Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

runtime/cgo: pthread_create failed: Operation not permitted on glibc 2.34 #6238

Closed
BlackYoup opened this issue Sep 23, 2021 · 4 comments
Closed
Labels

Comments

@BlackYoup
Copy link
Contributor

BlackYoup commented Sep 23, 2021

APM Server version (apm-server version):

apm-server version 8.0.0 (amd64), libbeat 8.0.0 [unknown built unknown] (current master but the issue also applies to previous apm-server version)

Description of the problem including expected versus actual behavior:

Since we upgraded to glibc 2.34, the apm-server crashes quite rapidly with the following error:

❯ ./apm-server -c ./apm-server.yml
runtime/cgo: pthread_create failed: Operation not permitted
SIGABRT: abort
PC=0x7f9ce85e3ad3 m=9 sigcode=18446744073709551610

Steps to reproduce:

Please include a minimal but complete recreation of the problem,
including server configuration, agent(s) used, etc. The easier you make it
for us to reproduce it, the more likely that somebody will take the time to
look at it.

  1. Install glibc 2.34
  2. go build the project (already built binary might as well have the bug)
  3. run ./apm-server -c <configuration file>, the configuration file must point to a working Elasticsearch node / cluster
  4. wait a few seconds for the crash to happen

My apm-server.yml file looks like:

apm-server:
    host: "0.0.0.0:8080"
    secret_token: "SECRET"

output.elasticsearch:
    hosts: ["URL:443"]
    protocol: "https"
    username: "USER"
    password: "PASSWORD"

path.home: "/home/arnaud/Dev/clevercloud/apm-server"

logging:
    to_syslog: false
    to_files: true

Provide logs (if relevant):

Crash logs
  ❯ ./apm-server -c ./apm-server.yml.back
runtime/cgo: pthread_create failed: Operation not permitted
SIGABRT: abort
PC=0x7f9ce85e3ad3 m=9 sigcode=18446744073709551610

goroutine 0 [idle]:
runtime: unknown pc 0x7f9ce85e3ad3
stack: frame={sp:0x7f9cb97f9840, fp:0x0} stack=[0x7f9cb8ffa1d0,0x7f9cb97f9dd0)
0x00007f9cb97f9740:  0x0000000000000000  0x0000000000000000
0x00007f9cb97f9750:  0x0000000000000000  0x0000000000000000
0x00007f9cb97f9760:  0x0000000000000000  0x00007f9ce85f0fba
0x00007f9cb97f9770:  0x0000000000000000  0x0000000000000011
0x00007f9cb97f9780:  0x0000000000000000  0x0000000000000130
0x00007f9cb97f9790:  0x0000000000000120  0x0000000000000000
0x00007f9cb97f97a0:  0x0000000000000013  0x0000000000000000
0x00007f9cb97f97b0:  0x0000000000000004  0x0000003400000013
0x00007f9cb97f97c0:  0x000000770000006e  0x00007f9ce8665d91
0x00007f9cb97f97d0:  0x00007f9c977fe640  0x00007f9cb97f9aa0
0x00007f9cb97f97e0:  0x00007f9cb97f990e  0x00007f9cb97f990f
0x00007f9cb97f97f0:  0x0000000000000000  0x00007f9ce85e1b27
0x00007f9cb97f9800:  0x00007f9c98000020  0x0000000000000120
0x00007f9cb97f9810:  0x00000000003d0f00  0x00007f9c977fe910
0x00007f9cb97f9820:  0x00007f9c977fe910  0x00007f9c977fe910
0x00007f9cb97f9830:  0x0000000000000000  0x00007f9ce85e3ac5
0x00007f9cb97f9840: <0x00000000007fff00  0x0000000000000006
0x00007f9cb97f9850:  0x0000000000000001  0x00007f9ce85972f6
0x00007f9cb97f9860:  0x0000000003f2854c  0x00007f9ce85817b5
0x00007f9cb97f9870:  0x0000000000000020  0x00007f9ce8654e54
0x00007f9cb97f9880:  0x0000000000000000  0x000000000000000d
0x00007f9cb97f9890:  0x0000000003f2853e  0x000000000000000d
0x00007f9cb97f98a0:  0x0000000000000000  0x00007f9ce8654e54
0x00007f9cb97f98b0:  0x0000000000001100  0x0000000000000001
0x00007f9cb97f98c0:  0x00007f9ce874e703  0x0000000000000001
0x00007f9cb97f98d0:  0x0000000000000d68  0x00007f9ce85d994d
0x00007f9cb97f98e0:  0x00000000ffffffff  0x00007f9ce874e680
0x00007f9cb97f98f0:  0x00007f9ce874e703  0x00007f9ce874f560
0x00007f9cb97f9900:  0x0000000000000d68  0x00007f9ce85d8cb6
0x00007f9cb97f9910:  0x000000000000000d  0x0000000000000001
0x00007f9cb97f9920:  0x00007f9ce874e680  0x000000000000000a
0x00007f9cb97f9930:  0x00007f9cb97f9b60  0x000000c0006024e0
runtime: unknown pc 0x7f9ce85e3ad3
stack: frame={sp:0x7f9cb97f9840, fp:0x0} stack=[0x7f9cb8ffa1d0,0x7f9cb97f9dd0)
0x00007f9cb97f9740:  0x0000000000000000  0x0000000000000000
0x00007f9cb97f9750:  0x0000000000000000  0x0000000000000000
0x00007f9cb97f9760:  0x0000000000000000  0x00007f9ce85f0fba
0x00007f9cb97f9770:  0x0000000000000000  0x0000000000000011
0x00007f9cb97f9780:  0x0000000000000000  0x0000000000000130
0x00007f9cb97f9790:  0x0000000000000120  0x0000000000000000
0x00007f9cb97f97a0:  0x0000000000000013  0x0000000000000000
0x00007f9cb97f97b0:  0x0000000000000004  0x0000003400000013
0x00007f9cb97f97c0:  0x000000770000006e  0x00007f9ce8665d91
0x00007f9cb97f97d0:  0x00007f9c977fe640  0x00007f9cb97f9aa0
0x00007f9cb97f97e0:  0x00007f9cb97f990e  0x00007f9cb97f990f
0x00007f9cb97f97f0:  0x0000000000000000  0x00007f9ce85e1b27
0x00007f9cb97f9800:  0x00007f9c98000020  0x0000000000000120
0x00007f9cb97f9810:  0x00000000003d0f00  0x00007f9c977fe910
0x00007f9cb97f9820:  0x00007f9c977fe910  0x00007f9c977fe910
0x00007f9cb97f9830:  0x0000000000000000  0x00007f9ce85e3ac5
0x00007f9cb97f9840: <0x00000000007fff00  0x0000000000000006
0x00007f9cb97f9850:  0x0000000000000001  0x00007f9ce85972f6
0x00007f9cb97f9860:  0x0000000003f2854c  0x00007f9ce85817b5
0x00007f9cb97f9870:  0x0000000000000020  0x00007f9ce8654e54
0x00007f9cb97f9880:  0x0000000000000000  0x000000000000000d
0x00007f9cb97f9890:  0x0000000003f2853e  0x000000000000000d
0x00007f9cb97f98a0:  0x0000000000000000  0x00007f9ce8654e54
0x00007f9cb97f98b0:  0x0000000000001100  0x0000000000000001
0x00007f9cb97f98c0:  0x00007f9ce874e703  0x0000000000000001
0x00007f9cb97f98d0:  0x0000000000000d68  0x00007f9ce85d994d
0x00007f9cb97f98e0:  0x00000000ffffffff  0x00007f9ce874e680
0x00007f9cb97f98f0:  0x00007f9ce874e703  0x00007f9ce874f560
0x00007f9cb97f9900:  0x0000000000000d68  0x00007f9ce85d8cb6
0x00007f9cb97f9910:  0x000000000000000d  0x0000000000000001
0x00007f9cb97f9920:  0x00007f9ce874e680  0x000000000000000a
0x00007f9cb97f9930:  0x00007f9cb97f9b60  0x000000c0006024e0

