RHEL6.5: kernel 2.6.32-431.el6 crashes while executing systemtap script netfilter_drop.stp to drop all the incoming packets during a TCP flood attack
Issue
- System crashes with RIP function 'enter_netfilter_probe_0', which is from systemtap script netfilter_drop.stp.
- Small portion of oops message showing crash in systemtap module
BUG: unable to handle kernel NULL pointer dereference at 0000000000000280
IP: [<ffffffffa02f0818>] enter_netfilter_probe_0+0x48/0x240 [stap_9334f47a88451be60694f41ddf6e20a8_2242]
...
Modules linked in: stap_9334f47a88451be60694f41ddf6e20a8_2242(U) ipv6 microcode sg virtio_balloon snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd soundcore snd_page_alloc e1000 i2c_piix4 i2c_core ext4 jbd2 mbcache virtio_blk sr_mod cdrom virtio_pci virtio_ring virtio pata_acpi ata_generic ata_piix dm_mirror dm_region_hash dm_log dm_mod [last unloaded: speedstep_lib]
Pid: 0, comm: swapper Not tainted 2.6.32-431.el6.x86_64 #1 Red Hat KVM
RIP: 0010:[<ffffffffa02f0818>] [<ffffffffa02f0818>] enter_netfilter_probe_0+0x48/0x240 [stap_9334f47a88451be60694f41ddf6e20a8_2242]
Environment
- Red Hat Enterprise Linux 6.5
- kernel-2.6.32-431.el6.x86_64
- systemtap earlier than systemtap-2.5-2.el6
- systemtap script netfilter_drop.stp
- TCP SYN flood attack
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
