I/O error on mounting encrypt fs after upgrading

[xofyarg]

System information

Type	Version/Name
Distribution Name	debian
Distribution Version	buster, bookworm
Kernel Version	upgrade from 5.10 to 5.18
Architecture	amd64
OpenZFS Version	upgrade from 2.0.1 to 2.1.5

Describe the problem you're observing

After upgrading zfs software, without upgrading the pool, trying to mount a encrypted fs gives an I/O error. Downgrade zfs and do a scrub fixed the error. Not sure if this is expected and users are supposed to upgrade the pool first.

# zpool import tank
# zpool status
  pool: tank
 state: ONLINE
status: Some supported and requested features are not enabled on the pool.
	The pool can still be used, but some features are unavailable.
action: Enable all features using 'zpool upgrade'. Once this is done,
	the pool may no longer be accessible by software that does not support
	the features. See zpool-features(7) for details.
...
errors: No known data errors

# zfs load-key tank/backup
Enter passphrase for 'tank/backup':

# zfs mount tank/backup/root
cannot mount 'tank/backup/root': Input/output error


# zpool status -v
  pool: tank
 state: ONLINE
status: One or more devices has experienced an error resulting in data
	corruption.  Applications may be affected.
action: Restore the file in question if possible.  Otherwise restore the
	entire pool from backup.
   see: https://openzfs.github.io/openzfs-docs/msg/ZFS-8000-8A
...
errors: Permanent errors have been detected in the following files:

        tank/backup/root:<0x0>

[rincebrain]

Going forward should only require explicitly enabling new things in order to use existing functionality in the event of show-stopping bugs, AFAIK, and none of those should really apply here.

I'm not quite sure what you'd be hitting here - there have been a few fixes to encryption bugs since 2.0.1, but none of them should (AFAIK) reduce the number of things that can be unlocked, and I suspect the existing issue is still there if you go back to 2.1.5, the error just got removed from the log because it was a decryption error and scrub won't find those. (You could confirm it's a decryption error by looking in /proc/spl/kstat/kcf/NONAME_provider_stats after attempting it, I believe...)

I'd be curious, if you do go back to 2.1.5 and it goes boom again, whether you could try doing echo 1 | sudo tee /sys/module/zfs/parameters/zfs_flags, attempt the mount again, and then look in /proc/spl/kstat/zfs/dbgmsg and see what the last dozen or two entries are. (And if none of those are new with the unlock attempt or relevant, you could try echo 512 | ..., but that's way more loquacious.)

[xofyarg]

Going forward should only require explicitly enabling new things in order to use existing functionality in the event of show-stopping bugs, AFAIK, and none of those should really apply here.

Agreed. The new feature doesn't seem to be correlated:

# zpool upgrade
...
POOL  FEATURE
---------------
tank
      draid

Here is output from the commands you showed above, some duplicated entries were trimmed from verbose dbgmsg. Let me know if you need more.

# echo 1 > /sys/module/zfs/parameters/zfs_flags

# zfs mount -o ro tank/backup/root
cannot mount 'tank/backup/root': Input/output error

# cat /proc/spl/kstat/kcf/NONAME_provider_stats
2 1 0x01 4 1088 28793720433 353409269345
name                            type data
kcf_ops_total                   4    10
kcf_ops_passed                  4    10
kcf_ops_failed                  4    0
kcf_ops_returned_busy           4    0

# tail /proc/spl/kstat/zfs/dbgmsg
...
1659254370   spa_history.c:294:spa_history_log_sync(): command: zpool import tank
1659254519   spa_history.c:330:spa_history_log_sync(): ioctl load-key
1659254519   spa_history.c:294:spa_history_log_sync(): command: zfs load-key tank/backup

# echo 1 > /sys/module/zfs/parameters/zfs_flags
# zfs mount -o ro tank/backup/root
cannot mount 'tank/backup/root': Input/output error

# cat /proc/spl/kstat/zfs/dbgmsg
...
1659254703   zap.c:769:fzap_checksize(): error 22
1659254706   zap_leaf.c:508:zap_entry_read_name(): error 75
1659254706   zap_micro.c:982:zap_lookup_impl(): error 2
1659254706   zap_micro.c:985:zap_lookup_impl(): error 75


