Chapter 8. Known Issues
This chapter documents known problems in Red Hat Enterprise Linux 7.
8.1. Compiler and Tools
GCC thread sanitizer included in RHEL no longer works
Due to incompatible changes in kernel memory mapping, the thread sanitizer included with the GNU C Compiler (GCC) compiler version in RHEL no longer works. Additionally, the thread sanitizer cannot be adapted to the incompatible memory layout. As a result, it is no longer possible to use the GCC thread sanitizer included with RHEL.
As a workaround, use the version of GCC included in Red Hat Developer Toolset to build code which uses the thread sanitizer.
radeon driver fails to reset hardware correctly in the kexec context
When booting a kernel from the currently running kernel, such as when performing the kdump process, the
radeon kernel driver currently does not properly reset hardware. Instead,
radeon terminates unexpectedly, which causes the rest of the kdump service to fail.
To work around this bug, blacklist
radeon in kdump by adding the following line to the
dracut_args --omit-drivers "radeon"
Afterwards, restart the machine and kdump.
Note that in this scenario, no graphics will be available during kdump, but kdump will complete successfully.
8.3. File Systems
System boot might fail due to persistent memory file systems
Systems with a large amount of persistent memory take a long time to boot. If the
/etc/fstab file configures persistent memory file systems, the system might time out waiting for the devices to become available. The boot process then fails and presents the user with an emergency prompt.
To work around the problem, increase the
DefaultTimeoutStartSec value in the
/etc/systemd/system.conf file. Use a sufficiently large value, such as
1200s. As a result, the system boot no longer times out.
8.4. Installation and Booting
RHEL 7.7 and later installations add
spectre_v2=retpoline to Intel Cascade Lake systems
RHEL 7.7 and later installations add the
spectre_v2=retpoline kernel parameter to Intel Cascade Lake systems, and as a consequence, system performance is affected. To work around this problem and ensure the best performance, complete the following steps.
Remove the kernel boot parameter on Intel Cascade Lake systems:
# grubby --remove-args="spectre_v2=retpoline" --update-kernel=DEFAULT
Reboot the system:
iSCSI installation failing with Emulex OneConnect card
After connecting an Emulex OneConnect card and configuring it for iSCSI boot, when you start the RHEL installation, the Anaconda installer returns an exception and the installation terminates unexpectedly.
To work around this problem, add the
rd.iscsi.firmware parameter to the boot command line post installation and you will be able to successfully boot into RHEL. However, note that the boot process with this workaround takes a little longer.
The system boot sometimes fails on large systems
During the boot process, the
udev device manager sometimes generates too many rules on large systems. For example, the problem has manifested on a system with 32 TB of memory and 192 CPUs. As a consequence, the boot process becomes unresponsive or times out and switches to the emergency shell.
To work around the problem, increase the
udev.children-max=1000option to the kernel command line in the
/etc/default/grubfile. You can experiment with different values of
udev.children-maxto see which value results in the fastest boot on your system.
udev.children-maxvalue for the
udev.children-maxoption to the
KDUMP_COMMANDLINE_REMOVEline in the
If you do not specify the
kdumpoption, the system might enter emergency mode after a
fadumpcapture on IBM POWER systems.
# systemctl restart kdump
As a result, the system boots successfully.
mirror segment type causes system deadlock in stacked configurations
The usage of the
mirror segment type and putting any logical volumes on top of it causes system deadlock in stacked configurations. To work around this problem, Red Hat recommends using RAID 1 logical volumes with segment type
mirror devices to
raid1, see Converting a Mirrored LVM Device to a RAID1 Device.
zlib compression format may slow down a vmcore capture
kdump configuration file uses the
lzo compression format (
makedumpfile -l) by default. Modification of the configuration file to use the
zlib compression format (
makedumpfile -c) is likely to bring a better compression factor at the expense of slowing down the vmcore capture process. As a consequence, it may take
kdump approximately 4 times longer to capture a vmcore when
zlib is used as compared to
lzo. As a result, Red Hat recommends that you use the default
lzo for cases where speed is the main driving factor. However, if the target machine is low on available space,
zlib is a better option.
It is not possible to configure the
NONE value in the
When using the
echo commands to turn off an assigned logger, a nul-character is not added to the end of the
NONE string. As a result, the
later strcmp() function fails with the following error message:
# echo NONE > /proc/sys/net/netfilter/nf_log/2 bash: echo: write error: No such file or directory # sysctl net.netfilter.nf_log.2=NONE sysctl: setting key "net.netfilter.nf_log.2": No such file or directory
To work around this problem, explicitly append a nul-character to the
NONE string. For example:
echo -e "NONE\0" > /proc/sys/net/netfilter/nf_log/2
As a result, the net filter log stops. However, the
sysctl command cannot be used to achieve the same effect.
Intel network device that uses the
ice driver does not pass traffic when using bridge-over-VLAN topology
Ethernet devices do not transmit Internet Control Message Protocol (ICMP) echo request and reply traffic if all of the following conditions meet:
The Ethernet device uses the
- The Ethernet device is a member of a bridge.
- The bridge uses VLAN tagging according to the 802.1Q protocol
As a consequence, Network Interface Controller (NIC) does not pass traffic for the described network topology. There is no workaround available to this problem.
