From mboxrd@z Thu Jan  1 00:00:00 1970
From: Sami Farin <hvtaifwkbgefbaei@gmail.com>
Subject: 4.19.4 nf_conntrack_count kernel panic
Date: Mon, 26 Nov 2018 20:46:38 +0100
Message-ID: <20181126194638.tpwagr7gqzvi3ogf@m.mifar.in>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Yi-Hung Wei <yihung.wei@gmail.com>, netfilter-devel@vger.kernel.org
To: Linux Networking Mailing List <netdev@vger.kernel.org>
Return-path: <netdev-owner@vger.kernel.org>
Received: from mifar.in ([46.101.129.31]:43850 "EHLO mifar.in"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726251AbeK0GrG (ORCPT <rfc822;netdev@vger.kernel.org>);
        Tue, 27 Nov 2018 01:47:06 -0500
Received: from mifar.in (p5DED1F87.dip0.t-ipconnect.de [93.237.31.135])
        (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
        (Client CN "mifar.in", Issuer "mifar.in" (verified OK))
        by mifar.in (Postfix) with ESMTPS id 0ED5E60BFB
        for <netdev@vger.kernel.org>; Mon, 26 Nov 2018 20:46:39 +0100 (CET)
Content-Disposition: inline
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

4.18.20 works OK, but unfortunately 4.18 series is EOL.
I have Ryzen 1600X, 32 GB RAM, Fedora 28, gcc-8.2.1-5, nosmt=force, igb module for Intel I211,
using XFS filesystems only.

To reproduce, I only do this: connect to VPN using a tunnel (e.g. tun0),
start downloading a file with qbittorrent (allow port for incoming
TCP connections in qbittorrent and iptables) and wait a couple of minutes.
I am also using ipset and connlimit modules.
I reproduced this bug three times.
With 4.18 I use fq+htb and  with 4.19 I use CAKE for traffic control.

Only this message in kernel log:
[  363.935074] TCP: request_sock_TCP: Possible SYN flooding on port 19044. Dropping request.  Check SNMP counters.
I get this message with both 4.18.20 and 4.19.4.

RIP: 0010:rb_insert_color+0x64
Call Trace:
  nf_conntrack_count [nf_conncount]
  ip_set_test [ip_set]
  connlimit_mt [xt_connlimit]
  set_match_v4 [xt_set]
  ipt_do_table [ip_tables]
  ip_route_input_noref
  nf_hook_slow 
  ip_local_deliver
  inet_add_protocol
  ip_rcv
  ip_rcv_finish_core
  __netif_receive_skb_one_core
  netif_receive_skb_internal
  tun_rx_batched
  tun_get_user
  __local_bh_enable_ip
  tun_get_user
  tun_chr_write_iter
  __vfs_write
  vfs_write
  ksys_write
  do_syscall_64
  trace_hardirqs_off_thunk
  entry_SYSCALL_64_after_hwframe

...

Kernel panic - not syncing: Fatal exception in interrupt

-- 
Do what you love because life is too short for anything else.
https://samifar.in/