goroutine 1 [chan receive]:
github.com/elastic/apm-server/beater.(*beater).Run(0xc00015c100, 0x11)
        /home/arnaud/Dev/clevercloud/apm-server/beater/beater.go:145 +0xb9
github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch(0xc0003a4000, {{0x396cad8, 0xa}, {0x396181c, 0x3}, {0x3962c58, 0x5}, 0x0, 0x0, {{0x396cae2, ...}, ...}, ...}, ...)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/cmd/instance/beat.go:479 +0x8cb
github.com/elastic/beats/v7/libbeat/cmd/instance.Run.func1({0x396cad8, 0xa}, {0x396181c, 0x3}, {0x3962c58, 0x5}, 0x0, 0xc000679d30, 0xa)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/cmd/instance/beat.go:196 +0x388
github.com/elastic/beats/v7/libbeat/cmd/instance.Run({{0x396cad8, 0xa}, {0x396181c, 0x3}, {0x3962c58, 0x5}, 0x0, 0x0, {{0x396cae2, 0xa}, ...}, ...}, ...)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/cmd/instance/beat.go:197 +0x119
github.com/elastic/beats/v7/libbeat/cmd.genRunCmd.func1(0xc0001a7340, {0x39624b9, 0x2, 0x2})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/cmd/run.go:36 +0x58
github.com/spf13/cobra.(*Command).execute(0xc0001a7340, {0xc00004e0a0, 0x2, 0x2})
        /home/arnaud/Dev/golang/pkg/mod/github.com/spf13/[email protected]/command.go:860 +0x5f8
github.com/spf13/cobra.(*Command).ExecuteC(0xc0001a7340)
        /home/arnaud/Dev/golang/pkg/mod/github.com/spf13/[email protected]/command.go:974 +0x3bc
github.com/spf13/cobra.(*Command).Execute(...)
        /home/arnaud/Dev/golang/pkg/mod/github.com/spf13/[email protected]/command.go:902
main.main()
        /home/arnaud/Dev/clevercloud/apm-server/main.go:33 +0x25

goroutine 9 [select]:
go.opencensus.io/stats/view.(*worker).start(0xc0000fda80)
        /home/arnaud/Dev/golang/pkg/mod/[email protected]/stats/view/worker.go:276 +0xb9
created by go.opencensus.io/stats/view.init.0
        /home/arnaud/Dev/golang/pkg/mod/[email protected]/stats/view/worker.go:34 +0x92

goroutine 11 [chan receive]:
k8s.io/klog/v2.(*loggingT).flushDaemon(0xc000460fa8)
        /home/arnaud/Dev/golang/pkg/mod/k8s.io/klog/[email protected]/klog.go:1131 +0x6a
created by k8s.io/klog/v2.init.0
        /home/arnaud/Dev/golang/pkg/mod/k8s.io/klog/[email protected]/klog.go:416 +0xf4

goroutine 102 [select]:
github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.(*bufferingEventLoop).run(0xc000125a40)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/publisher/queue/memqueue/eventloop.go:316 +0x17c
github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.NewQueue.func1()
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/publisher/queue/memqueue/broker.go:176 +0x67
created by github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.NewQueue
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/publisher/queue/memqueue/broker.go:174 +0x612

goroutine 103 [select]:
github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.(*ackLoop).run(0xc0005a18b0)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/publisher/queue/memqueue/ackloop.go:60 +0xe6
github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.NewQueue.func2()
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/publisher/queue/memqueue/broker.go:180 +0x65
created by github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.NewQueue
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/publisher/queue/memqueue/broker.go:178 +0x671

goroutine 104 [select]:
github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.(*consumer).Get(0xc00011f240, 0xc00052fec8)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/publisher/queue/memqueue/consume.go:65 +0x9e
github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*eventConsumer).loop(0xc00053a120, {0x3e319e8, 0xc00011f240})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/publisher/pipeline/consumer.go:182 +0x198
github.com/elastic/beats/v7/libbeat/publisher/pipeline.newEventConsumer.func1()
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/publisher/pipeline/consumer.go:86 +0x66
created by github.com/elastic/beats/v7/libbeat/publisher/pipeline.newEventConsumer
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/publisher/pipeline/consumer.go:84 +0x1a7

goroutine 105 [select]:
github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*retryer).loop(0xc00053a300)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/publisher/pipeline/retry.go:135 +0x234
created by github.com/elastic/beats/v7/libbeat/publisher/pipeline.newRetryer
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/publisher/pipeline/retry.go:94 +0x1dd

