usbcore: registered new interface driver smscufx
uvesafb: failed to execute /sbin/v86d
uvesafb: make sure that the v86d helper is installed and executable
uvesafb: Getting VBE info block failed (eax=0x4f00, err=-2)
uvesafb: vbe_init() failed with -22
uvesafb: probe of uvesafb.0 failed with error -22
vga16fb: mapped to 0xffff8880000a0000
Console: switching to colour frame buffer device 80x30
fb0: VGA16 VGA frame buffer device
input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
ACPI: button: Power Button [PWRF]
input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
ACPI: button: Sleep Button [SLPF]
ACPI: \_SB_.LNKC: Enabled at IRQ 11
virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver
ACPI: \_SB_.LNKD: Enabled at IRQ 10
virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver
ACPI: \_SB_.LNKB: Enabled at IRQ 10
virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver
virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver
N_HDLC line discipline registered with maxframe=4096
Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
Non-volatile memory driver v1.3
Linux agpgart interface v0.103
ACPI: bus type drm_connector registered
[drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0
[drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1
platform vkms: [drm] fb1: vkmsdrmfb frame buffer device
usbcore: registered new interface driver udl
brd: module loaded
loop: module loaded
zram: Added device: zram0
null_blk: module loaded
Guest personality initialized and is inactive
VMCI host device registered (name=vmci, major=10, minor=120)
Initialized host personality
usbcore: registered new interface driver rtsx_usb
usbcore: registered new interface driver viperboard
usbcore: registered new interface driver dln2
usbcore: registered new interface driver pn533_usb
nfcsim 0.2 initialized
usbcore: registered new interface driver port100
usbcore: registered new interface driver nfcmrvl
Loading iSCSI transport class v2.0-870.
scsi host0: Virtio SCSI HBA
==================================================================
BUG: KASAN: slab-out-of-bounds in find_next_bit include/linux/find.h:40 [inline]
BUG: KASAN: slab-out-of-bounds in cpumask_next+0xe8/0xf0 lib/cpumask.c:22
Read of size 8 at addr ffff8881474280f0 by task swapper/0/1

CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.16.0-rc5-next-20211217-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
 print_address_description.constprop.0.cold+0xa5/0x3ed mm/kasan/report.c:255
 __kasan_report mm/kasan/report.c:442 [inline]
 kasan_report.cold+0x83/0xdf mm/kasan/report.c:459
 find_next_bit include/linux/find.h:40 [inline]
 cpumask_next+0xe8/0xf0 lib/cpumask.c:22
 blk_mq_virtio_map_queues+0x1a8/0x320 block/blk-mq-virtio.c:38
 scsi_map_queues+0x65/0xa0 drivers/scsi/scsi_lib.c:1870
 blk_mq_update_queue_map+0x3e3/0x4f0 block/blk-mq.c:4191
 blk_mq_alloc_tag_set+0x69d/0x12b0 block/blk-mq.c:4293
 scsi_add_host_with_dma.cold+0xe8/0x679 drivers/scsi/hosts.c:232
 scsi_add_host include/scsi/scsi_host.h:768 [inline]
 virtscsi_probe+0x826/0xce0 drivers/scsi/virtio_scsi.c:906
 virtio_dev_probe+0x44e/0x760 drivers/virtio/virtio.c:279
 call_driver_probe drivers/base/dd.c:517 [inline]
 really_probe+0x245/0xcc0 drivers/base/dd.c:596
 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:751
 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:781
 __driver_attach+0x22d/0x4e0 drivers/base/dd.c:1140
 bus_for_each_dev+0x147/0x1d0 drivers/base/bus.c:301
 bus_add_driver+0x41d/0x630 drivers/base/bus.c:618
 driver_register+0x220/0x3a0 drivers/base/driver.c:171
 is_blacklisted_cpu arch/x86/crypto/twofish_glue_3way.c:110 [inline]
 init+0xa0/0xf4 arch/x86/crypto/twofish_glue_3way.c:145
 do_one_initcall+0x103/0x650 init/main.c:1303
 do_initcall_level init/main.c:1378 [inline]
 do_initcalls init/main.c:1394 [inline]
 do_basic_setup init/main.c:1413 [inline]
 kernel_init_freeable+0x6b1/0x73a init/main.c:1618
 kernel_init+0x1a/0x1d0 init/main.c:1507
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>

Allocated by task 0:
(stack is not available)

The buggy address belongs to the object at ffff8881474280e0
 which belongs to the cache kmalloc-16 of size 16
The buggy address is located 0 bytes to the right of
 16-byte region [ffff8881474280e0, ffff8881474280f0)
The buggy address belongs to the page:
page:ffffea00051d0a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x147428
flags: 0x57ff00000000200(slab|node=1|zone=2|lastcpupid=0x7ff)
raw: 057ff00000000200 0000000000000000 dead000000000122 ffff888010c413c0
raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 8391354692, free_ts 0
 prep_new_page mm/page_alloc.c:2433 [inline]
 get_page_from_freelist+0xa72/0x2f40 mm/page_alloc.c:4164
 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5376
 alloc_page_interleave+0x1e/0x200 mm/mempolicy.c:2116
 alloc_pages+0x2b1/0x310 mm/mempolicy.c:2266
 alloc_slab_page mm/slub.c:1799 [inline]
 allocate_slab mm/slub.c:1944 [inline]
 new_slab+0x28d/0x3a0 mm/slub.c:2004
 ___slab_alloc+0x6be/0xd60 mm/slub.c:3019
 __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3106
 slab_alloc_node mm/slub.c:3197 [inline]
 slab_alloc mm/slub.c:3239 [inline]
 __kmalloc_track_caller+0x2e7/0x320 mm/slub.c:4925
 kstrdup+0x36/0x70 mm/util.c:60
 kstrdup_const+0x53/0x80 mm/util.c:83
 __kernfs_new_node+0x9d/0x8b0 fs/kernfs/dir.c:581
 kernfs_new_node fs/kernfs/dir.c:647 [inline]
 kernfs_create_dir_ns+0x9c/0x220 fs/kernfs/dir.c:994
 sysfs_create_dir_ns+0x128/0x290 fs/sysfs/dir.c:59
 create_dir lib/kobject.c:89 [inline]
 kobject_add_internal+0x2d2/0xa60 lib/kobject.c:255
 kobject_add_varg lib/kobject.c:390 [inline]
 kobject_add+0x150/0x1c0 lib/kobject.c:442
 device_add+0x366/0x1ee0 drivers/base/core.c:3325
page_owner free stack trace missing

Memory state around the buggy address:
 ffff888147427f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
 ffff888147428000: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc
>ffff888147428080: 00 00 fc fc 00 00 fc fc 00 00 fc fc fc fc fc fc
                                                             ^
 ffff888147428100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888147428180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================