# echo 512 > /sys/module/zfs/parameters/zfs_flags
# zfs mount -o ro tank/backup/root; cat /proc/spl/kstat/zfs/dbgmsg
1659254703   zap.c:769:fzap_checksize(): error 22
1659254706   zap_leaf.c:508:zap_entry_read_name(): error 75
1659254706   zap_micro.c:982:zap_lookup_impl(): error 2
1659254706   zap_micro.c:985:zap_lookup_impl(): error 75
1659254706   zap_micro.c:1145:zap_length(): error 2
1659254706   dsl_prop.c:150:dsl_prop_get_dd(): error 2
1659254706   zap_leaf.c:424:zap_leaf_lookup(): error 2
1659254706   zap_leaf.c:508:zap_entry_read_name(): error 75
1659254706   zap_micro.c:1610:zap_cursor_retrieve(): error 2
1659254706   zap_leaf.c:487:zap_entry_read(): error 75
1659254706   zap_leaf.c:468:zap_leaf_lookup_closest(): error 2
1659254706   zap_micro.c:1610:zap_cursor_retrieve(): error 2
1659254706   dsl_prop.c:55:dodefault(): error 2
1659254706   dsl_dataset.c:796:dsl_dataset_hold_flags(): error 2
1659254706   vdev_removal.c:2342:spa_removal_get_stats(): error 2
1659254706   spa_checkpoint.c:167:spa_checkpoint_get_stats(): error 1026
1659254706   zap_micro.c:982:zap_lookup_impl(): error 2
1659254706   zfeature.c:239:feature_get_refcount(): error 95
1659254706   zap_micro.c:1610:zap_cursor_retrieve(): error 2
1659254706   zap_leaf.c:487:zap_entry_read(): error 75
1659254706   zap_leaf.c:468:zap_leaf_lookup_closest(): error 2
1659254706   zap_micro.c:1610:zap_cursor_retrieve(): error 2
1659254706   dsl_crypt.c:619:spa_keystore_dsl_key_hold_impl(): error 2
1659254706   dsl_crypt.c:2700:spa_do_crypt_objset_mac_abd(): error 52
1659254706   arc.c:2177:arc_untransform(): error 5
1659254708   zap.c:769:fzap_checksize(): error 22
1659254708   zap_leaf.c:508:zap_entry_read_name(): error 75
1659254708   dnode.c:1486:dnode_hold_impl(): error 28
1659254708   zap_leaf.c:508:zap_entry_read_name(): error 75
1659254708   dbuf.c:2953:dbuf_findbp(): error 2

[rincebrain]

What does "zfs get keystatus tank/backup/root" say? ...oh, actually, I have an idea now. If you do a zfs send -w of tank/backup/root on 2.1.5 and recv it at tank/backup/root2 or something, does that one mount? If so...let me see if I can find the commit... #12981 e257bd4 But I'm surprised if that mounts pre-fix and not post...hm.

…

On Sun, Jul 31, 2022 at 4:29 AM xofyarg ***@***.***> wrote: Going forward should only require explicitly enabling new things in order to use existing functionality in the event of show-stopping bugs, AFAIK, and none of those should really apply here. Agreed. The new feature doesn't seem to be correlated: # zpool upgrade ... POOL FEATURE --------------- tank draid Here is output from the commands you showed above, some duplicated entries were trimmed from verbose dbgmsg. Let me know if you need more. # echo 1 > /sys/module/zfs/parameters/zfs_flags # zfs mount -o ro tank/backup/root cannot mount 'tank/backup/root': Input/output error # cat /proc/spl/kstat/kcf/NONAME_provider_stats 2 1 0x01 4 1088 28793720433 353409269345 name type data kcf_ops_total 4 10 kcf_ops_passed 4 10 kcf_ops_failed 4 0 kcf_ops_returned_busy 4 0 # tail /proc/spl/kstat/zfs/dbgmsg ... 1659254370 spa_history.c:294:spa_history_log_sync(): command: zpool import tank 1659254519 spa_history.c:330:spa_history_log_sync(): ioctl load-key 1659254519 spa_history.c:294:spa_history_log_sync(): command: zfs load-key tank/backup # echo 1 > /sys/module/zfs/parameters/zfs_flags # zfs mount -o ro tank/backup/root cannot mount 'tank/backup/root': Input/output error # cat /proc/spl/kstat/zfs/dbgmsg ... 1659254703 zap.c:769:fzap_checksize(): error 22 1659254706 zap_leaf.c:508:zap_entry_read_name(): error 75 1659254706 zap_micro.c:982:zap_lookup_impl(): error 2 1659254706 zap_micro.c:985:zap_lookup_impl(): error 75 # echo 512 > /sys/module/zfs/parameters/zfs_flags # zfs mount -o ro tank/backup/root; cat /proc/spl/kstat/zfs/dbgmsg 1659254703 zap.c:769:fzap_checksize(): error 22 1659254706 zap_leaf.c:508:zap_entry_read_name(): error 75 1659254706 zap_micro.c:982:zap_lookup_impl(): error 2 1659254706 zap_micro.c:985:zap_lookup_impl(): error 75 1659254706 zap_micro.c:1145:zap_length(): error 2 1659254706 dsl_prop.c:150:dsl_prop_get_dd(): error 2 1659254706 zap_leaf.c:424:zap_leaf_lookup(): error 2 1659254706 zap_leaf.c:508:zap_entry_read_name(): error 75 1659254706 zap_micro.c:1610:zap_cursor_retrieve(): error 2 1659254706 zap_leaf.c:487:zap_entry_read(): error 75 1659254706 zap_leaf.c:468:zap_leaf_lookup_closest(): error 2 1659254706 zap_micro.c:1610:zap_cursor_retrieve(): error 2 1659254706 dsl_prop.c:55:dodefault(): error 2 1659254706 dsl_dataset.c:796:dsl_dataset_hold_flags(): error 2 1659254706 vdev_removal.c:2342:spa_removal_get_stats(): error 2 1659254706 spa_checkpoint.c:167:spa_checkpoint_get_stats(): error 1026 1659254706 zap_micro.c:982:zap_lookup_impl(): error 2 1659254706 zfeature.c:239:feature_get_refcount(): error 95 1659254706 zap_micro.c:1610:zap_cursor_retrieve(): error 2 1659254706 zap_leaf.c:487:zap_entry_read(): error 75 1659254706 zap_leaf.c:468:zap_leaf_lookup_closest(): error 2 1659254706 zap_micro.c:1610:zap_cursor_retrieve(): error 2 1659254706 dsl_crypt.c:619:spa_keystore_dsl_key_hold_impl(): error 2 1659254706 dsl_crypt.c:2700:spa_do_crypt_objset_mac_abd(): error 52 1659254706 arc.c:2177:arc_untransform(): error 5 1659254708 zap.c:769:fzap_checksize(): error 22 1659254708 zap_leaf.c:508:zap_entry_read_name(): error 75 1659254708 dnode.c:1486:dnode_hold_impl(): error 28 1659254708 zap_leaf.c:508:zap_entry_read_name(): error 75 1659254708 dbuf.c:2953:dbuf_findbp(): error 2 — Reply to this email directly, view it on GitHub <#13709 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AABUI7KIEA7KPXSEGSNXEK3VWY2NZANCNFSM55D5NSLA> . You are receiving this because you commented.Message ID: ***@***.***>

[danig-1]

After upgrading from Ubuntu Server 20.04 LTS to 22.04 LTS, same problem happened here.

Solution:

1. Send and receive:
   zfs send --raw -v pool/original-encrypted@timestamp | zfs receive -v pool/new-encrypted

2. Destroy old filesystem with snapshots:
   zfs destroy -r pool/original-encrypted

3. Rename new to old, so that it will be found at the old location:
   zfs rename pool/new-encrypted pool/original-encrypted

4. Mount:
   zfs mount -l pool/original-encrypted

[xofyarg]

What does "zfs get keystatus tank/backup/root" say?

