microsoft · benhillis · Feb 10, 2026 · Apr 8, 2026 · Copilot · Apr 8, 2026
@@ -1305,7 +1305,29 @@ impl Worker {
 
     fn complete_tx_packet(&mut self, id: TxId) -> Result<(), WorkerError> {
         let state = &mut self.active_state;
-        let tx_packet = state.pending_tx_packets[id.0 as usize].take().unwrap();
+        let idx = id.0 as usize;
+        let pending_len = state.pending_tx_packets.len();
-        let idx = id.0 as usize;
-        let pending_len = state.pending_tx_packets.len();
+        let pending_len = state.pending_tx_packets.len();
+        let Ok(idx) = usize::try_from(id.0) else {
+            tracelimit::error_ratelimited!(
+                tx_id = id.0,
+                pending_tx_packets_len = pending_len,
+                "unexpected tx completion for out-of-range packet"
+            );
+            return Ok(());
+        };
-        let idx = id.0 as usize;
-        let pending_len = state.pending_tx_packets.len();
+        let pending_len = state.pending_tx_packets.len();
+        let Ok(idx) = usize::try_from(id.0) else {
+            tracelimit::error_ratelimited!(
+                tx_id = id.0,
+                pending_tx_packets_len = pending_len,
+                "unexpected tx completion for out-of-range packet"
+            );
+            return Ok(());
+        };
+
+        let Some(slot) = state.pending_tx_packets.get_mut(idx) else {
+            tracelimit::error_ratelimited!(
+                tx_id = id.0,
+                tx_index = idx,
+                pending_tx_packets_len = pending_len,
+                "unexpected tx completion for out-of-range packet"
+            );
+            return Ok(());
-            return Ok(());
+            return Err(anyhow::anyhow!(
+                "unexpected tx completion for out-of-range packet: tx_id={}, tx_index={}, pending_tx_packets_len={}",
+                id.0,
+                idx,
+                pending_len
+            )
+            .into());
-            return Ok(());
+            return Err(anyhow::anyhow!(
+                "unexpected tx completion for out-of-range packet: tx_id={}, tx_index={}, pending_tx_packets_len={}",
+                id.0,
+                idx,
+                pending_len
+            )
+            .into());
+        };
+
+        let Some(tx_packet) = slot.take() else {
+            tracelimit::error_ratelimited!(
+                tx_id = id.0,
+                tx_index = idx,
+                pending_tx_packets_len = pending_len,
+                "unexpected tx completion for already-completed packet"
+            );
+            return Ok(());
+        };
+
         self.virtio_state.tx_queue.complete(tx_packet.work, 0);
         self.active_state.stats.tx_packets.increment();
         Ok(())