Block Cloning fallback with O_DIRECT flag causes kernel panic in older kernel versions

[ixhamza]

System information

Type	Version/Name
Distribution Name	Ubuntu 22.04.2 LTS
Distribution Version	22.04
Kernel Version	5.15.0-119-generic
Architecture	x86_64
OpenZFS Version	zfs-2.3.0-1

Describe the problem you're observing

Testing the block cloning fallback functionality with the O_DIRECT flag is causing a kernel panic. For testing purposes, I added the O_DIRECT flag to the open call in clonefile.c.
Note: When tested with the latest 6.12 TrueNAS kernel, same test returns EAGAIN instead of kernel panic.

Describe how to reproduce the problem

Run following script with above clonefile patch to reproduce the kernel panic:

truncate -s 8G /tmp/f1
sudo zpool create tank /tmp/f1
sudo dd if=/dev/urandom of=/tank/file bs=128K count=4
sudo zpool sync tank
sudo ./tests/zfs-tests/bin/clonefile -f /tank/file /tank/clone 32768 32768 65536

Include any warning/errors/backtraces from the system logs

[17118.225852] general protection fault, probably for non-canonical address 0x6779e00000000: 0000 [#1] SMP NOPTI
[17118.225995] CPU: 18 PID: 174965 Comm: clonefile Tainted: P           OE     5.15.0-119-generic #129-Ubuntu
[17118.226099] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[17118.226197] RIP: 0010:memcpy_erms+0x6/0x10
[17118.226342] Code: cc cc cc cc eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 cc cc cc cc 66 90 48 89 f8 48 89 d1 <f3> a4 c3 cc cc cc cc 0f 1f 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
[17118.226528] RSP: 0018:ffffc05e835d3820 EFLAGS: 00010206
[17118.226617] RAX: 0006779e00000000 RBX: ffffc05e835d38e8 RCX: 0000000000001000
[17118.226706] RDX: 0000000000001000 RSI: ffffc05e83459000 RDI: 0006779e00000000
[17118.226815] RBP: ffffc05e835d3838 R08: ffff9b2f03ff4a00 R09: 0000000000000000
[17118.226913] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000001000
[17118.227009] R13: ffffc05e835d3870 R14: ffffc05e835d38e8 R15: 0000000000000000
[17118.227104] FS:  00007f548e3fd740(0000) GS:ffff9b3037c80000(0000) knlGS:0000000000000000
[17118.227203] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[17118.227296] CR2: 00007f548e48b600 CR3: 0000000107ebe000 CR4: 0000000000750ee0
[17118.227397] PKRU: 55555554
[17118.227468] Call Trace:
[17118.227542]  <TASK>
[17118.227621]  ? show_trace_log_lvl+0x1d6/0x2ea
[17118.227742]  ? show_trace_log_lvl+0x1d6/0x2ea
[17118.227961]  ? abd_iterate_func.part.0+0xac/0x190 [zfs]
[17118.228955]  ? show_regs.part.0+0x23/0x29
[17118.229056]  ? __die_body.cold+0x8/0xd
[17118.229157]  ? die_addr+0x3e/0x60
[17118.229278]  ? exc_general_protection+0x1c5/0x410
[17118.229378]  ? asm_exc_general_protection+0x27/0x30
[17118.229504]  ? memcpy_erms+0x6/0x10
[17118.229599]  ? abd_copy_from_buf_off_cb+0x1d/0x30 [zfs]
[17118.230016]  abd_iterate_func.part.0+0xac/0x190 [zfs]
[17118.230346]  ? abd_copy_to_buf_off_cb+0x40/0x40 [zfs]
[17118.230643]  abd_copy_from_buf_off+0x3b/0x60 [zfs]
[17118.230957]  dmu_read_abd+0x352/0x520 [zfs]
[17118.231274]  dmu_read_uio_direct+0x5f/0xa0 [zfs]
[17118.231593]  dmu_read_uio_dnode+0x12a/0x140 [zfs]
[17118.231903]  ? filemap_range_has_page+0x87/0xc0
[17118.232010]  dmu_read_uio_dbuf+0x1e/0x30 [zfs]
[17118.232302]  zfs_read+0x3fe/0x5d0 [zfs]
[17118.232608]  zpl_iter_read+0x105/0x1b0 [zfs]
[17118.232903]  generic_file_splice_read+0xf1/0x1b0
[17118.233005]  do_splice_to+0x7d/0xc0
[17118.233094]  splice_direct_to_actor+0xba/0x220
[17118.233183]  ? page_cache_pipe_buf_try_steal+0xd0/0xd0
[17118.233277]  do_splice_direct+0x89/0xd0
[17118.233366]  generic_copy_file_range+0x31/0x40
