[  846.788630][   T52] fbnic 0000:01:00.0 enp1s0: Link is Down
[  846.796073][ T3986] fbnic 0000:01:00.0 enp1s0: configuring for inband/laui link mode
[  846.993713][ T3987] fbnic 0000:01:00.0 enp1s0: configuring for inband/laui link mode
[  858.281625][ T3993] ==================================================================
[  858.282028][ T3993] BUG: KASAN: slab-use-after-free in xsk_bind+0x1560/0x1a60
[  858.282268][ T3993] Read of size 4 at addr ffff888006b2d17c by task xdp_helper/3993
[  858.282507][ T3993] 
[  858.282593][ T3993] CPU: 2 UID: 0 PID: 3993 Comm: xdp_helper Not tainted 6.16.0-rc7-virtme #1 PREEMPT(full) 
[  858.282599][ T3993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  858.282601][ T3993] Call Trace:
[  858.282604][ T3993]  <TASK>
[  858.282606][ T3993]  dump_stack_lvl+0x82/0xd0
[  858.282611][ T3993]  print_address_description.constprop.0+0x2c/0x390
[  858.282618][ T3993]  ? xsk_bind+0x1560/0x1a60
[  858.282622][ T3993]  print_report+0xb4/0x270
[  858.282626][ T3993]  ? xsk_bind+0x1560/0x1a60
[  858.282629][ T3993]  ? kasan_addr_to_slab+0x25/0x80
[  858.282633][ T3993]  ? xsk_bind+0x1560/0x1a60
[  858.282636][ T3993]  kasan_report+0xca/0x100
[  858.282640][ T3993]  ? xsk_bind+0x1560/0x1a60
[  858.282646][ T3993]  xsk_bind+0x1560/0x1a60
[  858.282651][ T3993]  ? __pfx_xsk_bind+0x10/0x10
[  858.282656][ T3993]  ? __might_fault+0x11b/0x170
[  858.282663][ T3993]  __sys_bind+0x15e/0x230
[  858.282669][ T3993]  ? __pfx___sys_bind+0x10/0x10
[  858.282673][ T3993]  ? vm_mmap_pgoff+0x1d0/0x2e0
[  858.282680][ T3993]  ? __sys_setsockopt+0xec/0x160
[  858.282686][ T3993]  __x64_sys_bind+0x72/0xb0
[  858.282689][ T3993]  ? lockdep_hardirqs_on+0x7c/0x110
[  858.282693][ T3993]  do_syscall_64+0xc1/0x380
[  858.282698][ T3993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  858.282702][ T3993] RIP: 0033:0x7f5c6bb8ed3b
[  858.282706][ T3993] Code: c3 66 0f 1f 44 00 00 48 8b 15 b9 90 0e 00 f7 d8 64 89 02 b8 ff ff ff ff eb bc 0f 1f 44 00 00 f3 0f 1e fa b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 90 0e 00 f7 d8 64 89 01 48
[  858.282709][ T3993] RSP: 002b:00007ffdb63426c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000031
[  858.282713][ T3993] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5c6bb8ed3b
[  858.282716][ T3993] RDX: 0000000000000010 RSI: 00007ffdb63426e0 RDI: 0000000000000003
[  858.282718][ T3993] RBP: 0000000000000003 R08: 0000000000000004 R09: 0000000000000000
[  858.282720][ T3993] R10: 00007f5c6ba8fd68 R11: 0000000000000202 R12: 0000000000000000
[  858.282721][ T3993] R13: 00007f5c6ba6c000 R14: 00007ffdb6342858 R15: 0000000000000003
[  858.282728][ T3993]  </TASK>
[  858.282729][ T3993] 
[  858.288879][ T3993] Allocated by task 3991:
[  858.288999][ T3993]  kasan_save_stack+0x24/0x50
[  858.289162][ T3993]  kasan_save_track+0x14/0x30
[  858.289323][ T3993]  __kasan_kmalloc+0x7f/0x90
[  858.289484][ T3993]  __kmalloc_noprof+0x1d4/0x470
[  858.289646][ T3993]  fbnic_alloc_napi_vector+0xfd/0x1470
[  858.289809][ T3993]  fbnic_alloc_napi_vectors+0x18c/0x260
[  858.289969][ T3993]  __fbnic_open+0x44/0x180
[  858.290130][ T3993]  fbnic_open+0x4b/0x80
[  858.290254][ T3993]  __dev_open+0x22b/0x680
[  858.290385][ T3993]  __dev_change_flags+0x467/0x6c0
[  858.290546][ T3993]  netif_change_flags+0x80/0x160
[  858.290706][ T3993]  do_setlink.constprop.0+0x98a/0x2650
[  858.290866][ T3993]  rtnl_newlink+0x69a/0xa60
[  858.291030][ T3993]  rtnetlink_rcv_msg+0x710/0xc00
[  858.291191][ T3993]  netlink_rcv_skb+0x124/0x350
[  858.291352][ T3993]  netlink_unicast+0x4b3/0x790
[  858.291512][ T3993]  netlink_sendmsg+0x721/0xbe0
