geom mirror now rebuilding on every reboot?

> Michael,
>
>> Something in -current and recently MFC'd to -stable is causing all of my
>> gmirror drives to rebuild on reboot :-(
>>
>> Being remote and these being production machines, I suspect SVN r237929
>> and r237930 in -current and SVN r238500 to -stable but haven't yet been
>> able to prove it.
>>
>> Is anyone else seeing this?
>
> yes, i've seem something similar only much, much worse. one of our
> production systems completely kept loosing its gmirror volumes on
> every reboot. it looked like gmirror metadata were completely
> corrupted. rebuilding mirrors and reverting back to previous kernel
> seemed to work. someone else is tracking it down.

> On Mon, Aug 6, 2012 at 8:34 AM, Maksim Yevmenkin
> <[hidden email]> wrote:
>> Michael,
>>
>>> Something in -current and recently MFC'd to -stable is causing all of my
>>> gmirror drives to rebuild on reboot :-(
>>>
>>> Being remote and these being production machines, I suspect SVN r237929
>>> and r237930 in -current and SVN r238500 to -stable but haven't yet been
>>> able to prove it.
>>>
>>> Is anyone else seeing this?
>>
>> yes, i've seem something similar only much, much worse. one of our
>> production systems completely kept loosing its gmirror volumes on
>> every reboot. it looked like gmirror metadata were completely
>> corrupted. rebuilding mirrors and reverting back to previous kernel
>> seemed to work. someone else is tracking it down.
>
>     Is this is in 9.1 -PRERELEASE, -RELEASE (or whatever the official
> label is...)? If so, it seems like this would be a ship blocker.

> On Mon, Aug 6, 2012 at 9:23 AM, Garrett Cooper <[hidden email]> wrote:
>> On Mon, Aug 6, 2012 at 8:34 AM, Maksim Yevmenkin
>> <[hidden email]> wrote:
>>> Michael,
>>>
>>>> Something in -current and recently MFC'd to -stable is causing all of my
>>>> gmirror drives to rebuild on reboot :-(
>>>>
>>>> Being remote and these being production machines, I suspect SVN r237929
>>>> and r237930 in -current and SVN r238500 to -stable but haven't yet been
>>>> able to prove it.
>>>>
>>>> Is anyone else seeing this?
>>>
>>> yes, i've seem something similar only much, much worse. one of our
>>> production systems completely kept loosing its gmirror volumes on
>>> every reboot. it looked like gmirror metadata were completely
>>> corrupted. rebuilding mirrors and reverting back to previous kernel
>>> seemed to work. someone else is tracking it down.
>>
>>     Is this is in 9.1 -PRERELEASE, -RELEASE (or whatever the official
>> label is...)? If so, it seems like this would be a ship blocker.
>
> sorry. its releng_9/9-stable. gmirrors are on two ssds. we use gpt and
> gmirror individual partitions, not entire disks.

> On Mon, Aug 6, 2012 at 9:26 AM, Maksim Yevmenkin
> <[hidden email]> wrote:
>> On Mon, Aug 6, 2012 at 9:23 AM, Garrett Cooper <[hidden email]> wrote:
>>> On Mon, Aug 6, 2012 at 8:34 AM, Maksim Yevmenkin
>>> <[hidden email]> wrote:
>>>> Michael,
>>>>
>>>>> Something in -current and recently MFC'd to -stable is causing all of my
>>>>> gmirror drives to rebuild on reboot :-(
>>>>>
>>>>> Being remote and these being production machines, I suspect SVN r237929
>>>>> and r237930 in -current and SVN r238500 to -stable but haven't yet been
>>>>> able to prove it.
>>>>>
>>>>> Is anyone else seeing this?
>>>>
>>>> yes, i've seem something similar only much, much worse. one of our
>>>> production systems completely kept loosing its gmirror volumes on
>>>> every reboot. it looked like gmirror metadata were completely
>>>> corrupted. rebuilding mirrors and reverting back to previous kernel
>>>> seemed to work. someone else is tracking it down.
>>>
>>>     Is this is in 9.1 -PRERELEASE, -RELEASE (or whatever the official
>>> label is...)? If so, it seems like this would be a ship blocker.
>>
>> sorry. its releng_9/9-stable. gmirrors are on two ssds. we use gpt and
>> gmirror individual partitions, not entire disks.
>
> I may well be confused, but I don't understand how you can use GPT for
> a single partition. Looks to me like a disk is GPT or legacy.
> Declaring which is the first command when setting up a new disk.

> On Mon, Aug 6, 2012 at 9:33 AM, Kevin Oberman <[hidden email]> wrote:
>> On Mon, Aug 6, 2012 at 9:26 AM, Maksim Yevmenkin
>> <[hidden email]> wrote:
>>> On Mon, Aug 6, 2012 at 9:23 AM, Garrett Cooper <[hidden email]> wrote:
>>>> On Mon, Aug 6, 2012 at 8:34 AM, Maksim Yevmenkin
>>>> <[hidden email]> wrote:
>>>>> Michael,
>>>>>
>>>>>> Something in -current and recently MFC'd to -stable is causing all of my
>>>>>> gmirror drives to rebuild on reboot :-(
>>>>>>
>>>>>> Being remote and these being production machines, I suspect SVN r237929
>>>>>> and r237930 in -current and SVN r238500 to -stable but haven't yet been
>>>>>> able to prove it.
>>>>>>
>>>>>> Is anyone else seeing this?
>>>>>
>>>>> yes, i've seem something similar only much, much worse. one of our
>>>>> production systems completely kept loosing its gmirror volumes on
>>>>> every reboot. it looked like gmirror metadata were completely
>>>>> corrupted. rebuilding mirrors and reverting back to previous kernel
>>>>> seemed to work. someone else is tracking it down.
>>>>
>>>>    Is this is in 9.1 -PRERELEASE, -RELEASE (or whatever the official
>>>> label is...)? If so, it seems like this would be a ship blocker.
>>>
>>> sorry. its releng_9/9-stable. gmirrors are on two ssds. we use gpt and
>>> gmirror individual partitions, not entire disks.
>>
>> I may well be confused, but I don't understand how you can use GPT for
>> a single partition. Looks to me like a disk is GPT or legacy.
>> Declaring which is the first command when setting up a new disk.
>
> i'm sorry, to make it (hopefully) clear, we are using gpt partitioning
> scheme (as opposed to mbr partitioning scheme), and then use gmirror
> on individual partitions, i.e. we gimirror /dev/ada0p1 and /dev/ada1p1
> and not /dev/ada0 and /dev/ada1.

> On Mon, Aug 6, 2012 at 8:34 AM, Maksim Yevmenkin
> <[hidden email]> wrote:
>> Michael,
>>
>>> Something in -current and recently MFC'd to -stable is causing all of my
>>> gmirror drives to rebuild on reboot :-(
>>>
>>> Being remote and these being production machines, I suspect SVN r237929
>>> and r237930 in -current and SVN r238500 to -stable but haven't yet been
>>> able to prove it.
>>>
>>> Is anyone else seeing this?
>>
>> yes, i've seem something similar only much, much worse. one of our
>> production systems completely kept loosing its gmirror volumes on
>> every reboot. it looked like gmirror metadata were completely
>> corrupted. rebuilding mirrors and reverting back to previous kernel
>> seemed to work. someone else is tracking it down.
>
>     Is this is in 9.1 -PRERELEASE, -RELEASE (or whatever the official
> label is...)? If so, it seems like this would be a ship blocker.

>  Michael,
>
> On Sat, Aug 04, 2012 at 12:49:49PM -0400, Michael Butler wrote:
> M> Something in -current and recently MFC'd to -stable is causing all of my
> M> gmirror drives to rebuild on reboot :-(
> M>
> M> Being remote and these being production machines, I suspect SVN r237929
> M> and r237930 in -current and SVN r238500 to -stable but haven't yet been
> M> able to prove it.
>
> I'd appreciate if you test that and either confirm or disclaim that
> r238500 introduces such regression. Thanks!
>

> Garrett Cooper
>>    Is this is in 9.1 -PRERELEASE, -RELEASE (or whatever the official
>> label is...)? If so, it seems like this would be a ship blocker.
>
> I have a problem that's been getting progressively worse as the
> source progresses.  So much so that it's had me searching all the
> way from 8.0-RELEASE to 10-CURRENT without luck on both amd64 and
> i386.
>
> pf(4) erroneously mismatches state and then blocks an active flow.
> It seems that 8.X does so silently and 9 to -CURRENT do so verbosely.
> Whether silent or loud, the effect on traffic makes it impracticle
> to use FreeBSD+PF for a firewall in any setting (my use is home,
> small office, large office and moderately large datacenter core
> router).  It appears that this has actually been a forever problem
> that just being tickled more now.
>
> Here's from my home firewall:
> Status: Enabled for 7 days 02:57:58           Debug: Urgent
>
> State Table                          Total             Rate
>  current entries                     1653              
>  searches                        45792251           74.4/s
>  inserts                           428375            0.7/s
>  removals                          426722            0.7/s
> ...
>  state-mismatch                      1586            0.0/s
>
>
> Here's from a moderately busy firewall:
> Status: Enabled for 0 days 21:40:44           Debug: Urgent
>
> State Table                          Total             Rate
>  current entries                   122395              
>  searches                      4428641685        56745.4/s
>  inserts                        202644593         2596.5/s
>  removals                       202522198         2595.0/s
> ...
>  state-mismatch                    277767            3.6/s
>
> That's 277767 flows terminated in the last almost 22 hours due to
> this pf bug. (!!!)
>
> 9.1-PRERELEASE logs (as does -CURRENT):
> Jul 22 08:54:25 brane kernel: pf: state key linking mismatch! dir=OUT, if=tun0, stored af=2, a0: 10.0.2.220:60985, a1: 192.41.162.30:53, proto=17, found af=2, a0: 41.154.2.53:1701, a1: 41.133.165.161:59051, proto=17.
> Jul 22 08:54:25 brane kernel: pf: state key linking mismatch! dir=OUT, if=tun0, stored af=2, a0: 10.0.2.220:52995, a1: 41.154.2.100:53, proto=17, found af=2, a0: 41.154.2.53:1701, a1: 41.133.165.161:59051, proto=17.
> Jul 22 08:54:25 brane kernel: pf: state key linking mismatch! dir=OUT, if=tun0, stored af=2, a0: 10.0.2.220:60095, a1: 206.223.136.200:53, proto=17, found af=2, a0: 41.154.2.53:1701, a1: 41.133.165.161:59051, proto=17.
> Jul 22 08:54:25 brane kernel: pf: state key linking mismatch! dir=OUT, if=tun0, stored af=2, a0: 10.0.2.220:50463, a1: 206.223.136.200:53, proto=17, found af=2, a0: 41.154.2.53:1701, a1: 41.133.165.161:59051, proto=17.
> Jul 22 08:54:25 brane kernel: pf: state key linking mismatch! dir=OUT, if=tun0, stored af=2, a0: 10.0.2.220:56748, a1: 192.41.162.30:53, proto=17, found af=2, a0: 41.154.2.53:1701, a1: 41.133.165.161:59051, proto=17.
> Jul 22 08:54:25 brane kernel: pf: state key linking mismatch! dir=OUT, if=tun0, stored af=2, a0: 10.0.2.220:60793, a1: 192.41.162.30:53, proto=17, found af=2, a0: 41.154.2.53:1701, a1: 41.133.165.161:59051, proto=17.

> On Aug 7, 2012, at 11:17 AM, Ian FREISLICH <[hidden email]> wrote:
>
>> Garrett Cooper
>>>     Is this is in 9.1 -PRERELEASE, -RELEASE (or whatever the official
>>> label is...)? If so, it seems like this would be a ship blocker.
>> I have a problem that's been getting progressively worse as the
>> source progresses.  So much so that it's had me searching all the
>> way from 8.0-RELEASE to 10-CURRENT without luck on both amd64 and
>> i386.
>>
>> pf(4) erroneously mismatches state and then blocks an active flow.
>> It seems that 8.X does so silently and 9 to -CURRENT do so verbosely.
>> Whether silent or loud, the effect on traffic makes it impracticle
>> to use FreeBSD+PF for a firewall in any setting (my use is home,
>> small office, large office and moderately large datacenter core
>> router).  It appears that this has actually been a forever problem
>> that just being tickled more now.
>>
>> Here's from my home firewall:
>> Status: Enabled for 7 days 02:57:58           Debug: Urgent
>>
>> State Table                          Total             Rate
>>   current entries                     1653
>>   searches                        45792251           74.4/s
>>   inserts                           428375            0.7/s
>>   removals                          426722            0.7/s
>> ...
>>   state-mismatch                      1586            0.0/s
>>
>>
>> Here's from a moderately busy firewall:
>> Status: Enabled for 0 days 21:40:44           Debug: Urgent
>>
>> State Table                          Total             Rate
>>   current entries                   122395
>>   searches                      4428641685        56745.4/s
>>   inserts                        202644593         2596.5/s
>>   removals                       202522198         2595.0/s
>> ...
>>   state-mismatch                    277767            3.6/s
>>
>> That's 277767 flows terminated in the last almost 22 hours due to
>> this pf bug. (!!!)
>>
>> 9.1-PRERELEASE logs (as does -CURRENT):
>> Jul 22 08:54:25 brane kernel: pf: state key linking mismatch! dir=OUT, if=tun0, stored af=2, a0: 10.0.2.220:60985, a1: 192.41.162.30:53, proto=17, found af=2, a0: 41.154.2.53:1701, a1: 41.133.165.161:59051, proto=17.
>> Jul 22 08:54:25 brane kernel: pf: state key linking mismatch! dir=OUT, if=tun0, stored af=2, a0: 10.0.2.220:52995, a1: 41.154.2.100:53, proto=17, found af=2, a0: 41.154.2.53:1701, a1: 41.133.165.161:59051, proto=17.
>> Jul 22 08:54:25 brane kernel: pf: state key linking mismatch! dir=OUT, if=tun0, stored af=2, a0: 10.0.2.220:60095, a1: 206.223.136.200:53, proto=17, found af=2, a0: 41.154.2.53:1701, a1: 41.133.165.161:59051, proto=17.
>> Jul 22 08:54:25 brane kernel: pf: state key linking mismatch! dir=OUT, if=tun0, stored af=2, a0: 10.0.2.220:50463, a1: 206.223.136.200:53, proto=17, found af=2, a0: 41.154.2.53:1701, a1: 41.133.165.161:59051, proto=17.
>> Jul 22 08:54:25 brane kernel: pf: state key linking mismatch! dir=OUT, if=tun0, stored af=2, a0: 10.0.2.220:56748, a1: 192.41.162.30:53, proto=17, found af=2, a0: 41.154.2.53:1701, a1: 41.133.165.161:59051, proto=17.
>> Jul 22 08:54:25 brane kernel: pf: state key linking mismatch! dir=OUT, if=tun0, stored af=2, a0: 10.0.2.220:60793, a1: 192.41.162.30:53, proto=17, found af=2, a0: 41.154.2.53:1701, a1: 41.133.165.161:59051, proto=17.
>      Filed a PR yet with packet captures?
> Thanks,
> -Garrett_______________________________________________
> [hidden email] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "[hidden email]"
>