /etc/rc.conf and i see dbus pids running on background, but without DBUS env vars stuff available and some programs returns errors like "no connection to bus" 15:44:57 also, i have /var/lib/dbus/machine-id available 16:16:06 service dbus start 16:28:40 cpet: returns "dbus already running? (pid=963)." 16:29:06 kevans: I'm always surprised to re-realise that TV project has no head / hat of MFC 16:50:48 solved dbus issue starting X with dbus-run-session on xinitrc 17:17:48 I am having problems booting FreeBSD in a VM (actually I'm trying to boot from OPNsense .iso) normally it works, but in a definite environment (the one I need, of course) it bombs with a very suspicious: "Timecounter "TSC" frequency 0 Hz quality 800" followed by "kernel trap 18 with interrupts disabled" What can I check? (note I'm *not* a *BSD expert, but I can do *nix) 17:18:57 mcon: what hypervisor? also "kernel trap 18" doesn't say much, may be provide a screenshot of the panic? 17:20:32 Underlying is qemu, but I'm using it through LXD. I can provide the full log. Just a moment... 17:24:28 yuripv: Full log (including useless blank lines) is at https://bpa.st/75WGK 17:24:30 Title: View paste 75WGK 17:29:21 yuripv: my guess is kernel is trying to compute something using "TSC" (whatever it is) and bombs because it doesn't expect a zero there. Why the Timecounter is zero is beyond my depth. 17:39:41 yuripv: note: I'm still at debug prompt, so I *could* (if directed) try t to dig some more info 18:33:11 mcon: which FreeBSD kernel is that? what platform is it running on? 18:33:26 ah 13.1 18:34:10 mcon: at bug should be fixed in 13.2 18:36:55 mcon: https://github.com/freebsd/freebsd-src/pull/664 / https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269767 18:36:56 Title: apic: prevent divide by zero in CPU frequency init by igalic · Pull Request #664 · freebsd/freebsd-src · GitHub 18:40:38 meena: I have two problems now: 1) convince OPNsense guys to upgrade to 13.2+ 2) understand why Timecount is zero in exactly the setup I need ;( 18:42:10 is there still no way to boot a native zfs encrypted freebsd root? I thought I read about 13.2 having added functionality built into loader or perhaps there was just a round-about way to get it working? I was hoping to install FreeBSD14 on the same encrypted zpool as linux is using but I cant find any info about what needs to be done to boot it anymore 18:42:33 did i mistake a dream for reality again? 18:43:48 mcon: what platform are you running on? 18:45:21 Also, 13.1 will be EoL soon. 18:51:15 meena: i don't really understand what you mean 18:51:37 i don't know what TV project you're referring to to start with 18:52:03 * meena scrolls back to see what she wrote 18:52:56 s/TV/the/ 18:53:18 and head/hat of MFC? that's a really individual thing to decide 18:53:27 there's not really going to be one person qualified to say what can be MFC'd 18:53:52 but a lot of things are said to be MFCs and then forgotten 18:53:54 not without wasting way too much of their tim 18:53:55 time 18:54:17 we have tooling that's supposed to help there, sometimes it falls through the cracks anyways 18:54:35 we get an e-mail after the MFC period ends if we mark it, for instance 18:55:11 sometimes you get busy, sometimes you realize it's not feasible, sometimes you decide it's not a good idea or needs more bake time 18:56:06 aye 19:42:28 meena: I am running LXD under Linux (Debian Bookworm, if it matters) and I'm trying to run OPNsense (FreeBSD based) in a qemu VM; host is a rather small intel x86_64... admittedly not the cleanest situation. 19:46:38 mcon: so you're hitting exactly the same bug i did, and fixed 19:47:59 mcon: if you can change LXD's default profile to not be Q35, you might succeed 19:49:45 mcon: note that you won't be able to benefit from running under LXD, because https://github.com/lxc/lxd/pull/11761 and https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271793 19:49:46 Title: Make LXD-Agent run on FreeBSD by igalic · Pull Request #11761 · lxc/lxd · GitHub 19:49:57 I'm working on those, but not there yet 19:59:18 mcon: i had a weird old system which picked the wrong time counter, that system ticked so fast ntp couldn't keep it on time 20:08:28 meena: Thanks. If I get you right this means OPNsense will not work right under LXD even if I move to 13.2+ and until you finish implementing virtio-vsock, right? I fear this means I will have to drop OPNsense, at least for the time being :( 20:26:02 mcon: no, it'll run, poorly, until you devmatch_blocklist="virtio_random.ko". but you won't be able to lxc console into it, and lxd won't know what's going on inside 20:26:11 you'll still be able to use ssh 20:34:54 meena: I found this: https://discuss.linuxcontainers.org/t/run-freebsd-13-1-opnsense-22-7-pfsense-2-7-0-and-newer-under-lxd-vm/15799 Do you think it's relevant? 20:34:56 Title: Run FreeBSD 13.1 / OPNsense 22.7 / pfSense 2.7.0 (and newer?) under LXD VM - Tutorials - Linux Containers Forum 21:11:06 mcon: you can try it, but that doesn't disable Q35, which I secretly suspect to be at fault here 21:12:54 meena: Thanks, I'll try it tomorrow. I'll report my findings. (BTW: what is "Q35"?) 21:13:09 A Transistor? 21:13:20 A Car? 21:29:34 Intel chipset? :-D 21:31:32 Part number for the ashtray in a '73 Pinto? 21:45:45 I am still looking for a replacement center brake light lens to replace the broken one in my old Ford. 21:45:57 lol 21:46:06 Red tape 21:46:16 But Q35 is an Intel chipset. Two references, both less than useful: https://en.wikipedia.org/wiki/List_of_Intel_chipsets and https://wiki.qemu.org/Features/Q35 21:46:17 Title: List of Intel chipsets - Wikipedia 21:46:44 Yeah. I guess I never had a board with that chipset. 21:47:04 Was X58 X79 etc. 21:47:29 Hail broke it out a while back. It has two lamps beind it. I removed one so there would be no white showing. It's acceptable with one lamp but no redundancy. 21:47:49 Q35 is a qemu profile, named after the above Intel chipset. it's essentially "modern" virtio 21:48:40 From the QEMU Q35 page: "Add emulation of the ICH9 host chipset as an alternative to the current I440FX emulation. This will allow for better support of PCI-E passthrough since ICH9 uses a PCI-E bus whereas the I440FX only supports a PCI bus." 21:50:09 What's the PCI bus bandwidth? IIRC it was 32-bits at 32MHz?? Who would ever need more bandwidth? :-) 21:50:56 weirdly, some people started demanding their virtual machines to be fast