goroutine 106 [select]:
net/http.(*Transport).getConn(0xc0005b6c80, 0xc000476d40, {{}, 0x0, {0xc000142e10, 0x5}, {0xc0006e0d40, 0x40}, 0x0})
        /usr/lib/go/src/net/http/transport.go:1372 +0x5d2
net/http.(*Transport).roundTrip(0xc0005b6c80, 0xc000659f00)
        /usr/lib/go/src/net/http/transport.go:581 +0x774
net/http.(*Transport).RoundTrip(0x3e57fe8, 0xc00053ac00)
        /usr/lib/go/src/net/http/roundtrip.go:18 +0x19
go.elastic.co/apm/module/apmelasticsearch.(*roundTripper).RoundTrip(0xc0003b3b30, 0xc000659f00)
        /home/arnaud/Dev/golang/pkg/mod/go.elastic.co/apm/module/[email protected]/client.go:67 +0x486
github.com/elastic/beats/v7/libbeat/common/transport/httpcommon.(*headerRoundTripper).RoundTrip(0xc000145d58, 0xc000659f00)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/common/transport/httpcommon/httpcommon.go:148 +0x1a8
net/http.send(0xc000659e00, {0x3e14f20, 0xc000145d58}, {0x38e7a40, 0x1496e01, 0x58c0e80})
        /usr/lib/go/src/net/http/client.go:252 +0x5d8
net/http.(*Client).send(0xc000493980, 0xc000659e00, {0x0, 0x145cd37, 0x58c0e80})
        /usr/lib/go/src/net/http/client.go:176 +0x9b
net/http.(*Client).do(0xc000493980, 0xc000659e00)
        /usr/lib/go/src/net/http/client.go:725 +0x908
net/http.(*Client).Do(0xc000493d10, 0x3961f75)
        /usr/lib/go/src/net/http/client.go:593 +0x19
github.com/elastic/beats/v7/libbeat/esleg/eslegclient.(*Connection).execHTTPRequest(0xc0006d6480, 0xc000659e00)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/esleg/eslegclient/connection.go:435 +0x42e
github.com/elastic/beats/v7/libbeat/esleg/eslegclient.(*Connection).execRequest(0xc0006d6480, {0x3961636, 0x0}, {0xc000142e10, 0xff}, {0x0, 0x0})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/esleg/eslegclient/connection.go:371 +0x145
github.com/elastic/beats/v7/libbeat/esleg/eslegclient.(*Connection).Ping(0xc0006d6480)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/esleg/eslegclient/connection.go:260 +0xd3
github.com/elastic/beats/v7/libbeat/esleg/eslegclient.(*Connection).getVersion(0xc0006d6480)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/esleg/eslegclient/connection.go:384 +0x25
github.com/elastic/beats/v7/libbeat/esleg/eslegclient.(*Connection).Connect(0xc0006d6480)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/esleg/eslegclient/connection.go:243 +0x25
github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).Connect(0x2875700)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/outputs/elasticsearch/client.go:429 +0x1b
github.com/elastic/beats/v7/libbeat/outputs.(*backoffClient).Connect(0xc0004939b0)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/outputs/backoff.go:49 +0x29
github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run(0xc00053a600)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/publisher/pipeline/output.go:148 +0x242
created by github.com/elastic/beats/v7/libbeat/publisher/pipeline.makeClientWorker
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/publisher/pipeline/output.go:79 +0x2b2

goroutine 42 [syscall]:
os/signal.signal_recv()
        /usr/lib/go/src/runtime/sigqueue.go:169 +0x98
os/signal.loop()
        /usr/lib/go/src/os/signal/signal_unix.go:24 +0x19
created by os/signal.Notify.func1.1
        /usr/lib/go/src/os/signal/signal.go:151 +0x2c

goroutine 43 [chan receive]:
github.com/elastic/beats/v7/libbeat/service.HandleSignals.func1()
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/service/service.go:50 +0x65
created by github.com/elastic/beats/v7/libbeat/service.HandleSignals
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/service/service.go:49 +0x198

goroutine 45 [semacquire]:
sync.runtime_Semacquire(0xc000602d00)
        /usr/lib/go/src/runtime/sema.go:56 +0x25
sync.(*WaitGroup).Wait(0xc00072d2a8)
        /usr/lib/go/src/sync/waitgroup.go:130 +0x71
golang.org/x/sync/errgroup.(*Group).Wait(0xc00053ec60)
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:40 +0x27
github.com/elastic/apm-server/beater.(*serverRunner).run(0xc0003fe1e0, {0x3e454f8, 0xc00072ce28})
        /home/arnaud/Dev/clevercloud/apm-server/beater/beater.go:492 +0xc75
github.com/elastic/apm-server/beater.(*reloader).reload.func1()
        /home/arnaud/Dev/clevercloud/apm-server/beater/beater.go:262 +0x90
created by github.com/elastic/apm-server/beater.(*reloader).reload
        /home/arnaud/Dev/clevercloud/apm-server/beater/beater.go:260 +0x265

goroutine 48 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 49 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 114 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 115 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 116 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 117 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 118 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 119 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 120 [semacquire]:
sync.runtime_Semacquire(0x0)
        /usr/lib/go/src/runtime/sema.go:56 +0x25
sync.(*WaitGroup).Wait(0x0)
        /usr/lib/go/src/sync/waitgroup.go:130 +0x71
github.com/elastic/apm-server/publish.NewPublisher.func2()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:122 +0x5b
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:120 +0x405

goroutine 121 [semacquire]:
sync.runtime_Semacquire(0xc0005829c0)
        /usr/lib/go/src/runtime/sema.go:56 +0x25
sync.(*WaitGroup).Wait(0xc00072df50)
        /usr/lib/go/src/sync/waitgroup.go:130 +0x71
golang.org/x/sync/errgroup.(*Group).Wait(0xc00053fad0)
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:40 +0x27
github.com/elastic/apm-server/beater.server.run({0xc0003f8020, 0xc000400500, {{0x3e14a40, 0xc00072d2d8}, {0x3e1a120, 0xc00072d2c0}, 0x6fc23ac00, 0xc0005351c0, 0xc0000b8900}, 0xc00015d5c0, ...})
        /home/arnaud/Dev/clevercloud/apm-server/beater/server.go:268 +0x245
github.com/elastic/apm-server/beater.newBaseRunServer.func1({_, _}, {{{0x396cad8, 0xa}, {0x396181c, 0x3}, {0x3962c58, 0x5}, 0x0, {0xc00040a630, ...}, ...}, ...})
        /home/arnaud/Dev/clevercloud/apm-server/beater/server.go:127 +0x358
github.com/elastic/apm-server/beater.WrapRunServerWithProcessors.func1({_, _}, {{{0x396cad8, 0xa}, {0x396181c, 0x3}, {0x3962c58, 0x5}, 0x0, {0xc00040a630, ...}, ...}, ...})
        /home/arnaud/Dev/clevercloud/apm-server/beater/beater.go:799 +0x168
github.com/elastic/apm-server/beater.(*serverRunner).run.func5()
        /home/arnaud/Dev/clevercloud/apm-server/beater/beater.go:479 +0x215
golang.org/x/sync/errgroup.(*Group).Go.func1()
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:57 +0x67
created by golang.org/x/sync/errgroup.(*Group).Go
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:54 +0x92

goroutine 122 [select]:
github.com/elastic/apm-server/beater.newBaseRunServer.func1.1()
        /home/arnaud/Dev/clevercloud/apm-server/beater/server.go:120 +0x87
created by github.com/elastic/apm-server/beater.newBaseRunServer.func1
        /home/arnaud/Dev/clevercloud/apm-server/beater/server.go:119 +0x232

goroutine 123 [select]:
github.com/elastic/apm-server/agentcfg.Reporter.Run({{0x3e14a40, 0xc00072d2d8}, {0x3e1a120, 0xc00072d2c0}, 0x6fc23ac00, 0xc0005351c0, 0xc0000b8900}, {0x3e57f78, 0xc00015cd80})
        /home/arnaud/Dev/clevercloud/apm-server/agentcfg/reporter.go:76 +0x248
created by github.com/elastic/apm-server/beater.newBaseRunServer.func1
        /home/arnaud/Dev/clevercloud/apm-server/beater/server.go:126 +0x329

