Raw send of encrypted sub-filesystem doesn't correctly set encryptionroot/keylocation

[usovalx]

System information

Type	Version/Name
Distribution Name	debian
Distribution Version	12
Kernel Version	6.1.0-18-amd64
Architecture	amd64
OpenZFS Version	2.2.2-4~bpo12+1

Describe the problem you're observing

I have a setup where I have an encrypted pool with multiple filesystems, and it's being periodically copied to a different machine.
I have noticed that if I create a new filesystem and send just it alone, it appears to incorrectly set keylocation as prompt, instead of inheriting from encryptionroot.

Describe how to reproduce the problem

# create encrypted pool
sudo zpool create -O encryption=aes-256-gcm -O keyformat=hex -O keylocation=file:///ztank/test/password t1 loop1

# and second one, where we will back it up to
sudo zpool create t2 loop2

# add some filesystem, and create first full backup
sudo zfs create t1/fs1

### first send
sudo zfs snapshot -r t1@s1
sudo zfs send -Rw t1@s1 | sudo zfs receive -o canmount=off   t2/t1

# rigth now our backups is fine - both are encrypted and keylocation is set correctly
sudo zfs get -tfilesystem -r encryptionroot,keylocation t1 t2
NAME       PROPERTY        VALUE                         SOURCE
t1         encryptionroot  t1                            -
t1         keylocation     file:///home/usov/T/password  local
t1/fs1     encryptionroot  t1                            -
t1/fs1     keylocation     none                          default
t2         encryptionroot  -                             -
t2         keylocation     none                          default
t2/t1      encryptionroot  t2/t1                         -
t2/t1      keylocation     file:///home/usov/T/password  local
t2/t1/fs1  encryptionroot  t2/t1                         -
t2/t1/fs1  keylocation     none                          default

###########################
# now assume that root FS is desynced - future backups are done one FS at a time.
sudo zfs create t1/fs3
sudo zfs snapshot -r t1@s2
sudo zfs send -Rw t1/fs3@s2 | sudo zfs receive -o canmount=off t2/t1/fs3

###########################
# now if we look at the backupf of `fs3` - it still correctly inherits `encryptionroot`, but keylocation is wrong
sudo zfs get -tfilesystem -r encryptionroot,keylocation t2/t1
NAME       PROPERTY        VALUE                         SOURCE
t2/t1      encryptionroot  t2/t1                         -
t2/t1      keylocation     file:///home/usov/T/password  local
t2/t1/fs1  encryptionroot  t2/t1                         -
t2/t1/fs1  keylocation     none                          default
t2/t1/fs3  encryptionroot  t2/t1/fs3                     -
t2/t1/fs3  keylocation     prompt                        local

Include any warning/errors/backtraces from the system logs

No particular error messages that I noticed, however due to incorrect keylocation it will fail to automatically load the key on boot.

[digitalsignalperson]

Don't you want your t2/t1/fs3 encryptionroot to be be the common t2/t1? You have to zfs change-key -i t2/t1/fs3 and I think it will fix the keylocation too.

while zfs change-key -i requires loading the key, I've also found a way to avoid this with a force_inherit function available in pyzfs #15687 (comment)
PR opened to add that functionality to zfs change-key -f #15821

[usovalx]

Indeed, I just realized that I was misreading the encryptionroot and was sure it's actually set correctly.
What is puzzling - the reason I noticed this issue - it was happening for the last few month on my nas box.
But after I poked around (and failed to fix anything) with zfs inherit and zfs set, it actually fixed itself and even encryptionroot was reset.
And I definitely didn't see the workaround with force_inherit / pyzfs.
Nor did I actually try zfs change-key -i - something else did after I set correct keylocation.

Thanks for advice.