[17118.233457]  zpl_copy_file_range+0x63/0x80 [zfs]
[17118.233734]  vfs_copy_file_range+0x26e/0x4d0
[17118.233837]  __do_sys_copy_file_range+0xd2/0x210
[17118.234717]  __x64_sys_copy_file_range+0x24/0x30
[17118.235381]  x64_sys_call+0x178a/0x1fa0
[17118.236050]  do_syscall_64+0x56/0xb0
[17118.236648]  ? ksys_write+0x67/0xf0
[17118.237235]  ? exit_to_user_mode_prepare+0x37/0xb0
[17118.237830]  ? syscall_exit_to_user_mode+0x2c/0x50
[17118.238376]  ? x64_sys_call+0x47c/0x1fa0
[17118.238908]  ? do_syscall_64+0x63/0xb0
[17118.239397]  ? clear_bhb_loop+0x45/0xa0
[17118.239907]  ? clear_bhb_loop+0x45/0xa0
[17118.240376]  ? clear_bhb_loop+0x45/0xa0
[17118.240856]  ? clear_bhb_loop+0x45/0xa0
[17118.241311]  ? clear_bhb_loop+0x45/0xa0
[17118.241722]  entry_SYSCALL_64_after_hwframe+0x6c/0xd6
[17118.242151] RIP: 0033:0x7f548e5191ba
[17118.242579] Code: 64 89 01 48 83 c8 ff c3 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 49 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 15 b8 46 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 7e c3 0f 1f 44 00 00 41 54 48 83 ec 30 44 89
[17118.243489] RSP: 002b:00007ffea0f6eb88 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
[17118.243960] RAX: ffffffffffffffda RBX: 00007ffea0f6edc8 RCX: 00007f548e5191ba
[17118.244421] RDX: 0000000000000004 RSI: 00007ffea0f6eb98 RDI: 0000000000000003
[17118.244899] RBP: 00007ffea0f6ec60 R08: 0000000000010000 R09: 0000000000000000
[17118.245366] R10: 00007ffea0f6eb90 R11: 0000000000000246 R12: 0000000000010000
[17118.245850] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000008000
[17118.246335]  </TASK>
[17118.246819] Modules linked in: zfs(POE) spl(OE) tls iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack_netlink nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xfrm_user xfrm_algo nft_counter xt_addrtype nft_compat nf_tables nfnetlink br_netfilter bridge stp llc nvme_fabrics nvme_core overlay intel_rapl_msr intel_rapl_common kvm_intel ppdev kvm joydev input_leds rapl serio_raw parport_pc parport mac_hid qemu_fw_cfg binfmt_misc dm_multipath scsi_dh_rdac sch_fq_codel scsi_dh_emc scsi_dh_alua nfsd auth_rpcgss msr nfs_acl lockd pstore_blk ramoops pstore_zone reed_solomon grace efi_pstore sunrpc ip_tables x_tables autofs4 btrfs blake2b_generic zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper crct10dif_pclmul syscopyarea crc32_pclmul sysfillrect ghash_clmulni_intel sha256_ssse3 sysimgblt
[17118.247215]  sha1_ssse3 fb_sys_fops cec aesni_intel rc_core crypto_simd drm cryptd psmouse e1000 i2c_piix4 pata_acpi floppy [last unloaded: spl]
[17118.251921] ---[ end trace 31d392964df31d66 ]---
[17118.252368] RIP: 0010:memcpy_erms+0x6/0x10
[17118.252818] Code: cc cc cc cc eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 cc cc cc cc 66 90 48 89 f8 48 89 d1 <f3> a4 c3 cc cc cc cc 0f 1f 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
[17118.253760] RSP: 0018:ffffc05e835d3820 EFLAGS: 00010206
[17118.254356] RAX: 0006779e00000000 RBX: ffffc05e835d38e8 RCX: 0000000000001000
[17118.254845] RDX: 0000000000001000 RSI: ffffc05e83459000 RDI: 0006779e00000000
[17118.255316] RBP: ffffc05e835d3838 R08: ffff9b2f03ff4a00 R09: 0000000000000000
[17118.255853] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000001000
[17118.256398] R13: ffffc05e835d3870 R14: ffffc05e835d38e8 R15: 0000000000000000
[17118.256951] FS:  00007f548e3fd740(0000) GS:ffff9b3037c80000(0000) knlGS:0000000000000000
[17118.257522] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[17118.258193] CR2: 00007f548e48b600 CR3: 0000000107ebe000 CR4: 0000000000750ee0
[17118.258851] PKRU: 55555554