FreeBSD Mail Archives

Date:      Mon, 25 Apr 2016 01:00:45 -0400
From:      "Michael B. Eichorn" <ike@michaeleichorn.com>
To:        freebsd-fs@freebsd.org
Subject:   GELI + Zpool Scrub Results in GELI Device Destruction (and Later a Corrupt Pool)
Message-ID:  <1461560445.22294.53.camel@michaeleichorn.com>

index | next in thread | raw e-mail


[-- Attachment #1 --]
I just ran into something rather unexpected. I have a pool consisting
of a mirrored pair of geli encrypted partitions on WD Red 3TB disks.

The machine is running 10.3-RELEASE, the root zpool was setup with GELI
encryption from the installer, the pool that is acting up was setup per
the handbook.

See the below timeline for what happened, tldr: zpool scrub destroyed
the eli devices, my attempt to recreate the eli device earned me a
ZFS-8000-8A critical error (corrupted data).

All of the errors reported with zpool status -v are metadata and not
regualar files, but as I now have permanent metadata errors I am
looking for guidance as to:

1) Is it safe to keep running the pool as-is for a day or two or am I
risking data corruption?

2) It would be much much faster to copy the data to another pool than
recreate the pool and copy the data back, rather than restore from
backups, am I looking at any potential data loss if I do this?

3) What infomation would be useful to generate for the PR, the error is
reproducable so what should be tried before I nuke the pool?

Thanks,
Ike

-- TIMELINE --

I had just noticed that I had failed to enable the zpool scrub periodic
on this machine. So I began to run zpool scrub by hand. It succeeded
for the root pool which is also geli encrypted, but when I ran it
against my primary data pool I encountered:

Apr 24 23:18:23 terra kernel: GEOM_ELI: Device ada3p1.eli destroyed.
Apr 24 23:18:23 terra kernel: GEOM_ELI: Detached ada3p1.eli on last
close.
Apr 24 23:18:23 terra kernel: GEOM_ELI: Device ada2p1.eli destroyed.
Apr 24 23:18:23 terra kernel: GEOM_ELI: Detached ada2p1.eli on last
close.

And the scrub failed to initialize (command never returned to the
shell).

I then performed a reboot, which suceeded and brought everything up as
normal. I then attempted to scrub the pool again. This time I only lost
one of the partitions:

Apr 24 23:37:34 terra kernel: GEOM_ELI: Device ada2p1.eli destroyed.
Apr 24 23:37:34 terra kernel: GEOM_ELI: Detached ada2p1.eli on last
close.

I then performed a geli attach and zpool online, which onlined the disk
that was offline and offlined the disk that was online (EEEK!):

Apr 24 23:38:28 terra kernel: GEOM_ELI: Device ada2p1.eli created.
Apr 24 23:38:28 terra kernel: GEOM_ELI: Encryption: AES-XTS 256
Apr 24 23:38:28 terra kernel: GEOM_ELI:     Crypto: hardware
Apr 24 23:41:05 terra kernel: GEOM_ELI: Device ada3p1.eli destroyed.
Apr 24 23:41:05 terra kernel: GEOM_ELI: Detached ada3p1.eli on last
close.
Apr 24 23:41:05 terra devd: Executing 'logger -p kern.notice -t ZFS
'vdev state changed, pool_guid=5890893416839487107
vdev_guid=17504861086892353515''
Apr 24 23:41:05 terra ZFS: vdev state changed,
pool_guid=5890893416839487107 vdev_guid=17504861086892353515

I immediately rebooted and both disks came back and resilvered, with
permanent metadata errors