The key was available.

If you do a zfs send -w ... does that one mount

That one mount, even created after the source mount failed(same as @danig-1 mentioned above). Unfortunately I'm not able to use this workaround at the moment because of the lack of storage for backing up the backup. I wonder will zpool upgrade tank simply work in this case without any side effect. Have you tried it @danig-1?

[rincebrain]

zpool upgrade won't save you, no. I keep meaning to try writing a zhack subcommand to trigger this recalculation without an outright send/recv requirement, but haven't had enough need to do it yet. It shouldn't be hard...

…

On Sun, Jul 31, 2022 at 1:37 PM xofyarg ***@***.***> wrote: What does "zfs get keystatus tank/backup/root" say? The key was available. If you do a zfs send -w ... does that one mount That one mount, even created after the source mount failed(same as @danig-1 <https://github.com/danig-1> mentioned above). Unfortunately I'm not able to use this workaround at the moment because of the lack of storage for backing up the backup. I wonder will zpool upgrade tank simply work in this case without any side effect. Have you tried it @danig-1 <https://github.com/danig-1>? — Reply to this email directly, view it on GitHub <#13709 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AABUI7LOF4Q4CL75GOZLL5TVW22T7ANCNFSM55D5NSLA> . You are receiving this because you commented.Message ID: ***@***.***>

[danig-1]

No, I have not tried that.

[xofyarg]

Regarding to the linked issue, I don't remember I ever sent the dataset in raw before(those were sent incrementally unencrypted). But simply creating a encrypted filesystem on 2.0.1 and then mounting it on 2.1.5 doesn't reproduce the problem I have.

Actually, for the above workaround, I don't have to raw send the filesystem, zfs send tank/backup/root | zfs recv ... just works. Maybe this has a slightly different root cause.

[rincebrain]

I mean, if the destination isn't encrypted, then it won't encounter a bug with decrypting it on mount, no.

[xofyarg]

Sorry, I didn't mention the destination was under the same encryptionroot, so the created filesystem was encrypted.

[rincebrain]

Was it received under 2.0.x, or 2.1.5?

Because 2.1.x shouldn't result in a filesystem that has this problem even if you encrypt on receive, no.

[xofyarg]

It was 2.1.5. IIUC, the filesystem created from the old version(with some weird conditions) is somehow incompatible with current version. And the issue only affect "mounting", the data can be retrieved(after loading the key) and send out. Not sure if it's related to the user accounting flag, as I don't have any quota enabled. So unless there's a hack way to mangle the filesystem internally, creating a new one would be the only solution.

[rincebrain]

The specific problem is, IIRC, that certain metadata (the accounting metadata) got generated without a MAC on it. So things before this problem was fixed shrug and don't care, and things after it was fixed go "oh damn there's no MAC" and you get a decryption error. But since send/recv doesn't include the accounting metadata (it's generated on recv for a variety of reasons), you can just do a send|recv and it'll recalculate on recv and move on with life. I don't think it would be too troublesome to implement either a debug command to force it to recalculate Now or to fall back to doing so on failure to decrypt this specific data, it's just nobody has done so.

…

On Sun, Jul 31, 2022 at 8:31 PM xofyarg ***@***.***> wrote: It was 2.1.5. IIUC, the filesystem created from the old version(with some weird conditions) is somehow incompatible with current version. And the issue only affect "mounting", the data can be retrieved(after loading the key) and send out. Not sure if it's related to the user accounting flag, as I don't have any quota enabled. So unless there's a hack way to mangle the filesystem internally, creating a new one would be the only solution. — Reply to this email directly, view it on GitHub <#13709 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AABUI7IWXR3D6L5JK5L5IY3VW4LFDANCNFSM55D5NSLA> . You are receiving this because you commented.Message ID: ***@***.***>

[xofyarg]

Quick update: ran into an issue likely related to #11679. Otherwise, the newly created filesystems by send | recv look good.

[clhedrick]

I'm seeing the same issue. I just updated from Ubuntu 20 to 22, and I get Input Output error trying to mount encrypted file systems. zpool status shows lots of files with errors but not disk problems.

