usbcore: registered new interface driver smscufx uvesafb: failed to execute /sbin/v86d uvesafb: make sure that the v86d helper is installed and executable uvesafb: Getting VBE info block failed (eax=0x4f00, err=-2) uvesafb: vbe_init() failed with -22 uvesafb: probe of uvesafb.0 failed with error -22 vga16fb: mapped to 0xffff8880000a0000 Console: switching to colour frame buffer device 80x30 fb0: VGA16 VGA frame buffer device input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 ACPI: button: Power Button [PWRF] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 ACPI: button: Sleep Button [SLPF] ACPI: \_SB_.LNKC: Enabled at IRQ 11 virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver ACPI: \_SB_.LNKD: Enabled at IRQ 10 virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver ACPI: \_SB_.LNKB: Enabled at IRQ 10 virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver N_HDLC line discipline registered with maxframe=4096 Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A Non-volatile memory driver v1.3 Linux agpgart interface v0.103 ACPI: bus type drm_connector registered [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 platform vkms: [drm] fb1: vkmsdrmfb frame buffer device usbcore: registered new interface driver udl brd: module loaded loop: module loaded zram: Added device: zram0 null_blk: module loaded Guest personality initialized and is inactive VMCI host device registered (name=vmci, major=10, minor=120) Initialized host personality usbcore: registered new interface driver rtsx_usb usbcore: registered new interface driver viperboard usbcore: registered new interface driver dln2 usbcore: registered new interface driver pn533_usb nfcsim 0.2 initialized usbcore: registered new interface driver port100 usbcore: registered new interface driver nfcmrvl Loading iSCSI transport class v2.0-870. scsi host0: Virtio SCSI HBA ================================================================== BUG: KASAN: slab-out-of-bounds in find_next_bit include/linux/find.h:40 [inline] BUG: KASAN: slab-out-of-bounds in cpumask_next+0xe8/0xf0 lib/cpumask.c:22 Read of size 8 at addr ffff88801a5284f0 by task swapper/0/1 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.16.0-rc5-next-20211217-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0xa5/0x3ed mm/kasan/report.c:255 __kasan_report mm/kasan/report.c:442 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:459 find_next_bit include/linux/find.h:40 [inline] cpumask_next+0xe8/0xf0 lib/cpumask.c:22 blk_mq_virtio_map_queues+0x1a8/0x320 block/blk-mq-virtio.c:38 scsi_map_queues+0x65/0xa0 drivers/scsi/scsi_lib.c:1870 blk_mq_update_queue_map+0x3e3/0x4f0 block/blk-mq.c:4191 blk_mq_alloc_tag_set+0x69d/0x12b0 block/blk-mq.c:4293 scsi_add_host_with_dma.cold+0xe8/0x679 drivers/scsi/hosts.c:232 scsi_add_host include/scsi/scsi_host.h:768 [inline] virtscsi_probe+0x826/0xce0 drivers/scsi/virtio_scsi.c:906 virtio_dev_probe+0x44e/0x760 drivers/virtio/virtio.c:279 call_driver_probe drivers/base/dd.c:517 [inline] really_probe+0x245/0xcc0 drivers/base/dd.c:596 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:751 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:781 __driver_attach+0x22d/0x4e0 drivers/base/dd.c:1140 bus_for_each_dev+0x147/0x1d0 drivers/base/bus.c:301 bus_add_driver+0x41d/0x630 drivers/base/bus.c:618 driver_register+0x220/0x3a0 drivers/base/driver.c:171 is_blacklisted_cpu arch/x86/crypto/twofish_glue_3way.c:110 [inline] init+0xa0/0xf4 arch/x86/crypto/twofish_glue_3way.c:145 do_one_initcall+0x103/0x650 init/main.c:1303 do_initcall_level init/main.c:1378 [inline] do_initcalls init/main.c:1394 [inline] do_basic_setup init/main.c:1413 [inline] kernel_init_freeable+0x6b1/0x73a init/main.c:1618 kernel_init+0x1a/0x1d0 init/main.c:1507 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Allocated by task 0: (stack is not available) The buggy address belongs to the object at ffff88801a5284e0 which belongs to the cache kmalloc-16 of size 16 The buggy address is located 0 bytes to the right of 16-byte region [ffff88801a5284e0, ffff88801a5284f0) The buggy address belongs to the page: page:ffffea0000694a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1a528 flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888010c413c0 raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 8087527040, free_ts 0 prep_new_page mm/page_alloc.c:2433 [inline] get_page_from_freelist+0xa72/0x2f40 mm/page_alloc.c:4164 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5376 __alloc_pages_node include/linux/gfp.h:568 [inline] alloc_slab_page mm/slub.c:1801 [inline] allocate_slab mm/slub.c:1944 [inline] new_slab+0xaf/0x3a0 mm/slub.c:2004 ___slab_alloc+0x6be/0xd60 mm/slub.c:3019 __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3106 slab_alloc_node mm/slub.c:3197 [inline] __kmalloc_node+0x2cb/0x380 mm/slub.c:4467 kmalloc_array_node include/linux/slab.h:677 [inline] blk_mq_alloc_hctx block/blk-mq.c:3517 [inline] blk_mq_alloc_and_init_hctx block/blk-mq.c:3926 [inline] blk_mq_realloc_hw_ctxs+0xb6a/0x1460 block/blk-mq.c:3978 blk_mq_init_allocated_queue+0x3ca/0x1370 block/blk-mq.c:4040 blk_mq_init_queue_data block/blk-mq.c:3874 [inline] __blk_mq_alloc_disk+0xcb/0x1c0 block/blk-mq.c:3894 nbd_dev_add+0x3b2/0xcd0 drivers/block/nbd.c:1765 nbd_init+0x297/0x2a7 drivers/block/nbd.c:2511 do_one_initcall+0x103/0x650 init/main.c:1303 do_initcall_level init/main.c:1378 [inline] do_initcalls init/main.c:1394 [inline] do_basic_setup init/main.c:1413 [inline] kernel_init_freeable+0x6b1/0x73a init/main.c:1618 kernel_init+0x1a/0x1d0 init/main.c:1507 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 page_owner free stack trace missing Memory state around the buggy address: ffff88801a528380: fa fb fc fc fa fb fc fc 00 00 fc fc 00 00 fc fc ffff88801a528400: 00 00 fc fc 00 00 fc fc fa fb fc fc 00 00 fc fc >ffff88801a528480: 00 00 fc fc 00 00 fc fc 00 00 fc fc fc fc fc fc ^ ffff88801a528500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88801a528580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================