-- END TIMELINE --
[-- Attachment #2 --]
0�	*�H��
��0�10
	`�He0�	*�H��
���0�00��]�0
	*�H��
0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H10Uike@michaeleichorn.com1%0#	*�H��
	ike@michaeleichorn.com0�"0
	*�H��
�0�
��UՀ,���k9�D �%�Z|�Y6J<���r���rK��
�g�;&���|����uN�lUE9�)�V�.[ט�̊�:q�S]�(�#v�SYǲ�*���C�p�u���g�Yݔ����,�v��<`�j(���w�����aS��#�ڒ6�n�(K�5�'K�V�LåE�rv�<J��=�[�}W
�b��LA%g�ޭnV���b�|�����	I��?M7D�:�$�����׃��b���M��_T�[�,��ƃ�\�����0��0	U00U�0U%0++0U�jj�:	�γ����+39�啖0U#0�Sr풜���\|~�5N�ԸQ�0!U0�ike@michaeleichorn.com0�LU �C0�?0�;+��70�*0.+"http://www.startssl.com/policy.pdf0��+0��0' StartCom Certification Authority0��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+��009+0�-http://ocsp.startssl.com/sub/class1/client/ca0B+0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��
�x+Ȑ��F}�pw��.�X�vF��?�r�g����
�P�]EO�p��)L˻���y�A�
;h�i0�u2��]�m ���[Sb�p$_�
���g��r���
X��m*�YP��3#���H>�m�KAǠt�)�HO|�=@}�3���ӝ��'iO81��>��03	v'h�5U�
"H��;��E�CZtp��җ4rWHu�^�6+i*�k��JL8sh��AV�|5��;?HM�����c\�	�j[��j���|�+0�00��]�0
	*�H��
0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H10Uike@michaeleichorn.com1%0#	*�H��
	ike@michaeleichorn.com0�"0
	*�H��
�0�
��UՀ,���k9�D �%�Z|�Y6J<���r���rK��
�g�;&���|����uN�lUE9�)�V�.[ט�̊�:q�S]�(�#v�SYǲ�*���C�p�u���g�Yݔ����,�v��<`�j(���w�����aS��#�ڒ6�n�(K�5�'K�V�LåE�rv�<J��=�[�}W
�b��LA%g�ޭnV���b�|�����	I��?M7D�:�$�����׃��b���M��_T�[�,��ƃ�\�����0��0	U00U�0U%0++0U�jj�:	�γ����+39�啖0U#0�Sr풜���\|~�5N�ԸQ�0!U0�ike@michaeleichorn.com0�LU �C0�?0�;+��70�*0.+"http://www.startssl.com/policy.pdf0��+0��0' StartCom Certification Authority0��This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu1-crl.crl0��+��009+0�-http://ocsp.startssl.com/sub/class1/client/ca0B+0�6http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��
�x+Ȑ��F}�pw��.�X�vF��?�r�g����
�P�]EO�p��)L˻���y�A�
;h�i0�u2��]�m ���[Sb�p$_�
���g��r���
X��m*�YP��3#���H>�m�KAǠt�)�HO|�=@}�3���ӝ��'iO81��>��03	v'h�5U�
"H��;��E�CZtp��җ4rWHu�^�6+i*�k��JL8sh��AV�|5��;?HM�����c\�	�j[��j���|�+0�40��0
	*�H��
0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210155Z
171024210155Z0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0�"0
	*�H��
�0�
��	���-��)�.����2����A�UG��o��#G�
�B|N�D�����Rp�M-��B��=o���-�we�5��J�Qpa>O��.�#������.���_�<���V��
[~�*��*�p�z��~�3�W�G�.ᘟ����Ml�r[�<C�e�6���f����q������O���"��u��xf�WN�#�u����i���c�gk��v$����Lb�%�������y��`�����_�{`���xK'G�N�����0��0U�0�0U�0USr풜���\|~�5N�ԸQ�0U#0�N��@[�i�0�4hC�A��0f+Z0X0'+0�http://ocsp.startssl.com/ca0-+0�!http://www.startssl.com/sfsca.crt0[UT0R0'�%�#�!http://www.startssl.com/sfsca.crl0'�%�#�!http://crl.startssl.com/sfsca.crl0��U y0w0u+��70f0.+"http://www.startssl.com/policy.pdf04+(http://www.startssl.com/intermediate.pdf0
	*�H��
�
�}x�,\�c�^��#wM�q�}��>UK/��^y��X֏y	����f�rMIŲ�B6�1ymQ󸟆�ҨݬZ���0���&��;�@��#13qۑ��&	��̢������o�	6�r��_��;�GO>*I�(	7�4���XS1r3��)!�Ǉ�y��6Ko����tˆ#
_�w�S�r���
�;�B
A�Dp�(f��s�������䰷6%�����.W0J3�:b�C�<�8t X����1�<��C��n�=�����t==�wS���T������~���\�wkB�f�|1��5���zU��P)��(���I��j��VB��!����OfI=b��b�\4�-*em��/нSJm�7���N�����[�]'��@ڽ��D9�Kr>���R��7/��|�o���^I@�ټ'��Pa$ z��9�a'L�)��(�
�I��}v��c�H]�۸�D����*�W�}
m�>Q����|�C.�(,�l��Q�1�0�{0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0
	`�He���0	*�H��
	1	*�H��
0	*�H��
	1
160425050045Z0/	*�H��
	1" ͑��;
��GB�*�\���e[l^v�
ld|�0��	+�71��0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0��*�H��
	1�����0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]�0
	*�H��
�c��q�1��g�f��F*��x̮�+����_c��0�������9�f�Y'�v���
)q��qA�=gR@ߓO����ߠb����__��������Dh�v�?�v�/i^�%.\���H�W�(��nRm�y����9Nt�8��6�l]�˫�w˸'
f=�U�1L�����~�@�.YʪxQH�~���
B���,�$É�\_P B�%M����r0�/����Z�6}й��
�@W

help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1461560445.22294.53.camel>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation