blktests failures with v7.0-rc1 kernel

John Garry john.g.garry at oracle.com
Tue Mar 3 13:55:16 PST 2026 

On 03/03/2026 19:48, Chaitanya Kulkarni wrote:
> On 2/26/26 01:18, John Garry wrote:
>> JFYI, I saw this splat for nvme/033 on nvme-7.0 branch *:
>>
>> [   15.525025] systemd-journald[347]:
>> /var/log/journal/89df182291654cc0b051327dd5a58135/user-1000.journal:
>> Journal file uses a different sequence number ID, rotating.
>> [   21.339287] run blktests nvme/033 at 2026-02-26 08:45:20
>> [   21.522168] nvmet: Created nvm controller 1 for subsystem
>> blktests-subsystem-1 for NQN
>> nqn.2014-08.org.nvmexpress:uuid:0f01fb42-9f7f-4856-b0b3-51e60b8de349.
>> [   21.527332]
>> ==================================================================
>> [   21.527408] BUG: KASAN: slab-out-of-bounds in
>> nvmet_passthru_execute_cmd_work+0xf94/0x1a80 [nvmet]
>> [   21.527494] Read of size 256 at addr ffff888100be2bc0 by task
>> kworker/u17:2/50
>>
>> [   21.527580] CPU: 0 UID: 0 PID: 50 Comm: kworker/u17:2 Not tainted
>> 6.19.0-rc3-00080-g6c7172c14e92 #37 PREEMPT(voluntary)
>> [   21.527589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
>> BIOS 1.16.3-debian-1.16.3-2 04/01/2014
>> [   21.527594] Workqueue: nvmet-wq nvmet_passthru_execute_cmd_work
>> [nvmet]
>> [   21.527636] Call Trace:
>> [   21.527639]  <TASK>
>> [   21.527643]  dump_stack_lvl+0x91/0xf0
>> [   21.527695]  print_report+0xd1/0x660
>> [   21.527710]  ? __virt_addr_valid+0x23a/0x440
>> [   21.527721]  ? kasan_complete_mode_report_info+0x26/0x200
>> [   21.527733]  kasan_report+0xf3/0x130
>> [   21.527739]  ? nvmet_passthru_execute_cmd_work+0xf94/0x1a80 [nvmet]
>> [   21.527776]  ? nvmet_passthru_execute_cmd_work+0xf94/0x1a80 [nvmet]
>> [   21.527816]  kasan_check_range+0x11c/0x200
>> [   21.527824]  __asan_memcpy+0x23/0x80
>> [   21.527834]  nvmet_passthru_execute_cmd_work+0xf94/0x1a80 [nvmet]
> 
> I've not seen this, can you try following, from quick look it
> from copying subsnqn admin-cmd.c uses strscpy() and passhru-cmd.c uses
> memcpy :-
> 
> diff --git a/drivers/nvme/target/passthru.c b/drivers/nvme/target/passthru.c
> index 96648ec2fadb..67c423a8b052 100644
> --- a/drivers/nvme/target/passthru.c
> +++ b/drivers/nvme/target/passthru.c
> @@ -150,7 +150,7 @@ static u16 nvmet_passthru_override_id_ctrl(struct nvmet_req *req)
>    	 * code path with duplicate ctrl subsysnqn. In order to prevent that we
>    	 * mask the passthru-ctrl subsysnqn with the target ctrl subsysnqn.
>    	 */
> -	memcpy(id->subnqn, ctrl->subsys->subsysnqn, sizeof(id->subnqn));
> +	strscpy(id->subnqn, ctrl->subsys->subsysnqn, sizeof(id->subnqn));


Yeah, AFAICS, this same change is in mainline as an nvme fix, but it was 
not in the nvme 7.0 branch.

Thanks for checking

More information about the Linux-nvme mailing list