[  858.291676][ T3993]  ____sys_sendmsg+0x7aa/0xa10
[  858.291836][ T3993]  ___sys_sendmsg+0xed/0x170
[  858.291998][ T3993]  __sys_sendmsg+0x10b/0x1a0
[  858.292160][ T3993]  do_syscall_64+0xc1/0x380
[  858.292320][ T3993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  858.292518][ T3993] 
[  858.292603][ T3993] Freed by task 3991:
[  858.292727][ T3993]  kasan_save_stack+0x24/0x50
[  858.292890][ T3993]  kasan_save_track+0x14/0x30
[  858.293049][ T3993]  kasan_save_free_info+0x3b/0x60
[  858.293208][ T3993]  __kasan_slab_free+0x38/0x50
[  858.293370][ T3993]  kfree+0x144/0x320
[  858.293490][ T3993]  fbnic_free_napi_vectors+0x482/0x5f0
[  858.293651][ T3993]  __fbnic_open+0x88/0x180
[  858.293810][ T3993]  fbnic_open+0x4b/0x80
[  858.293930][ T3993]  __dev_open+0x22b/0x680
[  858.294055][ T3993]  __dev_change_flags+0x467/0x6c0
[  858.294215][ T3993]  netif_change_flags+0x80/0x160
[  858.294377][ T3993]  do_setlink.constprop.0+0x98a/0x2650
[  858.294537][ T3993]  rtnl_newlink+0x69a/0xa60
[  858.294699][ T3993]  rtnetlink_rcv_msg+0x710/0xc00
[  858.294858][ T3993]  netlink_rcv_skb+0x124/0x350
[  858.295017][ T3993]  netlink_unicast+0x4b3/0x790
[  858.295175][ T3993]  netlink_sendmsg+0x721/0xbe0
[  858.295335][ T3993]  ____sys_sendmsg+0x7aa/0xa10
[  858.295498][ T3993]  ___sys_sendmsg+0xed/0x170
[  858.295658][ T3993]  __sys_sendmsg+0x10b/0x1a0
[  858.295820][ T3993]  do_syscall_64+0xc1/0x380
[  858.295980][ T3993]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  858.296175][ T3993] 
[  858.296256][ T3993] The buggy address belongs to the object at ffff888006b2d000
[  858.296256][ T3993]  which belongs to the cache kmalloc-2k of size 2048
[  858.296654][ T3993] The buggy address is located 380 bytes inside of
[  858.296654][ T3993]  freed 2048-byte region [ffff888006b2d000, ffff888006b2d800)
[  858.297033][ T3993] 
[  858.297119][ T3993] The buggy address belongs to the physical page:
[  858.297313][ T3993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6b28
[  858.297601][ T3993] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  858.297844][ T3993] flags: 0x80000000000040(head|node=0|zone=1)
[  858.298050][ T3993] page_type: f5(slab)
[  858.298175][ T3993] raw: 0080000000000040 ffff888001043240 ffffea0000201610 ffffea000081d210
[  858.298466][ T3993] raw: 0000000000000000 0000000000050005 00000000f5000000 0000000000000000
[  858.298758][ T3993] head: 0080000000000040 ffff888001043240 ffffea0000201610 ffffea000081d210
[  858.299046][ T3993] head: 0000000000000000 0000000000050005 00000000f5000000 0000000000000000
[  858.299330][ T3993] head: 0080000000000003 ffffea00001aca01 00000000ffffffff 00000000ffffffff
[  858.299611][ T3993] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  858.299897][ T3993] page dumped because: kasan: bad access detected
[  858.300094][ T3993] 
[  858.300175][ T3993] Memory state around the buggy address:
[  858.300329][ T3993]  ffff888006b2d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  858.300560][ T3993]  ffff888006b2d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  858.300793][ T3993] >ffff888006b2d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  858.301022][ T3993]                                                                 ^
[  858.301247][ T3993]  ffff888006b2d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  858.301476][ T3993]  ffff888006b2d200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  858.301709][ T3993] ==================================================================
[  858.301975][ T3993] Disabling lock debugging due to kernel taint