[  379.584696] nipa-hw-worker: [35/43] Retrying drivers/net/hw:rss_ctx.py
[  379.722377] kselftest: Running tests in drivers/net/hw
[  380.536730] ==================================================================
[  380.545646] BUG: KASAN: slab-use-after-free in i40e_free_q_vector+0x2c2/0x380
[  380.554453] Write of size 8 at addr ff11000199e71cf8 by task ethtool/8973
[  380.562862] 
[  380.565322] CPU: 4 UID: 0 PID: 8973 Comm: ethtool Not tainted 7.0.0-pint-g76749529b548 #1 PREEMPT(full) 
[  380.565325] Hardware name: Giga Computing E163-Z34-AAH1-000/MZ33-DC1-000, BIOS R29_F43 10/23/2025
[  380.565327] Call Trace:
[  380.565328]  <TASK>
[  380.565329]  dump_stack_lvl+0x6f/0xa0
[  380.565335]  print_address_description.constprop.0+0x73/0x300
[  380.565340]  print_report+0xfc/0x1fa
[  380.565342]  ? __virt_addr_valid+0x102/0x440
[  380.565345]  ? __virt_addr_valid+0x1da/0x440
[  380.565347]  kasan_report+0x108/0x130
[  380.565351]  ? i40e_free_q_vector+0x2c2/0x380
[  380.565353]  ? i40e_free_q_vector+0x2c2/0x380
[  380.565356]  i40e_free_q_vector+0x2c2/0x380
[  380.565358]  i40e_vsi_reinit_setup+0x20b/0xbc0
[  380.565360]  ? i40e_pf_reset_stats+0x14f/0x280
[  380.565362]  i40e_setup_pf_switch+0x90f/0xf90
[  380.565366]  i40e_rebuild+0x506/0x14b0
[  380.565368]  ? i40e_clear_hw+0x570/0x570
[  380.565370]  ? __lock_release.isra.0+0x6b/0x1a0
[  380.565373]  ? rcu_is_watching+0x15/0xd0
[  380.565375]  ? i40e_setup_pf_switch+0xf90/0xf90
[  380.565377]  ? i40e_pf_reset+0x1b0/0x450
[  380.565379]  ? i40e_reset+0x19/0x70
[  380.565381]  i40e_reconfig_rss_queues+0x35d/0x620
[  380.565384]  i40e_set_channels+0x332/0x470
[  380.565386]  ? netdev_queue_busy+0x26/0x150
[  380.565390]  ethnl_set_channels+0x677/0xa20
[  380.565394]  ? ethnl_set_channels_validate+0x100/0x100
[  380.565397]  ? lockdep_hardirqs_on_prepare.part.0+0x9a/0x160
[  380.565399]  ? lockdep_hardirqs_on+0x8c/0x130
[  380.565402]  ? _raw_spin_unlock_irqrestore+0x53/0x80
[  380.565404]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  380.565406]  ethnl_default_set_doit+0x32e/0x900
[  380.565409]  genl_family_rcv_msg_doit+0x206/0x300
[  380.565412]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[  380.565414]  ? selinux_inode_free_security+0x330/0x330
[  380.565419]  genl_family_rcv_msg+0x3a4/0x640
[  380.565422]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[  380.565423]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[  380.565425]  ? ethnl_notify+0x180/0x180
[  380.565427]  ? __lock_acquire+0x508/0xc10
[  380.565430]  genl_rcv_msg+0xbb/0x160
[  380.565432]  netlink_rcv_skb+0x14e/0x3a0
[  380.565434]  ? genl_family_rcv_msg+0x640/0x640
[  380.565436]  ? netlink_ack+0xcd0/0xcd0
[  380.565439]  ? netlink_deliver_tap+0xc5/0x330
[  380.565441]  ? netlink_deliver_tap+0x13c/0x330
[  380.565443]  genl_rcv+0x28/0x40
[  380.565444]  netlink_unicast+0x47c/0x740
[  380.565447]  ? netlink_attachskb+0x800/0x800
[  380.565448]  ? sock_has_perm+0x283/0x3f0
[  380.565451]  netlink_sendmsg+0x75b/0xc90
[  380.565453]  ? netlink_unicast+0x740/0x740
[  380.565455]  ? __might_fault+0x97/0x140
[  380.565459]  ? __might_fault+0x97/0x140
[  380.565461]  __sock_sendmsg+0xca/0x180