goroutine 124 [IO wait]:
internal/poll.runtime_pollWait(0x7f9cc0f4e7d0, 0x72)
        /usr/lib/go/src/runtime/netpoll.go:229 +0x89
internal/poll.(*pollDesc).wait(0xc000162280, 0x2, 0x0)
        /usr/lib/go/src/internal/poll/fd_poll_runtime.go:84 +0x32
internal/poll.(*pollDesc).waitRead(...)
        /usr/lib/go/src/internal/poll/fd_poll_runtime.go:89
internal/poll.(*FD).Accept(0xc000162280)
        /usr/lib/go/src/internal/poll/fd_unix.go:402 +0x22c
net.(*netFD).accept(0xc000162280)
        /usr/lib/go/src/net/fd_unix.go:173 +0x35
net.(*TCPListener).accept(0xc00072ce28)
        /usr/lib/go/src/net/tcpsock_posix.go:140 +0x28
net.(*TCPListener).Accept(0xc00072ce28)
        /usr/lib/go/src/net/tcpsock.go:262 +0x3d
net/http.(*Server).Serve(0xc000028000, {0x3e454f8, 0xc00072ce28})
        /usr/lib/go/src/net/http/server.go:3001 +0x394
github.com/elastic/apm-server/beater.(*httpServer).start(0xc00015d5c0)
        /home/arnaud/Dev/clevercloud/apm-server/beater/http.go:119 +0x2f2
golang.org/x/sync/errgroup.(*Group).Go.func1()
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:57 +0x67
created by golang.org/x/sync/errgroup.(*Group).Go
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:54 +0x92

goroutine 125 [chan receive]:
github.com/elastic/gmux.(*chanListener).Accept(0x359f500)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/[email protected]/conn.go:100 +0x28
google.golang.org/grpc.(*Server).Serve(0xc00071f180, {0x3e38cb8, 0xc00072de18})
        /home/arnaud/Dev/golang/pkg/mod/google.golang.org/[email protected]/server.go:786 +0x362
github.com/elastic/apm-server/beater.server.run.func1()
        /home/arnaud/Dev/clevercloud/apm-server/beater/server.go:263 +0x29
golang.org/x/sync/errgroup.(*Group).Go.func1()
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:57 +0x67
created by golang.org/x/sync/errgroup.(*Group).Go
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/[email protected]/errgroup/errgroup.go:54 +0x92

goroutine 107 [select]:
net/http.setRequestCancel.func4()
        /usr/lib/go/src/net/http/client.go:398 +0x94
created by net/http.setRequestCancel
        /usr/lib/go/src/net/http/client.go:397 +0x43e

goroutine 108 [runnable]:
crypto/x509.parseName({0xc000a5a0cd, 0x2d, 0x4c1})
        /usr/lib/go/src/crypto/x509/parser.go:136 +0x134
crypto/x509.parseCertificate({0xc000a5a000, 0x578, 0x58e})
        /usr/lib/go/src/crypto/x509/parser.go:901 +0x62b
crypto/x509.ParseCertificate({0xc000a5a000, 0x578, 0xc000627320})
        /usr/lib/go/src/crypto/x509/parser.go:983 +0x25
crypto/x509.(*CertPool).AppendCertsFromPEM(0xc0004cade0, {0xc0009d2000, 0xc000864ba8, 0x400c000864bc8})
        /usr/lib/go/src/crypto/x509/cert_pool.go:218 +0x119
crypto/x509.loadSystemRoots()
        /usr/lib/go/src/crypto/x509/root_unix.go:45 +0x43e
crypto/x509.initSystemRoots()
        /usr/lib/go/src/crypto/x509/root.go:27 +0x1b
sync.(*Once).doSlow(0x1458d54, 0x8)
        /usr/lib/go/src/sync/once.go:68 +0xd2
sync.(*Once).Do(...)
        /usr/lib/go/src/sync/once.go:59
crypto/x509.systemRootsPool(...)
        /usr/lib/go/src/crypto/x509/root.go:22
crypto/x509.(*Certificate).Verify(0xc0005b9600, {{0x0, 0x0}, 0xc0004cad50, 0x0, {0x0, 0x0, 0x0}, {0x0, 0x0, ...}, ...})
        /usr/lib/go/src/crypto/x509/verify.go:750 +0x177
github.com/elastic/beats/v7/libbeat/common/transport/tlscommon.verifyCertsWithOpts({0xc000145f08, 0x0, 0x0}, {0x0, 0x0, 0x0}, {{0x0, 0x0}, 0xc0004cad50, 0x0, ...})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/common/transport/tlscommon/tls_config.go:254 +0xfa
github.com/elastic/beats/v7/libbeat/common/transport/tlscommon.makeVerifyConnection.func1({0x304, 0x0, 0x0, 0x1302, {0x0, 0x0}, 0x1, {0xc0006e0d40, 0x3c}, {0xc000145f08, ...}, ...})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/common/transport/tlscommon/tls_config.go:167 +0x128
crypto/tls.(*Conn).verifyServerCertificate(0xc000483180, {0xc000904960, 0x3, 0x4})
        /usr/lib/go/src/crypto/tls/handshake_client.go:893 +0x4b5
crypto/tls.(*clientHandshakeStateTLS13).readServerCertificate(0xc0008654c8)
        /usr/lib/go/src/crypto/tls/handshake_client_tls13.go:457 +0x2d1
crypto/tls.(*clientHandshakeStateTLS13).handshake(0xc0008654c8)
        /usr/lib/go/src/crypto/tls/handshake_client_tls13.go:87 +0x1d9
crypto/tls.(*Conn).clientHandshake(0xc000483180, {0x3e57f78, 0xc000476f40})
        /usr/lib/go/src/crypto/tls/handshake_client.go:219 +0x585
crypto/tls.(*Conn).handshakeContext(0xc000483180, {0x3e57fb0, 0xc000058128})
        /usr/lib/go/src/crypto/tls/conn.go:1445 +0x3d1
crypto/tls.(*Conn).HandshakeContext(...)
        /usr/lib/go/src/crypto/tls/conn.go:1395
crypto/tls.(*Conn).Handshake(...)
        /usr/lib/go/src/crypto/tls/conn.go:1379
github.com/elastic/beats/v7/libbeat/common/transport.tlsDialWith({0x3e773e8, 0x58f4260}, {0x3e1a380, 0xc00011e7a0}, {0x3961ac2, 0x203000}, {0xc0006e0d40, 0x203000}, 0x14f46b0400, 0xc0006d6900, ...)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/common/transport/tls.go:163 +0x207
github.com/elastic/beats/v7/libbeat/common/transport.TestTLSDialer.func1({0x3961ac2, 0x3}, {0xc0006e0d40, 0x17be24f})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/common/transport/tls.go:72 +0x385
github.com/elastic/beats/v7/libbeat/common/transport.DialerFunc.Dial(0x10, {0x3961ac2, 0xc00053af01}, {0xc0006e0d40, 0x17cb2bd})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/common/transport/transport.go:38 +0x33
github.com/elastic/beats/v7/libbeat/common/transport.ConnWrapper.func1({0x3961ac2, 0xc0000118c0}, {0xc0006e0d40, 0xc00053b020})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/common/transport/wrap.go:26 +0x45
github.com/elastic/beats/v7/libbeat/common/transport.DialerFunc.Dial(0xc0006e0d40, {0x3961ac2, 0x0}, {0xc0006e0d40, 0x1649085})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/common/transport/transport.go:38 +0x33
github.com/elastic/beats/v7/libbeat/common/transport.LoggingDialer.func1({0x3961ac2, 0x3}, {0xc0006e0d40, 0x40})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/common/transport/logging.go:35 +0x163
github.com/elastic/beats/v7/libbeat/common/transport.DialerFunc.Dial(0x100000000000060, {0x3961ac2, 0x118}, {0xc0006e0d40, 0x7f9ce8512108})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/[email protected]/libbeat/common/transport/transport.go:38 +0x33
net/http.(*Transport).customDialTLS(0xc00053ac00, {0x3e57fe8, 0xc00053ac00}, {0x3961ac2, 0x0}, {0xc0006e0d40, 0xc000476cc0})
        /usr/lib/go/src/net/http/transport.go:1316 +0x6b
net/http.(*Transport).dialConn(0xc0005b6c80, {0x3e57fe8, 0xc00053ac00}, {{}, 0x0, {0xc000142e10, 0x5}, {0xc0006e0d40, 0x40}, 0x0})
        /usr/lib/go/src/net/http/transport.go:1580 +0x3ff
net/http.(*Transport).dialConnFor(0x287d466, 0xc0004848f0)
        /usr/lib/go/src/net/http/transport.go:1446 +0xb0
created by net/http.(*Transport).queueForDial
        /usr/lib/go/src/net/http/transport.go:1415 +0x3d7

