vhost: initialize vq->nheads properly

Commit 7918bb2 ("vhost: basic in order support") introduces
vq->nheads to store the number of batched used buffers per used elem
but it forgets to initialize the vq->nheads to NULL in
vhost_dev_init() this will cause kfree() that would try to free it
without be allocated if SET_OWNER is not called.

Reported-by: JAEHOON KIM <jhkim@linux.ibm.com>
Reported-by: Breno Leitao <leitao@debian.org>
Fixes: 45347e7 ("vhost: basic in order support")
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20250729073916.80647-1-jasowang@redhat.com>
Reviewed-by: Dawid Osuchowski <dawid.osuchowski@linux.intel.com>
Tested-by: Breno Leitao <leitao@debian.org>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Tested-by: Jaehoon Kim <jhkim@linux.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Author: jasowang

drivers/vhost/vhost.c

@@ -615,6 +615,7 @@ void vhost_dev_init(struct vhost_dev *dev,
 		vq->log = NULL;
 		vq->indirect = NULL;
 		vq->heads = NULL;
+		vq->nheads = NULL;
 		vq->dev = dev;
 		mutex_init(&vq->mutex);
 		vhost_vq_reset(dev, vq);