Kernel panic in xt_TCPMSS.c at tcpmss_mangle_packet+0xef

Solution Verified - Updated -

Issue

  • system outage in xt_TCPMSS.c
  • core dumps inside iptables rule
  • Kernel panic with backtrace similar to:
    [exception RIP: tcpmss_mangle_packet+0xef]
...
#10 [ffff88103fb03920] tcpmss_mangle_packet at ffffffffa04c5214 [xt_TCPMSS]
#11 [ffff88103fb03970] tcpmss_tg4 at ffffffffa04c56cc [xt_TCPMSS]
#12 [ffff88103fb039a8] ipt_do_table at ffffffffa00e3cb0 [ip_tables]
#13 [ffff88103fb03af0] iptable_mangle_hook at ffffffffa0495043 [iptable_mangle]
#14 [ffff88103fb03b30] nf_iterate at ffffffff815a6360
#15 [ffff88103fb03b70] nf_hook_slow at ffffffff815a6448
#16 [ffff88103fb03ba8] ip_local_deliver at ffffffff815b0762
#17 [ffff88103fb03c00] ip_rcv_finish at ffffffff815b00aa
#18 [ffff88103fb03c28] ip_rcv at ffffffff815b0a36

Environment

  • Red Hat Enterprise Linux 7.4 or earlier
  • Red Hat Enterprise Linux 6.9 or earlier
  • iptables firewall
    • Netfilter module xt_TCPMSS

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content