netvsp: handle guest-triggered WorkerErrors instead of tearing down

[erfrimod]

Several error paths in the netvsp worker would propagate errors up as WorkerError, causing the VMM to tear down the network adapter connection when a guest sent malformed or unexpected data. These are guest inputs that cause netvsp to stop processing packets.

• Malformed packets are skipped with rate-limited tracing.
• Invalid RNDIS packet completions are traced and skipped.
• Failing a receive/send buffer setup sends guest a FAILURE status and continues, possibly allowing the guest to retry.
• Unexpected packets are traced at warn level and skipped.
• RNDIS control message failures are traced, free the allocated buffers, and skip the message.
  • RNDIS INIT message is a special case, where it attempts to send a VF notification after sending the guest INIT complete. For the VF notification failures, we trace and then skip freeing buffers.

[Copilot]

Pull request overview

This PR hardens the netvsp worker against malformed or unexpected guest inputs by converting several previously-fatal WorkerError paths into “trace + skip” handling, preventing the VMM from tearing down the network channel due to guest-triggered protocol issues.

Changes:

• Skip malformed packets during ring draining with rate-limited logging instead of failing the worker.
• Treat invalid/duplicate RNDIS packet completions and unexpected packet types as non-fatal (rate-limited) events.
• When send/receive buffer setup fails during initialization, send FAILURE completions to the guest and continue to allow retries; adjust RNDIS control message error handling to free buffers where appropriate.

[github-actions]

2 Petri tests failed (2 unstable)