kernel BUG at /root/tempesta/fw/apm.c:796!

[RomanBelozerov]

To Reproduce
t_stress.test_ddos.TestDDoSL7 on remote setup with ~50 different IPs. See PR438. I only used the "GET" attack method from mhddos tool and it is difficult to reproduce.
general config in tests_config.ini:

duration = 120
concurrent_connections = 100
stress_threads = 10
stress_requests_count = 50

Configuration file

listen 80 proto=http;
listen 443 proto=h2,https;

cache 2;
cache_fulfill * *;
cache_methods GET HEAD;
cache_ttl 3600;

access_log on;

frang_limits {
    request_rate 100;
    request_burst 50;
    tcp_connection_rate 100;
    tcp_connection_burst 50;
    concurrent_tcp_connections 100;
    client_header_timeout 20;
    client_body_timeout 10;
    http_uri_len 1024;
    http_hdr_len 256;
    http_ct_required false;
    http_ct_vals "text/plain" "text/html" "application/json";
    http_header_chunk_cnt 10;
    http_body_chunk_cnt 0;
    http_resp_code_block 403 404 502 5 1;
    http_method_override_allowed true;
    http_methods head post put get;

    ip_block on;
}

# Allow only following characters in URI: %+,/a-zA-Z0-9&?:-.[]_=
# These are tested with the WordPress admin panel.
http_uri_brange 0x25 0x2b 0x2c 0x2f 0x41-0x5a 0x61-0x7a 0x30-0x39 0x26 0x3f 0x3a 0x2d 0x2e 0x5b 0x5d 0x5f 0x3d;

health_stat 3* 4* 5*;
health_stat_server 3* 4* 5*;

block_action attack drop;
block_action error reply;

# Make WordPress to work over TLS.
# See https://tempesta-tech.com/knowledge-base/WordPress-tips-and-tricks/
req_hdr_add X-Forwarded-Proto "https";

resp_hdr_set Strict-Transport-Security "max-age=31536000; includeSubDomains";

# Remove the proxy header to mitigate the httpoxy vulnerability
# See https://httpoxy.org/
req_hdr_set Proxy;

tls_certificate ${tempesta_workdir}/tempesta.crt;
tls_certificate_key ${tempesta_workdir}/tempesta.key;
tls_match_any_server_name;

srv_group main {server ${server_ip}:8000 conns_n=512;}

vhost tempesta-tech.com {proxy_pass main;}

http_chain {
	# Redirect old URLs from the old static website
	uri == "/index"		-> 301 = /;
	uri == "/development-services" -> 301 = /network-security-performance-analysis;

	# Disable PHP dynamic logic for caching
	# See https://www.varnish-software.com/developers/tutorials/configuring-varnish-wordpress/
	uri == "/wp-admin*" -> cache_disable;
	uri == "/wp-comments-post.php*" -> cache_disable;

	# RSS feed /comments/feed/ is cached as other resource for 1 hour,
	# defined by the global cache_ttl policy.

	# Proably outdated redirects
	uri == "/index.html"	-> 301 = /;
	uri == "/services"	-> 301 = /development-services;
	uri == "/services.html"	-> 301 = /development-services;
	uri == "/c++-services"	-> 301 = /development-services;
	uri == "/company.html"	-> 301 = /company;
	uri == "/blog/fast-programming-languages-c-c++-rust-assembly" -> 301 = /blog/fast-programming-languages-c-cpp-rust-assembly;

