tcp anon port calculation wrong
If tcp_largest_anon_port gets tuned down from the default of 65536, some percentage of all source ports for outgoing tcp connections are chosen as tcp_smallest_anon_port. E.g., if you tune down tcp_largest_anon_port to 49152, 1/4 of all connections will use port 32768 as source port. If you make several successive connections to the same peer, some connections will be rejected with RST, as the tuple is still in use on the peer.
The problem is here:
The test has to be expanded to also check for port > largest_anon_port.
a) don't tune down
b) disable random anon port