Fortunately I had mostly moved away from encryption after a previous disaster. So I don't absolutely have to have these file systems. But it would be useful.

My root is encrypted. Fortunately it mounts. Some of the things under it that don't mount inherit keys from the root. Some have their own. All keys are show available. There's nothing interesting in syslog or kern.log.

Should I destroy the file systems? Or would that be more dangerous? I looked at the other entries here, and I don't see any suggestions of a way to recover. Many of these file systems don't have quotas, and weren't received by zfs receive. They were created locally using rsync. I'm reluctant to do zfs send | receive on them, because that has its own problems. We lost a pool on another server while doing a zfs send from it.

[rincebrain]

It's very simple to recover, you just zfs send -w | zfs recv, and the result will work.

And you don't have to have set a quota for it to be calculating the quota metadata needed to enforce one.

...how, exactly, did you lose a pool from using zfs send?

[clhedrick]

Here's how we lost a pool due to zfs send: #13703. I assume that was #11679, though I was asked to report it separately.

The problem with recovering using zfs send -w | receive is that it risks triggering the same problem. I really, really don't want to have to restore or recreate 300 TB of data. (The problem isn't the number of bytes, but the fact that it's a billion files.)

I deleted all the encrypted file systems, except one. Unfortunately the root file system is encrypted. I don't know of any way to replace it. It was the one encrypted file system that we could mount. However at the moment I'm mounting everything under it but not the root. I've gotten paranoid about encryption.

[rincebrain]

You cannot replace the rootfs of a pool, no, that's one reason it's commonly suggested not to use it for storing anything, just as a source for property inheritance.

As Brian said in 13703, though, now OpenZFS should just burp and note an error on encountering the problem you saw, not hard panic. (I've also not seen, to my recollection, any encryption bugs that could cause it to incorrectly set the checksum algo there, so that might be unrelated to encryption? Unclear.)

So if you're running a newer version, at least that failure mode shouldn't happen.

I haven't tested this, and I don't know that I'll have time to do the experiment for a while, but as I said above, I think you could probably theoretically do something like "if we fail at decoding this specific MAC on this special case, throw it out and trigger recalculating" or "fall back to decoding via the incorrect prior encoding method", possibly guarded by a flag.

Whether you would trust a not very aggressively tested patch to do something like that over send/recv is an open and complicated question to consider, though.

[clhedrick]

I didn't use the root for anything. It's not currently mounted. But it was encrypted so that everything would inherit the encryption. I can't unencrypt it even though it's empty.

The system I'm reporting this for is different from the one where I reported #13703. I am running a current version of ZFS on it. I'm going to upgrade the rest of our systems later this month.

[mprasil]

I have encountered similar issue. I have moved my drives from Ubuntu 20.04 system to Ubuntu 22.04 system. In the newer system some filesystems in the pool didn't mount and showed as corrupted:

errors: Permanent errors have been detected in the following files:

        data/enc/users:<0x0>
        data/enc/system:<0x0>

I stopped right there and moved the drives back. The zpool status -v still shows the same filesystems as corrupted, (assuming these errors are somewhere in the log?) but they are mounting okay and as far as I can tell there aren't any corrupted files. I'm running scrub at the moment to know for sure. (Edit: Scrub finished, repaired 0B and errors disappeared, which seems to confirm that there were no actual errors)

All of the failing filesystems are encrypted. But I also have some other filesystems encrypted with the same key in the same pool that mounted on the new system without any problems.

#13763 seems to be also related. There are some folks mentioning upgrade from 20.04, which makes me wonder if that version doesn't have some bug around encryption.

#11688 also seems similar and shows that some people saw this bug disappear with ZFS upgrade to v2.1.4

My versions are following:

# Ubuntu 20.04:
zfs-0.8.3-1ubuntu12.14
zfs-kmod-0.8.3-1ubuntu12.14

# Ubuntu 22.04:
zfs-2.1.4-0ubuntu0.1
zfs-kmod-2.1.4-0ubuntu0.1

So using the v2.1.4 didn't help me.

