Red Hat Enterprise Linux 7 is crashing when accessing /dev/snapshot
Issue
- After updating our systems running on VMWare to Red Hat Enterprise Linux 7.5 we noticed regular crashes of our systems due to unknown reason. When looking into the
vmcorewe can see that it's somehow related to our Operating System scanning tool that tries to access/dev/snapshot. - Running
cat /dev/snapshottwice on a system hosted on VMWare with Red Hat Enterprise Linux 7.5 we see the system crashing with the below stack-trace.
[ 187.161831] BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
[ 187.162477] IP: [<ffffffffc03343a0>] vmw_otables_takedown+0x70/0x120 [vmwgfx]
[ 187.163143] PGD 800000007b4d7067 PUD 7849b067 PMD 0
[ 187.163796] Oops: 0000 [#1] SMP
[ 187.164442] Modules linked in: ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter vmw_vsock_vmci_transport vsock ppdev sg pcspkr vmw_balloon vmw_vmci joydev nfit shpchp libnvdimm i2c_piix4 parport_pc parport ip_tables xfs libcrc32c sr_mod cdrom vmwgfx ata_generic pata_acpi drm_kms_helper syscopyarea sd_mod sysfillrect sysimgblt fb_sys_fops crc_t10dif crct10dif_generic crct10dif_common ttm drm ahci ata_piix libahci serio_raw
[ 187.168319] libata vmxnet3 vmw_pvscsi i2c_core floppy dm_mirror dm_region_hash dm_log dm_mod
[ 187.169155] CPU: 0 PID: 10462 Comm: cat Kdump: loaded Not tainted 3.10.0-862.6.3.el7.x86_64 #1
[ 187.169993] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/28/2017
[ 187.170849] task: ffff9e08f68aaf70 ti: ffff9e08f849c000 task.ti: ffff9e08f849c000
[ 187.171715] RIP: 0010:[<ffffffffc03343a0>] [<ffffffffc03343a0>] vmw_otables_takedown+0x70/0x120 [vmwgfx]
[ 187.172613] RSP: 0000:ffff9e08f849fac8 EFLAGS: 00010246
[ 187.173492] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000000
[ 187.174379] RDX: ffff9e08f88a2ee8 RSI: 0000000000000004 RDI: ffff9e08f89c0000
[ 187.175270] RBP: ffff9e08f849fae0 R08: ffff9e08b66b2098 R09: ffff9e08fa6a5ac8
[ 187.176156] R10: ffff9e08f99fc240 R11: fffff13e01e698c0 R12: ffff9e08f89c0000
[ 187.177037] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 187.177928] FS: 00007face3e0d740(0000) GS:ffff9e08ffc00000(0000) knlGS:0000000000000000
[ 187.178824] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 187.179716] CR2: 0000000000000030 CR3: 000000007b4d0000 CR4: 00000000000007f0
[ 187.180653] Call Trace:
[ 187.181565] [<ffffffffc0322bad>] vmw_release_device_early+0x7d/0xa0 [vmwgfx]
[ 187.182484] [<ffffffffc0322c32>] vmwgfx_pm_notifier+0x62/0xb0 [vmwgfx]
[ 187.183424] [<ffffffff92b1bacf>] notifier_call_chain+0x4f/0x70
[ 187.184354] [<ffffffff924c17ad>] __blocking_notifier_call_chain+0x4d/0x70
[ 187.185271] [<ffffffff924c17e6>] blocking_notifier_call_chain+0x16/0x20
[ 187.186204] [<ffffffff924eafda>] pm_notifier_call_chain+0x1a/0x40
[ 187.187123] [<ffffffff924f24ea>] snapshot_open+0xea/0x1f0
[ 187.188050] [<ffffffff92853da5>] misc_open+0xb5/0x1d0
[ 187.188974] [<ffffffff92620b25>] chrdev_open+0xb5/0x1b0
[ 187.189887] [<ffffffff92618c5a>] do_dentry_open+0x1aa/0x2e0
[ 187.190797] [<ffffffff926d1072>] ? security_inode_permission+0x22/0x30
[ 187.191713] [<ffffffff92620a70>] ? cdev_put+0x30/0x30
[ 187.192614] [<ffffffff92618e2a>] vfs_open+0x5a/0xb0
[ 187.193507] [<ffffffff92627288>] ? may_open+0x68/0x120
[ 187.194407] [<ffffffff9262b2dd>] do_last+0x1ed/0x12c0
[ 187.195294] [<ffffffff9262c487>] path_openat+0xd7/0x640
[ 187.196182] [<ffffffff925c5a9c>] ? handle_pte_fault+0x2dc/0xc30
[ 187.197071] [<ffffffff9262e01d>] do_filp_open+0x4d/0xb0
[ 187.197954] [<ffffffff9263b447>] ? __alloc_fd+0x47/0x170
[ 187.198827] [<ffffffff9261a327>] do_sys_open+0x137/0x240
[ 187.199702] [<ffffffff92b206d5>] ? system_call_after_swapgs+0xa2/0x146
[ 187.200576] [<ffffffff9261a44e>] SyS_open+0x1e/0x20
[ 187.201452] [<ffffffff92b20795>] system_call_fastpath+0x1c/0x21
[ 187.202329] [<ffffffff92b206e1>] ? system_call_after_swapgs+0xae/0x146
[ 187.203197] Code: 84 24 88 d0 02 00 48 8d 14 d0 80 7a 10 00 74 db 48 83 c2 08 89 de 4c 89 e7 e8 1d f9 ff ff 83 c3 01 41 3b 9c 24 80 d0 02 00 72 cd <41> 8b 45 30 85 c0 0f 84 84 00 00 00 49 8b bd c8 01 00 00 e8 48
[ 187.205095] RIP [<ffffffffc03343a0>] vmw_otables_takedown+0x70/0x120 [vmwgfx]
[ 187.206019] RSP <ffff9e08f849fac8>
[ 187.206902] CR2: 0000000000000030
Environment
- Red Hat Enterprise Linux 7.5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