	-> tempesta-tech.com;
}

Version or commit hash
Tempesta - ef12112
kernel-patch - 5.10.35.tfw-fa7cd2d

Stacktrace or debug log

[ 1808.462572] ------------[ cut here ]------------
[ 1808.465454] kernel BUG at /root/tempesta/fw/apm.c:796!
[ 1808.468330] invalid opcode: 0000 [#1] SMP NOPTI
[ 1808.470176] CPU: 2 PID: 0 Comm: swapper/2 Kdump: loaded Tainted: G           OE     5.10.35.tfw-fa7cd2d #1
[ 1808.472404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
[ 1808.474476] RIP: 0010:tfw_apm_prnctl_calc.constprop.0+0x42c/0x450 [tempesta_fw]
[ 1808.476456] Code: 41 5e 41 5f 5d c3 48 8b 85 b8 fe ff ff 44 8b 78 0c 45 85 ff 7e 14 41 8d 4f ff e9 95 fd ff ff 0f 0b 83 fe 07 0f 8f 24 ff ff ff <0f> 0b 49 8b 47 08 83 38 ff 75 b0 c7 00 00 00 00 00 eb a8 e8 9c 54
[ 1808.482527] RSP: 0018:ffffb418c011ccc8 EFLAGS: 00010246
[ 1808.484229] RAX: 000000000000ffff RBX: 0000000000011bdc RCX: 000000000000ffff
[ 1808.486081] RDX: ffffb418c011cd44 RSI: 0000000000000007 RDI: ffffb418c011cd44
[ 1808.489653] RBP: ffffb418c011ce28 R08: 0000000000000005 R09: ffff97670450cd80
[ 1808.493265] R10: 0000000000000001 R11: ffffb418c011ce58 R12: 0000000000000010
[ 1808.497000] R13: 00000000000006f5 R14: 0000000000000001 R15: 0000000000000005
[ 1808.500779] FS:  0000000000000000(0000) GS:ffff97686be80000(0000) knlGS:0000000000000000
[ 1808.504648] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1808.507741] CR2: 0000000000003002 CR3: 000000010b000004 CR4: 0000000000770ee0
[ 1808.511247] PKRU: 55555554
[ 1808.513183] Call Trace:
[ 1808.515087]  <IRQ>
[ 1808.518205]  ? tcp_v4_rcv+0xd36/0xe10
[ 1808.519589]  ? ip_protocol_deliver_rcu+0x30/0x1b0
[ 1808.521004]  ? ip_local_deliver_finish+0x4d/0x60
[ 1808.522430]  ? ip_local_deliver+0xfa/0x110
[ 1808.523841]  ? ip_protocol_deliver_rcu+0x1b0/0x1b0
[ 1808.525426]  tfw_apm_prcntl_tmfn+0x458/0x5d0 [tempesta_fw]
[ 1808.528297]  ? tfw_apm_prnctl_calc.constprop.0+0x450/0x450 [tempesta_fw]
[ 1808.531589]  call_timer_fn+0x2e/0x100
[ 1808.534206]  __run_timers.part.0+0x1e0/0x250
[ 1808.536594]  ? lapic_next_deadline+0x2c/0x40
[ 1808.539029]  ? clockevents_program_event+0x8f/0xe0
[ 1808.541455]  run_timer_softirq+0x2a/0x50
[ 1808.543684]  __do_softirq+0xd9/0x291
[ 1808.545734]  asm_call_irq_on_stack+0xf/0x20
[ 1808.548017]  </IRQ>
[ 1808.549488]  do_softirq_own_stack+0x3d/0x50
[ 1808.551795]  irq_exit_rcu+0xa4/0xb0
[ 1808.553738]  sysvec_apic_timer_interrupt+0x3d/0x90
[ 1808.556161]  asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 1808.558735] RIP: 0010:native_safe_halt+0xe/0x10
[ 1808.560950] Code: 7b ff ff ff eb bd cc cc cc cc cc cc e9 07 00 00 00 0f 00 2d c6 9e 47 00 f4 c3 66 90 e9 07 00 00 00 0f 00 2d b6 9e 47 00 fb f4 <c3> cc 0f 1f 44 00 00 55 48 89 e5 53 65 8b 15 3f ed a7 7c 0f 1f 44
[ 1808.568828] RSP: 0018:ffffb418c0093e90 EFLAGS: 00000202
[ 1808.571457] RAX: ffffffff83592690 RBX: 0000000000000002 RCX: ffff97686beacdc0
[ 1808.574823] RDX: 000000000008351a RSI: 000001a50d67daa3 RDI: 0000000000000082
[ 1808.578146] RBP: ffffb418c0093e98 R08: 000000cd42e4dffb R09: 000001a50fca34a3
[ 1808.581362] R10: 000000000000000f R11: 0000000000000000 R12: ffff9767002ebc80
[ 1808.584521] R13: ffff9767002ebc80 R14: 0000000000000000 R15: 0000000000000000
[ 1808.587597]  ? __cpuidle_text_start+0x8/0x8
[ 1808.589772]  ? default_idle+0xe/0x20
[ 1808.591698]  arch_cpu_idle+0x15/0x20
[ 1808.593760]  default_idle_call+0x38/0xc0
[ 1808.595889]  do_idle+0x1f8/0x260
[ 1808.597764]  ? do_idle+0x192/0x260
[ 1808.599666]  cpu_startup_entry+0x20/0x30
[ 1808.603277]  start_secondary+0x111/0x150
[ 1808.605232]  secondary_startup_64_no_verify+0xb0/0xbb
[ 1808.607496] Modules linked in: tempesta_fw(OE) tempesta_db(OE) tempesta_tls(OE) tempesta_lib(OE) tcp_diag inet_diag sha256_ssse3 sha512_ssse3 nvme_tcp nvme_fabrics nvme_core vhost_vsock vmw_vsock_virtio_transport_common vhost vhost_iotlb vsock xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo xt_addrtype nft_compat br_netfilter nft_masq nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bridge stp llc nf_tables libcrc32c nfnetlink overlay binfmt_misc intel_rapl_msr intel_rapl_common kvm_intel kvm crct10dif_pclmul ghash_clmulni_intel snd_hda_codec_generic aesni_intel ledtrig_audio crypto_simd snd_hda_intel cryptd snd_intel_dspcfg snd_hda_codec glue_helper snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi nls_iso8859_1 snd_seq snd_seq_device snd_timer snd joydev input_leds serio_raw iTCO_wdt soundcore iTCO_vendor_support qxl drm_ttm_helper ttm drm_kms_helper cec fb_sys_fops syscopyarea sysfillrect sysimgblt mac_hid
[ 1808.607572]  qemu_fw_cfg sch_fq_codel msr parport_pc ppdev lp parport drm efi_pstore ip_tables x_tables autofs4 hid_generic usbhid hid psmouse i2c_i801 ahci crc32_pclmul lpc_ich i2c_smbus libahci virtio_rng virtio_net net_failover failover virtio_blk [last unloaded: tempesta_lib]