Resuming from hibernation fails on the
megaraid_sas driver resumes from hibernation, the Message Signaled Interrupts (MSIx) allocation does not work correctly. As a consequence, resuming from hibernation fails, and restarting the system is required.
Verification of signatures using the MD5 hash algorithm is disabled in Red Hat Enterprise Linux 7
It is impossible to connect to any Wi-Fi Protected Access (WPA) Enterprise Access Point (AP) that requires MD5 signed certificates. To work around this problem, copy the
wpa_supplicant.service file from the
/usr/lib/systemd/system/ directory to the
/etc/systemd/system/ directory and add the following line to the Service section of the file:
Then run the
systemctl daemon-reload command as root to reload the service file.
Note that MD5 certificates are highly insecure and Red Hat does not recommend using them.
bind-utils DNS lookup utilities support fewer search domains than
nslookup DNS lookup utilities from the
bind-utils package support only up to 8 search domains, while the
glibc resolver in the system supports any number of search domains. As a consequence, the DNS lookup utilities may get different results than applications when a search in the
/etc/resolv.conf file contains more than 8 domains.
To work around this problem, use one of the following:
- Full names ending with a dot, or
Fewer than nine domains in the
Note that it is not recommended to use more than three domains.
Auditd server does not start on remote logging servers using KRB5 peer authentication
The SELinux policy does not contain the
auditd_tmp_t file type for the temporary directories and files created by processes running under
auditd_t SELinux type. This prevents starting the
auditd service on a server when KRB5 peer authentication is used for remote logging.
To work around this problem, either set
auditd_t domain to permissive mode or build a custom SELinux policy that allows processes running under
auditd_t type to create and modify files and directories in the
/var/tmp directory. As a result,
auditd server using KRB5 peer authentication for remote logging can be started only after applying the described workaround.
Audit executable watches on symlinks do not work
File monitoring provided by the
-w option cannot directly track a path. It has to resolve the path to a device and an inode to make a comparison with the executed program. A watch monitoring an executable symlink monitors the device and an inode of the symlink itself instead of the program executed in memory, which is found from the resolution of the symlink. Even if the watch resolves the symlink to get the resulting executable program, the rule triggers on any multi-call binary called from a different symlink. This results in flooding logs with false positives. Consequently, Audit executable watches on symlinks do not work.
To work around the problem, set up a watch for the resolved path of the program executable, and filter the resulting log messages using the last component listed in the
8.8. Servers and Services
Upgrade to RHEL 7.8 fails when
postgresql-docs are installed on Workstation
postgresql-docs packages have been moved to the Workstation Optional repository. Consequently, if these packages are installed, it is impossible to update a system with a Workstation variant to RHEL 7.8. To work around this problem, uninstall
postgresql-docs prior to upgrading to RHEL 7.8.
FreeRADIUS silently truncates Tunnel-Passwords longer than 249 characters
If a Tunnel-Password is longer than 249 characters, the FreeRADIUS service silently truncates it. This may lead to unexpected password incompatibilities with other systems.
To work around the problem, choose a password that is 249 characters or fewer.
The system sometimes becomes unresponsive in low-memory situations with external MD metadata
The system might periodically become unresponsive if all of the following conditions occur:
- The Multiple Devices (MD) storage subsystem is configured to use external metadata arrays.
- The system reaches a low-memory situation.
- The MD user space performs an allocation that writes data back to the same device that MD is allocating for.
To work around the problem, ensure that the system has enough free memory. As a result, the system does not become unresponsive when MD performs the allocation.
Live migration of virtual machines between hosts with different physical address sizes does not work in some cases
Live migration of a virtual machine (VM) that uses a hot-plugged CPU currently fails in some cases if the hosts have different physical address sizes. To work around this problem, do not live migrate between such hosts while using a CPU hot-plug. Alternatively, do not hot-plug a CPU to a VM that has been migrated to a host with a different physical address size.
virt-clone always shows a 100% progress bar when
--nonsparse is used
Currently, when the
virt-clone utility is used with the
--nonparse option, the progress bar displayed in the CLI always shows 100% completion of the process. As a consequence, the user cannot see the actual progress of cloning the virtual machine.
RHEL 7 virtual machines sometimes cannot boot on and migrate to Witherspoon hosts
RHEL 7 virtual machines (VMs) that use the
pseries-rhel7.6.0-sxxm machine type in some cases fail to boot on Power9 S922LC for HPC hosts (also known as Witherspoon) that use the DD2.3 CPU.
Attempting to boot such a VM instead generates the following error message:
qemu-kvm: Requested safe indirect branch capability level not supported by kvm
In addition, migrating VMs that use the
pseries-rhel7.6.0-sxxm machine type to Witherspoon hosts from other hosts fails.
kdump does not support setting nr_cpus to 2 or higher in Hyper-V virtual machines
When using RHEL 7.8 as a guest operating system on a Microsoft Hyper-V hypervisor, the kdump kernel in some cases becomes unresponsive when the
nr_cpus parameter is set to 2 or higher. To avoid this problem from occurring, do not change the default
nr_cpus=1 parameter in the
/etc/sysconfig/kdump file of the guest.