[jonryk]

@rincebrain - Cheers! I can confirm that (at least for me, and for the one dataset I tested) your suggestion of receiving the dataset under a different name seemed to work fine, but my pool doesn't have enough room to hold duplicates of all the datasets... - Do you have a suggestion for how to trigger this recalculation without retransmitting / duplicating a huge dataset in my pool?

[rincebrain]

I can try to work up something to forcibly trigger it, but I'm wary of sharing minimally tested patches for encryption issues after a few rounds of attempts...so I guess I'd say, assuming I do find time to try working something up in the next week or so, use it on a dataset that you did have room to make a duplicate of, just in case?

Or, if the idea of testing novel patches does not appeal, then no, I have no suggestions.

[mprasil]

@jonryk this might not work in all cases, but perhaps you can create new, empty dataset and move files between them? Something like rsync -ax --remove-source-files /old/dataset/ /new/dataset/ should do the trick.

That way one dataset will be gradually bigger as the files are moved while the other will be gradually smaller. This should not require much more space in the pool. (assuming no snapshots referencing the moved files in the old dataset) When done, you can zfs set the mountpoint of the datasets so that the files are mounted on the same path if that matters to you.

Obviously the downside is, that the files will be split between two datasets while this is in progress, so whatever services are running on top of this might need to be stopped.

[jonryk]

Thanks a lot, @rincebrain! One more "trick" I discovered; I was able to revive / recalculate a couple of datasets - for whom I previously had backed up a recent incremental snapshot.
What I did was to first zfs destroy the snapshot in question, and then zfs recv it back from the file (using the -F option) - seemed to work for some datasets.
For the biggest dataset, however the "trick" didn't work (at least not so far), although that same snapshot-file was successfully received by an offsite, emergency backup, "old version" zpool - sitting on a very remote server, with a very limited network connection. When I attempted to import on the updated, local server, however, I got the following:
cannot receive incremental stream: incremental send stream requires -L (--large-block), to match previous receive.
(I guess my remote server is NOT set up with large blocks.)

[jonryk]

@mprasil : Thanks, but since in my case the datasets cannot be opened, and the files within them cannot be accessed, your suggestion is not applicable. The only solution so far / in my case, seems to be to trigger a "recalculation", as suggested by @rincebrain - which (until now) only seems possible through a zfs recv... - I have successfully "revived" a couple of the datasets this way so far, but the biggest datasets poses a challenge...

[rincebrain]

I suppose you could see if a "zfs rollback [latest snapshot]", or "zfs clone [latest snapshot] some/where", or the like might be a terrible workaround - or taking a new snapshot, then a second new snapshot, then do a send -wi newsnap1 newsnap2 to a file, then trigger a rollback from newsnap2 to newsnap1, and if that doesn't recalculate, receive the noop send you wrote to a file earlier...

[jonryk]

HAHA - fantastic, @rincebrain - my HERO!
("zfs rollback" or "zfs clone" didn't help, seems a zfs recv must be applied to force the recalculation.)

The working solution was the last one you suggested:

1. Make two new snapshots on the dataset
2. zfs send the incremental to a file
3. Roll back the dataset to the first of the two snaps
4. Receive the incremental from the file to the dataset

Voila - the datasets can all be mounted and all seems OK - Much obliged!

(Strange thing is I thought I tried this before, but that the zfs send failed - perhaps I didn't use the "-w" (RAW) option? - This time I ran zfs send with the "-Lwi" options, to make absolutely sure, although I guess the "-wi" options would suffice, and it all worked like a charm!)

[wdoekes]

FYI: relevant bug report at Ubuntu
https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1987190

Thanks for the patch, @rincebrain! I can confirm that it works.

[lucidBrot]

I just encountered the same problem - the do-release-upgrade had somehow failed, leaving me with only a tty and a dead screen session (that it had autocreated). In there, the output of zfs --version showed mismatching versions between the kmod and the command itself, but I rebooted anyway. Got dropped to initramfs because it failed to mount my encrypted zfs on root despite having loaded the correct key, with the message about corruption and Input/Output error. Interestingly, the versions of zfs --version in the initramfs were both the new one now.

