blktests failures with v7.0-rc1 kernel
Chaitanya Kulkarni
chaitanyak at nvidia.com
Tue Mar 3 11:48:04 PST 2026
On 2/26/26 01:18, John Garry wrote:
> JFYI, I saw this splat for nvme/033 on nvme-7.0 branch *:
>
> [ 15.525025] systemd-journald[347]:
> /var/log/journal/89df182291654cc0b051327dd5a58135/user-1000.journal:
> Journal file uses a different sequence number ID, rotating.
> [ 21.339287] run blktests nvme/033 at 2026-02-26 08:45:20
> [ 21.522168] nvmet: Created nvm controller 1 for subsystem
> blktests-subsystem-1 for NQN
> nqn.2014-08.org.nvmexpress:uuid:0f01fb42-9f7f-4856-b0b3-51e60b8de349.
> [ 21.527332]
> ==================================================================
> [ 21.527408] BUG: KASAN: slab-out-of-bounds in
> nvmet_passthru_execute_cmd_work+0xf94/0x1a80 [nvmet]
> [ 21.527494] Read of size 256 at addr ffff888100be2bc0 by task
> kworker/u17:2/50
>
> [ 21.527580] CPU: 0 UID: 0 PID: 50 Comm: kworker/u17:2 Not tainted
> 6.19.0-rc3-00080-g6c7172c14e92 #37 PREEMPT(voluntary)
> [ 21.527589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
> BIOS 1.16.3-debian-1.16.3-2 04/01/2014
> [ 21.527594] Workqueue: nvmet-wq nvmet_passthru_execute_cmd_work
> [nvmet]
> [ 21.527636] Call Trace:
> [ 21.527639] <TASK>
> [ 21.527643] dump_stack_lvl+0x91/0xf0
> [ 21.527695] print_report+0xd1/0x660
> [ 21.527710] ? __virt_addr_valid+0x23a/0x440
> [ 21.527721] ? kasan_complete_mode_report_info+0x26/0x200
> [ 21.527733] kasan_report+0xf3/0x130
> [ 21.527739] ? nvmet_passthru_execute_cmd_work+0xf94/0x1a80 [nvmet]
> [ 21.527776] ? nvmet_passthru_execute_cmd_work+0xf94/0x1a80 [nvmet]
> [ 21.527816] kasan_check_range+0x11c/0x200
> [ 21.527824] __asan_memcpy+0x23/0x80
> [ 21.527834] nvmet_passthru_execute_cmd_work+0xf94/0x1a80 [nvmet]
I've not seen this, can you try following, from quick look it
from copying subsnqn admin-cmd.c uses strscpy() and passhru-cmd.c uses
memcpy :-
diff --git a/drivers/nvme/target/passthru.c b/drivers/nvme/target/passthru.c
index 96648ec2fadb..67c423a8b052 100644
--- a/drivers/nvme/target/passthru.c
+++ b/drivers/nvme/target/passthru.c
@@ -150,7 +150,7 @@ static u16 nvmet_passthru_override_id_ctrl(struct nvmet_req *req)
* code path with duplicate ctrl subsysnqn. In order to prevent that we
* mask the passthru-ctrl subsysnqn with the target ctrl subsysnqn.
*/
- memcpy(id->subnqn, ctrl->subsys->subsysnqn, sizeof(id->subnqn));
+ strscpy(id->subnqn, ctrl->subsys->subsysnqn, sizeof(id->subnqn));
/* use fabric id-ctrl values */
id->ioccsz = cpu_to_le32((sizeof(struct nvme_command) +
-ck
More information about the Linux-nvme
mailing list