rax    0x0
rbx    0x7f9cb97fa640
rcx    0x7f9ce85e3ad3
rdx    0x6
rdi    0xebc9f
rsi    0xebca8
rbp    0xebca8
rsp    0x7f9cb97f9840
r8     0x7f9cb97f9870
r9     0x0
r10    0x8
r11    0x202
r12    0x6
r13    0x7f9cb97f9b60
r14    0xc0006024e0
r15    0x7f9cc19e915b
rip    0x7f9ce85e3ad3
rflags 0x202
cs     0x33
fs     0x0
gs     0x0
APM logs
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.564+0200","log.origin":{"file.name":"instance/beat.go","file.line":654},"message":"Home path: [/home/arnaud/Dev/clevercloud/apm-server] Config path: [/home/arnaud/Dev/clevercloud/apm-server] Data path: [/home/arnaud/Dev/clevercloud/apm-server/data] Logs path: [/home/arnaud/Dev/clevercloud/apm-server/logs]","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.564+0200","log.origin":{"file.name":"instance/beat.go","file.line":662},"message":"Beat ID: da8fee46-f825-4071-86cd-43796243f7ac","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.565+0200","log.logger":"seccomp","log.origin":{"file.name":"seccomp/seccomp.go","file.line":124},"message":"Syscall filter successfully installed","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.565+0200","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":996},"message":"Beat info","service.name":"apm-server","system_info":{"beat":{"path":{"config":"/home/arnaud/Dev/clevercloud/apm-server","data":"/home/arnaud/Dev/clevercloud/apm-server/data","home":"/home/arnaud/Dev/clevercloud/apm-server","logs":"/home/arnaud/Dev/clevercloud/apm-server/logs"},"type":"apm-server","uuid":"da8fee46-f825-4071-86cd-43796243f7ac"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.565+0200","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1005},"message":"Build info","service.name":"apm-server","system_info":{"build":{"commit":"unknown","libbeat":"8.0.0","time":"0001-01-01T00:00:00.000Z","version":"8.0.0"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.565+0200","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1008},"message":"Go runtime info","service.name":"apm-server","system_info":{"go":{"os":"linux","arch":"amd64","max_procs":8,"version":"go1.17.1"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.566+0200","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1012},"message":"Host info","service.name":"apm-server","system_info":{"host":{"architecture":"x86_64","boot_time":"2021-09-15T09:02:01+02:00","containerized":false,"name":"exherswag","ip":["127.0.0.1/8","::1/128","192.168.1.6/24","2a01:e34:ec52:4920:a952:2b5f:f139:634c/64","fe80::345e:3214:b582:590e/64"],"kernel_version":"5.13.16+","mac":["2e:88:67:4e:96:5b","40:a3:cc:c2:b1:db"],"os":{"type":"linux","family":"","platform":"exherbo","name":"Exherbo","version":"","major":0,"minor":0,"patch":0},"timezone":"CEST","timezone_offset_sec":7200,"id":"8c53e4b5e43a473dabab6e031c03f534"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.566+0200","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1041},"message":"Process info","service.name":"apm-server","system_info":{"process":{"capabilities":{"inheritable":null,"permitted":null,"effective":null,"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read","38","39","40"],"ambient":null},"cwd":"/home/arnaud/Dev/golang/src/github.com/elastic/apm-server","exe":"/home/arnaud/Dev/golang/src/github.com/elastic/apm-server/apm-server","name":"apm-server","pid":965791,"ppid":3091366,"seccomp":{"mode":"filter","no_new_privs":true},"start_time":"2021-09-24T00:52:52.830+0200"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.566+0200","log.origin":{"file.name":"instance/beat.go","file.line":309},"message":"Setup Beat: apm-server; Version: 8.0.0","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.567+0200","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":102},"message":"elasticsearch url: https://btzojipgx65c22yejkwz-elasticsearch.services.clever-cloud.com:443","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.567+0200","log.logger":"publisher","log.origin":{"file.name":"pipeline/module.go","file.line":113},"message":"Beat name: exherswag","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.567+0200","log.logger":"beater","log.origin":{"file.name":"beater/beater.go","file.line":634},"message":"Registering pipeline callback","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.567+0200","log.origin":{"file.name":"instance/beat.go","file.line":473},"message":"apm-server start running.","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"beater","log.origin":{"file.name":"beater/http.go","file.line":155},"message":"Listening on: [::]:8080","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path / added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path /assets/v1/sourcemaps added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path /config/v1/agents added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path /config/v1/rum/agents added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path /intake/v2/rum/events added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path /intake/v3/rum/events added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path /intake/v2/events added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path /intake/v2/profile added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"beater","log.origin":{"file.name":"beater/server.go","file.line":259},"message":"Starting apm-server [unknown built 0001-01-01 00:00:00 +0000 UTC]. Hit CTRL-C to stop it.","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"beater","log.origin":{"file.name":"beater/http.go","file.line":99},"message":"RUM endpoints disabled.","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"onboarding","log.origin":{"file.name":"beater/onboarding.go","file.line":34},"message":"Publishing onboarding document","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"beater","log.origin":{"file.name":"beater/http.go","file.line":115},"message":"Secret token is set, but SSL is not enabled.","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"beater","log.origin":{"file.name":"beater/http.go","file.line":117},"message":"SSL disabled.","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:54.569+0200","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":143},"message":"Connecting to backoff(elasticsearch(https://btzojipgx65c22yejkwz-elasticsearch.services.clever-cloud.com:443))","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:54.569+0200","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":219},"message":"retryer: send unwait signal to consumer","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:54.569+0200","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":223},"message":"  done","service.name":"apm-server","ecs.version":"1.6.0"}
GDB backtrace
Thread 7 "apm-server" received signal SIGABRT, Aborted.
[Switching to LWP 974562]
0x00007ffff7e31ad3 in pthread_kill@GLIBC_2.2.5 () from /usr/x86_64-pc-linux-gnu/lib/libc.so.6
(gdb) bt



