Comment 1 for bug 1650635

Note that the affected system has LRO turn on.

The system crashed on :

#7 [ffff88042d683d30] invalid_op at ffffffff817f900e
[exception RIP: vmxnet3_rq_rx_complete+3016]

which is referring to line 1353 in "drivers/net/vmxnet3/vmxnet3_drv.c" :

0xffffffffc004e448 is in vmxnet3_rq_rx_complete (drivers/net/vmxnet3/vmxnet3_drv.c:1353).
1348 rcd->type == VMXNET3_CDTYPE_RXCOMP_LRO) {
1349 struct Vmxnet3_RxCompDescExt *rcdlro;
1350 rcdlro = (struct Vmxnet3_RxCompDescExt *)rcd;
1351
1352 segCnt = rcdlro->segCnt;
==> 1353 BUG_ON(segCnt <= 1);
1354 mss = rcdlro->mss;
1355 if (unlikely(segCnt <= 1))
1356 segCnt = 0;
1357 } else {

BUG_ON(condition) are used as a debugging help when something in the kernel goes wrong.

The condition here execute BUG_ON if SegCnt is less or equal than (<=) 1.
SegCnt being the "Number of aggregated packets" :

# drivers/net/vmxnet3/vmxnet3_defs.h
u8 segCnt; /* Number of aggregated packets */

Looking at the crashdump I can confirm that at the moment of the crash SegCnt was set to 1 :

crash> * Vmxnet3_RxCompDescExt.segCnt ffff88042933ae00
segCnt = 1 '\001'

According to commit "50219538ffc0493a2b451a3aa0191138ef8bfe9d", segCnt can be 1 for LRO packets and introduce the following change :

- BUG_ON(segCnt <= 1);
+ WARN_ON_ONCE(segCnt == 0);

[2] - commit 50219538ffc0493a2b451a3aa0191138ef8bfe9d
--
Author: Shrikrishna Khare <email address hidden>
Date: Wed Jun 8 07:40:53 2016 -0700

vmxnet3: segCnt can be 1 for LRO packets

The device emulation may send segCnt of 1 for LRO packets.

Signed-off-by: Shrikrishna Khare <email address hidden>
---