Shawn Bohrer <sbohrer@xxxxxxxxxxxxxx> wrote: > Hello, > > I've got an easily reproducible bug that I'm seeing on 4.19.11 in the > conncount code. > > [ 65.167660] CPU: 1 PID: 10375 Comm: iptables Not tainted 4.19.11+ #1 > [ 65.167661] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20180724_192412-buildhw-07.phx2.fedoraproject.org-1.fc29 04/01/2014 > [ 65.167665] RIP: 0010:rb_erase+0xae/0x360 > [ 65.167666] Code: 4d 89 50 08 4d 85 c9 74 5b 48 83 c8 01 48 89 0a 49 89 01 c3 48 8b 0f 48 89 ca 48 83 e2 fc 48 85 d2 48 89 d0 0f 84 41 02 00 00 <48> 3b 7a 10 0f 84 3f 02 00 00 4c 89 42 08 4d 85 c0 0f 84 1b 02 00 > [ 65.167667] RSP: 0018:ffffb5bec0af7d18 EFLAGS: 00010206 > [ 65.167669] RAX: 6e3319b62019e1d4 RBX: ffff8ebe30766630 RCX: 6e3319b62019e1d5 > [ 65.167669] RDX: 6e3319b62019e1d4 RSI: ffff8ebe38c8e348 RDI: ffff8ebe38dadde0 > [ 65.167670] RBP: ffff8ebe38dade00 R08: 0000000000000000 R09: ffffffffc04ef301 > [ 65.167671] R10: ffff8ebe38dadde0 R11: 0000000000000001 R12: ffff8ebe38dadde0 > [ 65.167672] R13: ffff8ebe38c8e348 R14: ffff8ebe38c8e808 R15: ffff8ebe38c8e000 > [ 65.167673] FS: 00007ff81d373700(0000) GS:ffff8ebe3c440000(0000) knlGS:0000000000000000 > [ 65.167674] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 65.167677] CR2: 000055968cc0d008 CR3: 0000000138f52002 CR4: 00000000003606e0 > [ 65.167678] Call Trace: > [ 65.167689] nf_conncount_destroy+0x59/0xc0 [nf_conncount] > [ 65.167691] cleanup_match+0x45/0x70 [ip_tables] > [ 65.167693] ? next_arg+0x92/0x110 > [ 65.167694] cleanup_entry+0x3e/0xc0 [ip_tables] > [ 65.167696] __do_replace+0x1a4/0x240 [ip_tables] > [ 65.167697] do_ipt_set_ctl+0x150/0x1b0 [ip_tables] > [ 65.167700] nf_setsockopt+0x44/0x70 > [ 65.167702] __sys_setsockopt+0x82/0xe0 > [ 65.167703] __x64_sys_setsockopt+0x20/0x30 > [ 65.167704] do_syscall_64+0x48/0xf0 > [ 65.167706] entry_SYSCALL_64_after_hwframe+0x44/0xa9 > > I can reproduce this by running a simple webserver. Then running: > > while true; do > sudo /sbin/iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 2 --connlimit-mask 32 --connlimit-saddr -j DROP > sleep 1 > sudo iptables -D INPUT 1 > done > > Then while that loop is running I hit the webserver: > > for i in $(seq 1 100); do > curl --silent http://192.168.122.250 >/dev/null > done I've tried multiple netperf -t TCP_CC from host-to-vm and vice versa plust parallel synflood but nothing shows up (not even with KASAN on). How soon does this trigger? Could you send me your .config offlist? Thanks, Florian