[  380.565464]  ? move_addr_to_kernel+0x36/0xf0
[  380.565467]  __sys_sendto+0x275/0x330
[  380.565469]  ? mark_usage+0x61/0x170
[  380.565471]  ? __ia32_sys_getpeername+0xd0/0xd0
[  380.565474]  ? __lock_release.isra.0+0x6b/0x1a0
[  380.565476]  ? count_memcg_events+0x13b/0x540
[  380.565480]  ? exc_page_fault+0x7e/0xf0
[  380.565482]  __x64_sys_sendto+0xe4/0x1f0
[  380.565484]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  380.565488]  ? lockdep_hardirqs_on+0x8c/0x130
[  380.565489]  ? do_syscall_64+0x82/0x650
[  380.565491]  do_syscall_64+0xf3/0x650
[  380.565493]  ? trace_hardirqs_off+0xd/0x30
[  380.565494]  ? exc_page_fault+0xda/0xf0
[  380.565496]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  380.565499] RIP: 0033:0x7f6ec57b122e
[  380.565502] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  380.565504] RSP: 002b:00007fff8ba47710 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[  380.565508] RAX: ffffffffffffffda RBX: 000056543e8c5010 RCX: 00007f6ec57b122e
[  380.565509] RDX: 0000000000000030 RSI: 000056543e8c5120 RDI: 0000000000000003
[  380.565510] RBP: 00007fff8ba47720 R08: 00007f6ec593f980 R09: 000000000000000c
[  380.565511] R10: 0000000000000000 R11: 0000000000000202 R12: 000056543e8c5120
[  380.565512] R13: 000056543e8c50b0 R14: 0000000000000000 R15: 000056541a399e60
[  380.565514]  </TASK>
[  380.565515] 
[  381.054123] Allocated by task 8772:
[  381.058824]  kasan_save_stack+0x2f/0x50
[  381.063915]  kasan_save_track+0x14/0x30
[  381.069008]  __kasan_kmalloc+0x7b/0x90
[  381.074002]  __kmalloc_noprof+0x2ff/0x820
[  381.079290]  i40e_alloc_rings+0x496/0x12d0
[  381.084677]  i40e_vsi_reinit_setup+0x5d9/0xbc0
[  381.090452]  i40e_setup_pf_switch+0x90f/0xf90
[  381.096132]  i40e_rebuild+0x506/0x14b0
[  381.101128]  i40e_reconfig_rss_queues+0x35d/0x620
[  381.107187]  i40e_set_channels+0x332/0x470
[  381.112572]  ethnl_set_channels+0x677/0xa20
[  381.118056]  ethnl_default_set_doit+0x32e/0x900
[  381.123921]  genl_family_rcv_msg_doit+0x206/0x300
[  381.129989]  genl_family_rcv_msg+0x3a4/0x640
[  381.135571]  genl_rcv_msg+0xbb/0x160
[  381.140372]  netlink_rcv_skb+0x14e/0x3a0
[  381.145561]  genl_rcv+0x28/0x40
[  381.149874]  netlink_unicast+0x47c/0x740
[  381.155065]  netlink_sendmsg+0x75b/0xc90
[  381.160256]  __sock_sendmsg+0xca/0x180
[  381.165250]  __sys_sendto+0x275/0x330
[  381.170149]  __x64_sys_sendto+0xe4/0x1f0
[  381.175340]  do_syscall_64+0xf3/0x650
[  381.180238]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  381.186696] 
[  381.189156] Freed by task 289:
[  381.193371]  kasan_save_stack+0x2f/0x50
[  381.198463]  kasan_save_track+0x14/0x30
[  381.203556]  kasan_save_free_info+0x3b/0x60
[  381.209039]  __kasan_slab_free+0x43/0x70
[  381.214231]  kmem_cache_free_bulk.part.0+0x1dd/0x4f0
[  381.220590]  kvfree_rcu_bulk+0x1f1/0x240
[  381.225782]  kfree_rcu_monitor+0x215/0x400
[  381.231162]  process_one_work+0xdf5/0x1410
[  381.236547]  worker_thread+0x4f1/0xd60
[  381.241542]  kthread+0x364/0x460
[  381.245953]  ret_from_fork+0x4a4/0x720
[  381.250949]  ret_from_fork_asm+0x11/0x20
[  381.256138] 
[  381.258597] Last potentially related work creation:
