View Issue Details

IDProjectCategoryView StatusLast Update
0016599CentOS-7[All Projects] generalpublic2019-10-21 00:42
Status newResolutionopen 
Product Version7.6.1810 
Target VersionFixed in Version 
Summary0016599: TCP performance issues and stalls
DescriptionWe use a tool named Application Performance Management from vendor Broadcom. Tool is made of cluster named Management of Modules and Collectors. Recent Red Hat Patch resulted in cluster slowness, connection issues and TCP connections stall or time out. It overwhelms the tcp connection and drops the connections.

Please refer to article on redhat:

An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments.

We noticed the issue on Linux after redhat security patch, We believe it has been resolved (ref:please refer to article on redhat

But lately we are seeing similar issue on centos as well. Please refer to articles and if you need more information I can provide it.
Steps To ReproduceWe can reproduce with the application onboard. Please refer to article on vendor Broadcom for logs




2019-10-15 21:33


TCP+performance+issues+and+stalls+when+using+kernel-3.10.0-957.21.3.el7+or+any+kernel+with+TCP+SACK+PANIC+CVE+fixes.pdf (156,456 bytes)
Redhat-Error.PNG (371,602 bytes)


2019-10-15 22:10

manager   ~0035493

And what is your current kernel version as reported by `uname -r`?


2019-10-15 22:11

reporter   ~0035494



2019-10-15 22:16

manager   ~0035495

That is the last public kernel that Redhat made available for 7.6 therefore CentOS cannot rebuild the later 7.6 kernels in the 3.10.0-957.* series as there is no source available. It is for this reason that CentOS only supports the current point release - 7.7 at the moment - which uses kernel series 3.10.0-1062.* and is one of those listed in the Redhat KB article that you pointed to that says is fixed.

You need to `yum update` to get current. Only the latest CentOS point release is supported.

Issue History

Date Modified Username Field Change
2019-10-15 21:33 veereshdandur New Issue
2019-10-15 21:33 veereshdandur File Added: TCP+performance+issues+and+stalls+when+using+kernel-3.10.0-957.21.3.el7+or+any+kernel+with+TCP+SACK+PANIC+CVE+fixes.pdf
2019-10-15 21:33 veereshdandur File Added: Redhat-Error.PNG
2019-10-15 21:33 veereshdandur Tag Attached: slowness
2019-10-15 22:10 TrevorH Note Added: 0035493
2019-10-15 22:11 veereshdandur Note Added: 0035494
2019-10-15 22:16 TrevorH Note Added: 0035495