On 01/30/2017 11:47 AM, Vineeth Remanan Pillai wrote: > >> 2. It tickles a latent bug during resume where the timer triggers >> before we re-connect. The trouble is that we now try to dereference >> queue->rx.sring which is NULL since we disconnect in >> netfront_resume(). (Curiously, I only observe it with 32-bit guests) > I think we may hit this bug after removing the timer as well. We call > RING_PUSH_REQUESTS_AND_CHECK_NOTIFY soon after, which also dereference > queue->rx.sring.
If the timer is deleted in xennet_disconnect_backend() then why would anyone be pushing anything to the backend after that? -boris