Following @mat128 's steps worked!

There were errors after I tried to exit the initramfs but forcing a reboot using the power button did boot me into the gui again. Thanks!

[lucidBrot]

Potentially Relevant: When the new zfs version tried to access the old zfs filesystem with missing MAC (or whatever exactly the problem was that was discussed here), it had set a warning on the pool. Even though everthing is fine now, the warning is still there:

generic@motorbrot:/tmp$ sudo zpool status tank -v
  pool: tank
 state: ONLINE
status: One or more devices has experienced an error resulting in data
	corruption.  Applications may be affected.
action: Restore the file in question if possible.  Otherwise restore the
	entire pool from backup.
   see: https://openzfs.github.io/openzfs-docs/msg/ZFS-8000-8A
  scan: scrub in progress since Mon Feb 13 16:55:08 2023
	385G scanned at 1.43G/s, 72.7G issued at 276M/s, 510G total
	0B repaired, 14.25% done, 00:27:04 to go
config:

	NAME         STATE     READ WRITE CKSUM
	tank         ONLINE       0     0     0
	  nvme0n1p9  ONLINE       0     0     0

errors: Permanent errors have been detected in the following files:

        tank/enc/ds1/u18:<0x0>

I am currently running zpool scrub tank, hoping that this will clear out the warning - zpool clear tank did not clear it. The zpool scrub tank indeed did clear the warning.

[lucidBrot]

I just realized that despite my zfs-on-root booting correctly, i am no longer able to access any of the older snapshots, since mounting them gives an I/O error.

Is there a known workaround to mount the old snapshots anyway, despite them having been created by an older version of zfs, without copying all the data to a new pool?

[rincebrain]

Older snapshots should work after #14161; if they don't, that's a bug, and I should figure out what to do about it.

[lucidBrot]

Oh, I see. Thanks for that information!

I am on ubuntu 22.04

zfs --version
zfs-2.1.5-1ubuntu6-22.04.1
zfs-kmod-2.1.5-1ubuntu6-22.04.1

Considering that the 2.1.5 release on the github releases page is from Jun 22, 2022 and the PR you reference was merged on Nov 15, 2022, I'll assume that your fix does work and is simply not yet in the latest version on ubuntu.

[wdoekes]

@lucidBrot: could you take a look at the Ubuntu bug at https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1987190 (mentioned in #13709 (comment)) and:

• check the workaround
• click that it affects you too

I checked the the 2.1.5-1ubuntu6-22.04.1 changelog, and this is indeed not fixed there.

[lucidBrot]

Thanks @wdoekes for the link! I clicked that it affects me too and posted a comment there as well. However, I no longer need a reply from you despite having asked

Does it still make sense to apply your patch, or would I rather figure out how to install zfs directly from the source from github?

It took me a day but i have now managed to install zfs 2.1.9 from source and my laptop still boots. The only thing missing is that I no longer have zfs-zed, but since I never used that or understood what it was for, that should be alright i guess.

@rincebrain I have verified: the same snapshot that I was no longer able to access in my earlier testing is now accessible again. So your fix is working indeed. Thank you for your work!

[bigtonylewis]

I have this bug and @mat128's solution worked, but didn't survive a reboot. After rebooting, I had to redo the snapshot workaround again.

Is there a way to fix the problem permanently?

[lucidBrot]

@bigtonylewis It worked for me after a reboot still ... just only for the new snapshots. (until I decided to built the latest zfs version myself, that made everything work again fully)

Is your zfs --version in the initramfs newer than your zfs version in the booted OS?

[bigtonylewis]

@lucidBrot There's no ZFS in initrd; I don't use ZFS for OS filesystems, just for data. I just confirmed this with lsinitramfs.

I do note though that there is a difference in versions between the binary and the kernel module:

# zfs --version
zfs-2.1.5-1ubuntu6~22.04.1
zfs-kmod-2.1.4-0ubuntu0.1

Could that be a factor? The module comes from the kernel image (MD5 confirms it is the same as per the kernel package)

[lucidBrot]

Ah, well @bigtonylewis I don't see why a reboot should have any effect then, if you aren't booting from it. I'm no expert either though.