[  381.264859]  kasan_save_stack+0x2f/0x50
[  381.269953]  kasan_record_aux_stack+0x9b/0xc0
[  381.275630]  kvfree_call_rcu+0x7e/0x5b0
[  381.280723]  i40e_vsi_clear_rings+0x157/0x3e0
[  381.286403]  i40e_vsi_reinit_setup+0x1ba/0xbc0
[  381.292169]  i40e_setup_pf_switch+0x90f/0xf90
[  381.297848]  i40e_rebuild+0x506/0x14b0
[  381.302836]  i40e_reconfig_rss_queues+0x35d/0x620
[  381.308902]  i40e_set_channels+0x332/0x470
[  381.314289]  ethnl_set_channels+0x677/0xa20
[  381.319762]  ethnl_default_set_doit+0x32e/0x900
[  381.325635]  genl_family_rcv_msg_doit+0x206/0x300
[  381.331705]  genl_family_rcv_msg+0x3a4/0x640
[  381.337285]  genl_rcv_msg+0xbb/0x160
[  381.342083]  netlink_rcv_skb+0x14e/0x3a0
[  381.347272]  genl_rcv+0x28/0x40
[  381.351584]  netlink_unicast+0x47c/0x740
[  381.356773]  netlink_sendmsg+0x75b/0xc90
[  381.361965]  __sock_sendmsg+0xca/0x180
[  381.366960]  __sys_sendto+0x275/0x330
[  381.371857]  __x64_sys_sendto+0xe4/0x1f0
[  381.377048]  do_syscall_64+0xf3/0x650
[  381.381936]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  381.388395] 
[  381.390845] The buggy address belongs to the object at ff11000199e71c00\x0a which belongs to the cache kmalloc-1k of size 1024
[  381.406473] The buggy address is located 248 bytes inside of\x0a freed 1024-byte region [ff11000199e71c00, ff11000199e72000)
[  381.421906] 
[  381.424364] The buggy address belongs to the physical page:
[  381.431405] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x199e70
[  381.441182] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  381.450567] flags: 0x200000000000040(head|node=0|zone=2)
[  381.457319] page_type: f5(slab)
[  381.461635] raw: 0200000000000040 ff110001000510c0 ffd4000005ec7c10 ffd4000006609610
[  381.471115] raw: 0000000000000000 00000008000a000a 00000000f5000000 0000000000000000
[  381.480597] head: 0200000000000040 ff110001000510c0 ffd4000005ec7c10 ffd4000006609610
[  381.490168] head: 0000000000000000 00000008000a000a 00000000f5000000 0000000000000000
[  381.499748] head: 0200000000000003 ffd4000006679c01 00000000ffffffff 00000000ffffffff
[  381.509329] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  381.518910] page dumped because: kasan: bad access detected
[  381.525953] 
[  381.528413] Memory state around the buggy address:
[  381.534577]  ff11000199e71b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  381.543475]  ff11000199e71c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  381.552369] >ff11000199e71c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  381.561266]                                                                 ^
[  381.570067]  ff11000199e71d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  381.578961]  ff11000199e71d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  381.587856] ==================================================================
[  381.596828] Disabling lock debugging due to kernel taint
[  381.620715] i40e 0000:e1:00.0: User requested queue count/HW max RSS count:  2/32
 SUBSYSTEM=pci
 DEVICE=+pci:0000:e1:00.0
[  381.886336] i40e 0000:e1:00.0: User requested queue count/HW max RSS count:  32/32
 SUBSYSTEM=pci
 DEVICE=+pci:0000:e1:00.0