#0  0x00007ffff7e31ad3 in pthread_kill@GLIBC_2.2.5 () from /usr/x86_64-pc-linux-gnu/lib/libc.so.6



#1  0x00007ffff7de52f6 in raise () from /usr/x86_64-pc-linux-gnu/lib/libc.so.6



#2  0x00007ffff7dcf7b5 in abort () from /usr/x86_64-pc-linux-gnu/lib/libc.so.6



#3  0x0000000003300069 in fatalf (format=format@entry=0x3f2854c "pthread_create failed: %s") at gcc_fatalf.c:22



#4  0x0000000003300411 in _cgo_sys_thread_start (ts=<optimized out>) at gcc_linux_amd64.c:78



#5  0x000000000147502d in runtime.asmcgocall () at /usr/lib/go/src/runtime/asm_amd64.s:795



#6  0x00007fffc9ffac28 in ?? ()



#7  0x0000000001418727 in runtime.newobject (typ=<optimized out>, ~r1=<optimized out>) at /usr/lib/go/src/runtime/malloc.go:1228



#8  0x0000000000000000 in ?? ()

** Additional information **

This issue started to happen as soon as we switched to glibc 2.34. It did not happen on glibc 2.33. Downgrading glibc from 2.34 to 2.33 resolves the issue, with the exact same binaries. This problem might as well be a golang bug but I'm not really sure and since I don't see any issue on their bug tracker, I'm wondering if we are the only ones hitting this.

Glibc 2.34 started to use the new clone3 syscall on thread creation (in the pthread_create() function from my understanding). This syscall sometimes returns EPERM leading to the following crash (https://github.com/golang/go/blob/4e308d73ba3610838305997b6f4793c4f4dcfc4e/src/runtime/cgo/gcc_libinit.c#L94). I say "sometimes" because there are other successful clone3() calls before.

I've seen a few projects that also had issue with this new syscall (Docker, Firefox and Chromium). They all mention issues with their sandbox which is based on seccomp. I see the APM project also depend on https://github.com/elastic/go-seccomp-bpf. I couldn't see it really used or even any syscall filtering on the go-seccomp-bpf project as there are on the previously mentionned projets, but maybe I'm overlooking something?

It's also worth to mention that running as root doesn't fix the Operation not permitted error.

Let me know if you need any other information, I'm not a go expert at all. Thanks for any help you could provide, I'll keep looking on my side.

@BlackYoup BlackYoup added the bug label Sep 23, 2021
@BlackYoup BlackYoup changed the title runtime/cgo: pthread_create failed: Operation not permitted runtime/cgo: pthread_create failed: Operation not permitted on glibc 2.34 Sep 23, 2021
@graphaelli
Copy link
Member

Thanks for the report! I can confirm this reproduces as you described. It also does appear to be related to seccomp. Briefly, you should see something like this logged on startup:

{"log.level":"info","@timestamp":"2021-09-24T02:42:42.766Z","log.logger":"seccomp","log.origin":{"file.name":"seccomp/seccomp.go","file.line":124},"message":"Syscall filter successfully installed","service.name":"apm-server","ecs.version":"1.6.0"}

The default policy for linux/amd64 is defined here: https://github.com/elastic/beats/blob/7e4affb6702a39f378170b8866f966d1b29e06fc/libbeat/common/seccomp/policy_linux_amd64.go#L25. This policy can be redefined via the apm-server.yml, adding clone3, apparently resolving the issue.

example config
seccomp:
  default_action: errno
  syscalls:
  - action: allow
    names: 
      - accept
      - accept4
      - access
      - arch_prctl
      - bind
      - brk
      - chmod
      - chown
      - clock_gettime
      - clone
      - clone3
      - close
      - connect
      - dup
      - dup2
      - epoll_create
      - epoll_create1
      - epoll_ctl
      - epoll_pwait
      - epoll_wait
      - exit
      - exit_group
      - fchdir
      - fchmod
      - fchmodat
      - fchown
      - fchownat
      - fcntl
      - fdatasync
      - flock
      - fstat
      - fstatfs
      - fsync
      - ftruncate
      - futex
      - getcwd
      - getdents
      - getdents64
      - geteuid
      - getgid
      - getpeername
      - getpid
      - getppid
      - getrandom
      - getrlimit
      - getrusage
      - getsockname
      - getsockopt
      - gettid
      - gettimeofday
      - getuid
      - inotify_add_watch
      - inotify_init1
      - inotify_rm_watch
      - ioctl
      - kill
      - listen
      - lseek
      - lstat
      - madvise
      - mincore
      - mkdirat
      - mmap
      - mprotect
      - munmap
      - nanosleep
      - newfstatat
      - open
      - openat
      - pipe
      - pipe2
      - poll
      - ppoll
      - pread64
      - pselect6
      - pwrite64
      - read
      - readlink
      - readlinkat
      - recvfrom
      - recvmmsg
      - recvmsg
      - rename
      - renameat
      - rt_sigaction
      - rt_sigprocmask
      - rt_sigreturn
      - sched_getaffinity
      - sched_yield
      - sendfile
      - sendmmsg
      - sendmsg
      - sendto
      - set_robust_list
      - setitimer
      - setsockopt
      - shutdown
      - sigaltstack
      - socket
      - splice
      - stat
      - statfs
      - sysinfo
      - tgkill
      - time
      - tkill
      - uname
      - unlink
      - unlinkat
      - wait4
      - waitid
      - write
      - writev

You may also disable seccomp altogether with seccomp.enabled: false but I wouldn't recommend that generally.

@BlackYoup
Copy link
Contributor Author

Thanks for the answer, your workaround seems to work fine indeed!