Do note that when I finished upgrading to ubuntu 22.04 I had consistent versioning here. So ... maybe you can apt upgrade it? ( You can check that with sudo apt update && apt list --upgradeable )

[rptb1]

I have recently had this same issue, and have written about it to zfs-discussion and earlier at serverfault. I'm recording links here. I will study this thread and follow up in all locations with my results.

In the meantime, please tell me if anyone has suggestions for getting debugging output, backtraces, dumps etc. from my current pool that might help debug this issue for other people before I make it go away.

Thanks.

[rincebrain]

Just install a newer version than Ubuntu is shipping, or get them to ship the patch that fixes your problem. There's no real debugging needed unless you're running the fix and it didn't help.

[wdoekes]

@rptb1: Did you check the bug report at launchpad, and clicked "Affects me too"?

• Get patch against 2.1.5: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1987190/+attachment/5704587/+files/zfs-dkms-2.1.5-1-fix-zero-mac-io-error.patch
• Follow steps described here: https://bugs.launchpad.net/ubuntu/+source/zfs-linux/+bug/1987190/comments/4

That should fix it for Jammy.

---

I did notice occasional errors in zpool status with (unpatched) 2.1.5-1ubuntu6~22.04.1 but they were fixed up by a zpool scrub initiated by zed:

errors: 7 data errors, use '-v' for a list

Permanent errors have been detected in the following files:

        <0x20f17>:<0x0>
        tank/someserver@planb-20221101T2223Z:<0x0>
        ...

But the autoscrub made them go away before I could look into it some more:

  scan: scrub repaired 0B in 1 days 13:42:09 with 0 errors on Mon Oct  9 14:06:11 2023
...
errors: No known data errors

On this host I had mounted every encrypted fileset when running the patch, and then went back to the unpatched Ubuntu module. I did not expect to see any new errors after that. But.. if this is the same issue, I guess I would have to mount all the old snapshots, not just the filesets, before I can go back to the unpatched version.

---

Update:

I guess I would have to mount all the old snapshots, not just the filesets, before I can go back to the unpatched version.

Yes. Looks like that was the cause of the later errors. Running a patched version now, and I'm not adding more snapshots to the zpool error list.

(I can probably forego the mounting, and simply ls in .zfs/snapshot/* in all filesets.)

[wdoekes]

Update:

Alas: the errors on the snapshots keep reappearing when using the unpatched version. Even though I did mount them with a patched module once.

It can be quickly observed when looking in .zfs/snapshot:

# ls -l .zfs/snapshot
total 513
drwxrwxrwx 1 root  root 0 Oct 11 12:26 2021-07-01-last-on-old-swift
drwxrwxrwx 1 root  root 0 Oct 11 12:26 planb-20220101T0014Z
drwxrwxrwx 1 root  root 0 Oct 11 12:26 planb-20221101T0017Z
drwxrwxrwx 1 root  root 0 Oct 11 12:26 planb-20221201T0009Z
drwxrwxrwx 1 root  root 0 Oct 11 12:26 planb-20230101T0014Z  <-- these and above are unreadable without patch
drwxr-xr-x 3 planb root 4 Feb  1  2023 planb-20230201T0021Z
drwxr-xr-x 3 planb root 4 Mar  1  2023 planb-20230301T0016Z
drwxr-xr-x 3 planb root 4 Apr  1  2023 planb-20230401T0016Z
drwxr-xr-x 3 planb root 4 May  1 02:17 planb-20230501T0017Z
...

It would be nice if we can get these persistently fixed so they work without the patch. Not sure if that is possible though 🤷

[rptb1]

Thanks for the suggestions and the pointer to the patch. I'm not keen run with a non-standard LTS system for all sorts of reasons, so I went with using zfs send/receive to reconstruct the damaged filesystems. I've posted details to zfs-discuss. tl;dr I did ZFS replication send from the old pool in Ubuntu 20 to receive in a fresh pool on Ubuntu 22, then sent the filesystems back to the old pool in Ubuntu 22. This won't work for everyone -- there was quite a bit of server downtime.