RHEL6.5: kernel 2.6.32-431.el6 crashes while executing systemtap script netfilter_drop.stp to drop all the incoming packets during a TCP flood attack
Issue
- System crashes with RIP function 'enter_netfilter_probe_0', which is from systemtap script netfilter_drop.stp.
- Small portion of oops message showing crash in systemtap module
BUG: unable to handle kernel NULL pointer dereference at 0000000000000280
IP: [<ffffffffa02f0818>] enter_netfilter_probe_0+0x48/0x240 [stap_9334f47a88451be60694f41ddf6e20a8_2242]
...
Modules linked in: stap_9334f47a88451be60694f41ddf6e20a8_2242(U) ipv6 microcode sg virtio_balloon snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc e1000 i2c_piix4 i2c_core ext4 jbd2 mbcache virtio_blk sr_mod cdrom virtio_pci virtio_ring virtio pata_acpi ata_generic ata_piix dm_mirror dm_region_hash dm_log dm_mod [last unloaded: speedstep_lib]
Pid: 0, comm: swapper Not tainted 2.6.32-431.el6.x86_64 #1 Red Hat KVM
RIP: 0010:[<ffffffffa02f0818>] [<ffffffffa02f0818>] enter_netfilter_probe_0+0x48/0x240 [stap_9334f47a88451be60694f41ddf6e20a8_2242]
Environment
- Red Hat Enterprise Linux 6.5
- kernel-2.6.32-431.el6.x86_64
- systemtap earlier than systemtap-2.5-2.el6
- systemtap script netfilter_drop.stp
- TCP SYN flood attack
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.