I'll open an issue in the beats repository, mentioning this one. Should we keep this issue open until apm-server has updated its dependency to beats?

@graphaelli
Copy link
Member

Yes, let's keep this open until the dependency update. Thanks again!

@zube zube bot added the [zube]: Blocked label Sep 28, 2021
BlackYoup added a commit to BlackYoup/beats that referenced this issue Oct 7, 2021
clone3 is a linux syscall that is now used by glibc starting version
2.34. It is used when pthread_create() gets called. Current seccomp
filters do not allow this syscall leading to crashes like
runtime/cgo: pthread_create failed: Operation not permitted

See elastic/apm-server#6238 for more details
simitt pushed a commit to elastic/beats that referenced this issue Oct 11, 2021
clone3 is a linux syscall that is now used by glibc starting version
2.34. It is used when pthread_create() gets called. Current seccomp
filters do not allow this syscall leading to crashes like
runtime/cgo: pthread_create failed: Operation not permitted

See elastic/apm-server#6238 for more details
mergify bot pushed a commit to elastic/beats that referenced this issue Oct 11, 2021
clone3 is a linux syscall that is now used by glibc starting version
2.34. It is used when pthread_create() gets called. Current seccomp
filters do not allow this syscall leading to crashes like
runtime/cgo: pthread_create failed: Operation not permitted

See elastic/apm-server#6238 for more details

(cherry picked from commit 82507fd)
mergify bot pushed a commit to elastic/beats that referenced this issue Oct 11, 2021
clone3 is a linux syscall that is now used by glibc starting version
2.34. It is used when pthread_create() gets called. Current seccomp
filters do not allow this syscall leading to crashes like
runtime/cgo: pthread_create failed: Operation not permitted

See elastic/apm-server#6238 for more details

(cherry picked from commit 82507fd)
newly12 pushed a commit to newly12/beats that referenced this issue Oct 13, 2021
clone3 is a linux syscall that is now used by glibc starting version
2.34. It is used when pthread_create() gets called. Current seccomp
filters do not allow this syscall leading to crashes like
runtime/cgo: pthread_create failed: Operation not permitted

See elastic/apm-server#6238 for more details
fearful-symmetry pushed a commit to elastic/beats that referenced this issue Oct 20, 2021
* singleton sysinfo host to avoid frequently collecting host info

* add Host object to Stats object

* update changelog

* set procStats.host to nil if any error calling sysinfo.Host()

* Update aws-lambda-go library version to 1.13.3 (#28236)

* [cloud][docker] use the private docker namespace (#28286)

* [7.x] [DOCS] Update api_key example on elasticsearch output (#28288)

* packetbeat/protos/dns: don't render missing A and AAAA addresses from truncated records (#28297)

* seccomp: allow clone3 syscall for x86 (#28117)

clone3 is a linux syscall that is now used by glibc starting version
2.34. It is used when pthread_create() gets called. Current seccomp
filters do not allow this syscall leading to crashes like
runtime/cgo: pthread_create failed: Operation not permitted

See elastic/apm-server#6238 for more details

* Osquerybeat: Improve handling of osquery.autoload file, allow customizations (#28289)

Previously the osquery.autoload file was overwritten every time on
osquerybeat start and stamped with our extension.
After the change we check the content of the file and do not overwrite it on
each osquerybeat start. This allows the user to deploy their own
extensions if their want and start osquery with that.

* Osquerybeat: Runner and Fetcher unit tests (#28290)

* Runner and Fetcher unit tests

* Fix header formatting

* Tweak test

* Update go release version 1.17.1 (#27543)

* format of conditional build tags has changed
* matching of * in regexes was fixed, thus breaking some of our code: golang/go#46123
* iproute package was missing from the new Golang Docker image, thus, we had to add it for our tests
* go.mod file contains separate require directive for transitive dependencies

* Move labels and annotations under kubernetes.namespace. (#27917)

* Move labels and annotations under kubernetes.namespace.

* Remove GCP support from Functionbeat (#28253)

* Fix build tags for Go 1.17 (#28338)

* [Elastic Agent] Add ability to communicate with Kibana through service token (#28096)

* Add ability to communicate with Kibana through service token. Add ability to pass service token to container subcommand.

* Add changelog entry.

* Fix go fmt.

* Add username to ASA Security negotiation log (#26975)

* Add username to ASA Security negotiation log

I added the username user.name field to ASA Security negotiation log line.

* adding support for both formats

* adding changelog entry

* updating geo fields in expected output files

* reverse formatting

* reverting to older version of file

* reverting formatting again

* regenrate golden files again

* remove formatting, ready for review

* fixing missing message due to no newline

* fix dissect pattern to fit correctly

Co-authored-by: Marius Iversen <[email protected]>

* x-pack/filebeat/module/cisco: loosen time parsing and add group and session type capture (#28325)

* Redis: remove deprecated fields (#28246)

* Redis: remove deprecated fields

* Disable generator tests temporarily (#28362)

* Windows/perfmon metricset -  remove deprecated perfmon.counters configuration (#28282)

* remove deprecated config

* changelog

* [Filebeat] - S3 Input - Add support for only iterating/accessing only… (#28252)

* [Filebeat] - S3 Input - Add support for only iterating/accessing only specific folders or datapaths

* Breaking change for 8.0, namespace_annotations replaced by namespace.annotations (#28230)

* Breaking change for 8.0, namespace_annotations replaced by namespace.annotations

* Take care of namespace being nil

* [Heartbeat] Setuid to regular user / lower capabilities when possible (#27878)

partial fix for #27648 , this PR:

Detects if the user is running as root then:
Checks to see if an environment variable BEAT_SETUID_AS (set in our Docker.tmpl) is present
Attempts to Setuid , Setgid and Setgroups to that user / groups
Invokes setcap to drop all privileges except NET_RAW+ep
This PR also fixes the broken syscall filtering in heartbeat, some non-syscall strings were breaking that.

With the changes here elastic-agent can still run as root, but the subprocesses can lower their privileges ASAP. This should also make it possible for heartbeat to safely run ICMP pings and synthetics. Synthetics must run as non-root, but ICMP requires NET_RAW. This lets us be consistent in our docs with the recommendation that elastic-agent run as root.

* mage fmt

Co-authored-by: kaiyan-sheng <[email protected]>
Co-authored-by: Victor Martinez <[email protected]>
Co-authored-by: Ugo Sangiorgi <[email protected]>
Co-authored-by: Dan Kortschak <[email protected]>
Co-authored-by: Arnaud Lefebvre <[email protected]>
Co-authored-by: Aleksandr Maus <[email protected]>
Co-authored-by: apmmachine <[email protected]>
Co-authored-by: Michael Katsoulis <[email protected]>
Co-authored-by: Noémi Ványi <[email protected]>
Co-authored-by: Blake Rouse <[email protected]>
Co-authored-by: LaZyDK <[email protected]>
Co-authored-by: Marius Iversen <[email protected]>
Co-authored-by: Andrea Spacca <[email protected]>
Co-authored-by: Mariana Dima <[email protected]>
Co-authored-by: Andrew Cholakian <[email protected]>
@axw
Copy link
Member

axw commented Oct 26, 2021

Fixed in elastic/beats#28117

@axw axw closed this as completed Oct 26, 2021
Icedroid pushed a commit to Icedroid/beats that referenced this issue Nov 1, 2021
clone3 is a linux syscall that is now used by glibc starting version
2.34. It is used when pthread_create() gets called. Current seccomp
filters do not allow this syscall leading to crashes like
runtime/cgo: pthread_create failed: Operation not permitted

See elastic/apm-server#6238 for more details
Icedroid pushed a commit to Icedroid/beats that referenced this issue Nov 1, 2021
* singleton sysinfo host to avoid frequently collecting host info

* add Host object to Stats object

* update changelog

* set procStats.host to nil if any error calling sysinfo.Host()

* Update aws-lambda-go library version to 1.13.3 (elastic#28236)

* [cloud][docker] use the private docker namespace (elastic#28286)

* [7.x] [DOCS] Update api_key example on elasticsearch output (elastic#28288)

* packetbeat/protos/dns: don't render missing A and AAAA addresses from truncated records (elastic#28297)

* seccomp: allow clone3 syscall for x86 (elastic#28117)

clone3 is a linux syscall that is now used by glibc starting version
2.34. It is used when pthread_create() gets called. Current seccomp
filters do not allow this syscall leading to crashes like
runtime/cgo: pthread_create failed: Operation not permitted

See elastic/apm-server#6238 for more details

* Osquerybeat: Improve handling of osquery.autoload file, allow customizations (elastic#28289)

Previously the osquery.autoload file was overwritten every time on
osquerybeat start and stamped with our extension.
After the change we check the content of the file and do not overwrite it on
each osquerybeat start. This allows the user to deploy their own
extensions if their want and start osquery with that.

* Osquerybeat: Runner and Fetcher unit tests (elastic#28290)

* Runner and Fetcher unit tests

* Fix header formatting

* Tweak test

* Update go release version 1.17.1 (elastic#27543)

* format of conditional build tags has changed
* matching of * in regexes was fixed, thus breaking some of our code: golang/go#46123
* iproute package was missing from the new Golang Docker image, thus, we had to add it for our tests
* go.mod file contains separate require directive for transitive dependencies

* Move labels and annotations under kubernetes.namespace. (elastic#27917)

* Move labels and annotations under kubernetes.namespace.

* Remove GCP support from Functionbeat (elastic#28253)

* Fix build tags for Go 1.17 (elastic#28338)

* [Elastic Agent] Add ability to communicate with Kibana through service token (elastic#28096)

* Add ability to communicate with Kibana through service token. Add ability to pass service token to container subcommand.

* Add changelog entry.

* Fix go fmt.

* Add username to ASA Security negotiation log (elastic#26975)

* Add username to ASA Security negotiation log

I added the username user.name field to ASA Security negotiation log line.

* adding support for both formats

* adding changelog entry

* updating geo fields in expected output files

* reverse formatting

* reverting to older version of file

* reverting formatting again

* regenrate golden files again

* remove formatting, ready for review

* fixing missing message due to no newline

* fix dissect pattern to fit correctly

Co-authored-by: Marius Iversen <[email protected]>

* x-pack/filebeat/module/cisco: loosen time parsing and add group and session type capture (elastic#28325)

* Redis: remove deprecated fields (elastic#28246)

* Redis: remove deprecated fields

* Disable generator tests temporarily (elastic#28362)

* Windows/perfmon metricset -  remove deprecated perfmon.counters configuration (elastic#28282)

* remove deprecated config

* changelog

* [Filebeat] - S3 Input - Add support for only iterating/accessing only… (elastic#28252)

* [Filebeat] - S3 Input - Add support for only iterating/accessing only specific folders or datapaths

* Breaking change for 8.0, namespace_annotations replaced by namespace.annotations (elastic#28230)

* Breaking change for 8.0, namespace_annotations replaced by namespace.annotations

* Take care of namespace being nil

* [Heartbeat] Setuid to regular user / lower capabilities when possible (elastic#27878)

partial fix for elastic#27648 , this PR:

Detects if the user is running as root then:
Checks to see if an environment variable BEAT_SETUID_AS (set in our Docker.tmpl) is present
Attempts to Setuid , Setgid and Setgroups to that user / groups
Invokes setcap to drop all privileges except NET_RAW+ep
This PR also fixes the broken syscall filtering in heartbeat, some non-syscall strings were breaking that.

With the changes here elastic-agent can still run as root, but the subprocesses can lower their privileges ASAP. This should also make it possible for heartbeat to safely run ICMP pings and synthetics. Synthetics must run as non-root, but ICMP requires NET_RAW. This lets us be consistent in our docs with the recommendation that elastic-agent run as root.

* mage fmt

Co-authored-by: kaiyan-sheng <[email protected]>
Co-authored-by: Victor Martinez <[email protected]>
Co-authored-by: Ugo Sangiorgi <[email protected]>
Co-authored-by: Dan Kortschak <[email protected]>
Co-authored-by: Arnaud Lefebvre <[email protected]>
Co-authored-by: Aleksandr Maus <[email protected]>
Co-authored-by: apmmachine <[email protected]>
Co-authored-by: Michael Katsoulis <[email protected]>
Co-authored-by: Noémi Ványi <[email protected]>
Co-authored-by: Blake Rouse <[email protected]>
Co-authored-by: LaZyDK <[email protected]>
Co-authored-by: Marius Iversen <[email protected]>
Co-authored-by: Andrea Spacca <[email protected]>
Co-authored-by: Mariana Dima <[email protected]>
Co-authored-by: Andrew Cholakian <[email protected]>
v1v pushed a commit to elastic/beats that referenced this issue Nov 11, 2021
clone3 is a linux syscall that is now used by glibc starting version
2.34. It is used when pthread_create() gets called. Current seccomp
filters do not allow this syscall leading to crashes like
runtime/cgo: pthread_create failed: Operation not permitted

See elastic/apm-server#6238 for more details

(cherry picked from commit 82507fd)
andrewkroh pushed a commit to elastic/beats that referenced this issue Dec 12, 2021
* seccomp: allow clone3 syscall for x86 (#28117)

clone3 is a linux syscall that is now used by glibc starting version
2.34. It is used when pthread_create() gets called. Current seccomp
filters do not allow this syscall leading to crashes like
runtime/cgo: pthread_create failed: Operation not permitted

See elastic/apm-server#6238 for more details

(cherry picked from commit 82507fd)

Co-authored-by: Arnaud Lefebvre <[email protected]>
Co-authored-by: Jaime Soriano Pastor <[email protected]>
@zube zube bot removed the [zube]: Done label Jan 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants