runtime/cgo: pthread_create failed: Operation not permitted on glibc 2.34 #6238

BlackYoup · 2021-09-23T23:24:34Z

APM Server version (apm-server version):

apm-server version 8.0.0 (amd64), libbeat 8.0.0 [unknown built unknown] (current master but the issue also applies to previous apm-server version)

Description of the problem including expected versus actual behavior:

Since we upgraded to glibc 2.34, the apm-server crashes quite rapidly with the following error:

❯ ./apm-server -c ./apm-server.yml
runtime/cgo: pthread_create failed: Operation not permitted
SIGABRT: abort
PC=0x7f9ce85e3ad3 m=9 sigcode=18446744073709551610

Steps to reproduce:

Please include a minimal but complete recreation of the problem,
including server configuration, agent(s) used, etc. The easier you make it
for us to reproduce it, the more likely that somebody will take the time to
look at it.

Install glibc 2.34
go build the project (already built binary might as well have the bug)
run ./apm-server -c <configuration file>, the configuration file must point to a working Elasticsearch node / cluster
wait a few seconds for the crash to happen

My apm-server.yml file looks like:

apm-server:
    host: "0.0.0.0:8080"
    secret_token: "SECRET"

output.elasticsearch:
    hosts: ["URL:443"]
    protocol: "https"
    username: "USER"
    password: "PASSWORD"

path.home: "/home/arnaud/Dev/clevercloud/apm-server"

logging:
    to_syslog: false
    to_files: true

Provide logs (if relevant):

Crash logs

  ❯ ./apm-server -c ./apm-server.yml.back
runtime/cgo: pthread_create failed: Operation not permitted
SIGABRT: abort
PC=0x7f9ce85e3ad3 m=9 sigcode=18446744073709551610

goroutine 0 [idle]:
runtime: unknown pc 0x7f9ce85e3ad3
stack: frame={sp:0x7f9cb97f9840, fp:0x0} stack=[0x7f9cb8ffa1d0,0x7f9cb97f9dd0)
0x00007f9cb97f9740:  0x0000000000000000  0x0000000000000000
0x00007f9cb97f9750:  0x0000000000000000  0x0000000000000000
0x00007f9cb97f9760:  0x0000000000000000  0x00007f9ce85f0fba
0x00007f9cb97f9770:  0x0000000000000000  0x0000000000000011
0x00007f9cb97f9780:  0x0000000000000000  0x0000000000000130
0x00007f9cb97f9790:  0x0000000000000120  0x0000000000000000
0x00007f9cb97f97a0:  0x0000000000000013  0x0000000000000000
0x00007f9cb97f97b0:  0x0000000000000004  0x0000003400000013
0x00007f9cb97f97c0:  0x000000770000006e  0x00007f9ce8665d91
0x00007f9cb97f97d0:  0x00007f9c977fe640  0x00007f9cb97f9aa0
0x00007f9cb97f97e0:  0x00007f9cb97f990e  0x00007f9cb97f990f
0x00007f9cb97f97f0:  0x0000000000000000  0x00007f9ce85e1b27
0x00007f9cb97f9800:  0x00007f9c98000020  0x0000000000000120
0x00007f9cb97f9810:  0x00000000003d0f00  0x00007f9c977fe910
0x00007f9cb97f9820:  0x00007f9c977fe910  0x00007f9c977fe910
0x00007f9cb97f9830:  0x0000000000000000  0x00007f9ce85e3ac5
0x00007f9cb97f9840: <0x00000000007fff00  0x0000000000000006
0x00007f9cb97f9850:  0x0000000000000001  0x00007f9ce85972f6
0x00007f9cb97f9860:  0x0000000003f2854c  0x00007f9ce85817b5
0x00007f9cb97f9870:  0x0000000000000020  0x00007f9ce8654e54
0x00007f9cb97f9880:  0x0000000000000000  0x000000000000000d
0x00007f9cb97f9890:  0x0000000003f2853e  0x000000000000000d
0x00007f9cb97f98a0:  0x0000000000000000  0x00007f9ce8654e54
0x00007f9cb97f98b0:  0x0000000000001100  0x0000000000000001
0x00007f9cb97f98c0:  0x00007f9ce874e703  0x0000000000000001
0x00007f9cb97f98d0:  0x0000000000000d68  0x00007f9ce85d994d
0x00007f9cb97f98e0:  0x00000000ffffffff  0x00007f9ce874e680
0x00007f9cb97f98f0:  0x00007f9ce874e703  0x00007f9ce874f560
0x00007f9cb97f9900:  0x0000000000000d68  0x00007f9ce85d8cb6
0x00007f9cb97f9910:  0x000000000000000d  0x0000000000000001
0x00007f9cb97f9920:  0x00007f9ce874e680  0x000000000000000a
0x00007f9cb97f9930:  0x00007f9cb97f9b60  0x000000c0006024e0
runtime: unknown pc 0x7f9ce85e3ad3
stack: frame={sp:0x7f9cb97f9840, fp:0x0} stack=[0x7f9cb8ffa1d0,0x7f9cb97f9dd0)
0x00007f9cb97f9740:  0x0000000000000000  0x0000000000000000
0x00007f9cb97f9750:  0x0000000000000000  0x0000000000000000
0x00007f9cb97f9760:  0x0000000000000000  0x00007f9ce85f0fba
0x00007f9cb97f9770:  0x0000000000000000  0x0000000000000011
0x00007f9cb97f9780:  0x0000000000000000  0x0000000000000130
0x00007f9cb97f9790:  0x0000000000000120  0x0000000000000000
0x00007f9cb97f97a0:  0x0000000000000013  0x0000000000000000
0x00007f9cb97f97b0:  0x0000000000000004  0x0000003400000013
0x00007f9cb97f97c0:  0x000000770000006e  0x00007f9ce8665d91
0x00007f9cb97f97d0:  0x00007f9c977fe640  0x00007f9cb97f9aa0
0x00007f9cb97f97e0:  0x00007f9cb97f990e  0x00007f9cb97f990f
0x00007f9cb97f97f0:  0x0000000000000000  0x00007f9ce85e1b27
0x00007f9cb97f9800:  0x00007f9c98000020  0x0000000000000120
0x00007f9cb97f9810:  0x00000000003d0f00  0x00007f9c977fe910
0x00007f9cb97f9820:  0x00007f9c977fe910  0x00007f9c977fe910
0x00007f9cb97f9830:  0x0000000000000000  0x00007f9ce85e3ac5
0x00007f9cb97f9840: <0x00000000007fff00  0x0000000000000006
0x00007f9cb97f9850:  0x0000000000000001  0x00007f9ce85972f6
0x00007f9cb97f9860:  0x0000000003f2854c  0x00007f9ce85817b5
0x00007f9cb97f9870:  0x0000000000000020  0x00007f9ce8654e54
0x00007f9cb97f9880:  0x0000000000000000  0x000000000000000d
0x00007f9cb97f9890:  0x0000000003f2853e  0x000000000000000d
0x00007f9cb97f98a0:  0x0000000000000000  0x00007f9ce8654e54
0x00007f9cb97f98b0:  0x0000000000001100  0x0000000000000001
0x00007f9cb97f98c0:  0x00007f9ce874e703  0x0000000000000001
0x00007f9cb97f98d0:  0x0000000000000d68  0x00007f9ce85d994d
0x00007f9cb97f98e0:  0x00000000ffffffff  0x00007f9ce874e680
0x00007f9cb97f98f0:  0x00007f9ce874e703  0x00007f9ce874f560
0x00007f9cb97f9900:  0x0000000000000d68  0x00007f9ce85d8cb6
0x00007f9cb97f9910:  0x000000000000000d  0x0000000000000001
0x00007f9cb97f9920:  0x00007f9ce874e680  0x000000000000000a
0x00007f9cb97f9930:  0x00007f9cb97f9b60  0x000000c0006024e0

goroutine 1 [chan receive]:
github.com/elastic/apm-server/beater.(*beater).Run(0xc00015c100, 0x11)
        /home/arnaud/Dev/clevercloud/apm-server/beater/beater.go:145 +0xb9
github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).launch(0xc0003a4000, {{0x396cad8, 0xa}, {0x396181c, 0x3}, {0x3962c58, 0x5}, 0x0, 0x0, {{0x396cae2, ...}, ...}, ...}, ...)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/cmd/instance/beat.go:479 +0x8cb
github.com/elastic/beats/v7/libbeat/cmd/instance.Run.func1({0x396cad8, 0xa}, {0x396181c, 0x3}, {0x3962c58, 0x5}, 0x0, 0xc000679d30, 0xa)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/cmd/instance/beat.go:196 +0x388
github.com/elastic/beats/v7/libbeat/cmd/instance.Run({{0x396cad8, 0xa}, {0x396181c, 0x3}, {0x3962c58, 0x5}, 0x0, 0x0, {{0x396cae2, 0xa}, ...}, ...}, ...)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/cmd/instance/beat.go:197 +0x119
github.com/elastic/beats/v7/libbeat/cmd.genRunCmd.func1(0xc0001a7340, {0x39624b9, 0x2, 0x2})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/cmd/run.go:36 +0x58
github.com/spf13/cobra.(*Command).execute(0xc0001a7340, {0xc00004e0a0, 0x2, 0x2})
        /home/arnaud/Dev/golang/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:860 +0x5f8
github.com/spf13/cobra.(*Command).ExecuteC(0xc0001a7340)
        /home/arnaud/Dev/golang/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:974 +0x3bc
github.com/spf13/cobra.(*Command).Execute(...)
        /home/arnaud/Dev/golang/pkg/mod/github.com/spf13/cobra@v1.2.1/command.go:902
main.main()
        /home/arnaud/Dev/clevercloud/apm-server/main.go:33 +0x25

goroutine 9 [select]:
go.opencensus.io/stats/view.(*worker).start(0xc0000fda80)
        /home/arnaud/Dev/golang/pkg/mod/go.opencensus.io@v0.23.0/stats/view/worker.go:276 +0xb9
created by go.opencensus.io/stats/view.init.0
        /home/arnaud/Dev/golang/pkg/mod/go.opencensus.io@v0.23.0/stats/view/worker.go:34 +0x92

goroutine 11 [chan receive]:
k8s.io/klog/v2.(*loggingT).flushDaemon(0xc000460fa8)
        /home/arnaud/Dev/golang/pkg/mod/k8s.io/klog/v2@v2.2.0/klog.go:1131 +0x6a
created by k8s.io/klog/v2.init.0
        /home/arnaud/Dev/golang/pkg/mod/k8s.io/klog/v2@v2.2.0/klog.go:416 +0xf4

goroutine 102 [select]:
github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.(*bufferingEventLoop).run(0xc000125a40)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/publisher/queue/memqueue/eventloop.go:316 +0x17c
github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.NewQueue.func1()
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/publisher/queue/memqueue/broker.go:176 +0x67
created by github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.NewQueue
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/publisher/queue/memqueue/broker.go:174 +0x612

goroutine 103 [select]:
github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.(*ackLoop).run(0xc0005a18b0)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/publisher/queue/memqueue/ackloop.go:60 +0xe6
github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.NewQueue.func2()
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/publisher/queue/memqueue/broker.go:180 +0x65
created by github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.NewQueue
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/publisher/queue/memqueue/broker.go:178 +0x671

goroutine 104 [select]:
github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.(*consumer).Get(0xc00011f240, 0xc00052fec8)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/publisher/queue/memqueue/consume.go:65 +0x9e
github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*eventConsumer).loop(0xc00053a120, {0x3e319e8, 0xc00011f240})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/publisher/pipeline/consumer.go:182 +0x198
github.com/elastic/beats/v7/libbeat/publisher/pipeline.newEventConsumer.func1()
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/publisher/pipeline/consumer.go:86 +0x66
created by github.com/elastic/beats/v7/libbeat/publisher/pipeline.newEventConsumer
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/publisher/pipeline/consumer.go:84 +0x1a7

goroutine 105 [select]:
github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*retryer).loop(0xc00053a300)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/publisher/pipeline/retry.go:135 +0x234
created by github.com/elastic/beats/v7/libbeat/publisher/pipeline.newRetryer
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/publisher/pipeline/retry.go:94 +0x1dd

goroutine 106 [select]:
net/http.(*Transport).getConn(0xc0005b6c80, 0xc000476d40, {{}, 0x0, {0xc000142e10, 0x5}, {0xc0006e0d40, 0x40}, 0x0})
        /usr/lib/go/src/net/http/transport.go:1372 +0x5d2
net/http.(*Transport).roundTrip(0xc0005b6c80, 0xc000659f00)
        /usr/lib/go/src/net/http/transport.go:581 +0x774
net/http.(*Transport).RoundTrip(0x3e57fe8, 0xc00053ac00)
        /usr/lib/go/src/net/http/roundtrip.go:18 +0x19
go.elastic.co/apm/module/apmelasticsearch.(*roundTripper).RoundTrip(0xc0003b3b30, 0xc000659f00)
        /home/arnaud/Dev/golang/pkg/mod/go.elastic.co/apm/module/apmelasticsearch@v1.12.0/client.go:67 +0x486
github.com/elastic/beats/v7/libbeat/common/transport/httpcommon.(*headerRoundTripper).RoundTrip(0xc000145d58, 0xc000659f00)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/common/transport/httpcommon/httpcommon.go:148 +0x1a8
net/http.send(0xc000659e00, {0x3e14f20, 0xc000145d58}, {0x38e7a40, 0x1496e01, 0x58c0e80})
        /usr/lib/go/src/net/http/client.go:252 +0x5d8
net/http.(*Client).send(0xc000493980, 0xc000659e00, {0x0, 0x145cd37, 0x58c0e80})
        /usr/lib/go/src/net/http/client.go:176 +0x9b
net/http.(*Client).do(0xc000493980, 0xc000659e00)
        /usr/lib/go/src/net/http/client.go:725 +0x908
net/http.(*Client).Do(0xc000493d10, 0x3961f75)
        /usr/lib/go/src/net/http/client.go:593 +0x19
github.com/elastic/beats/v7/libbeat/esleg/eslegclient.(*Connection).execHTTPRequest(0xc0006d6480, 0xc000659e00)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/esleg/eslegclient/connection.go:435 +0x42e
github.com/elastic/beats/v7/libbeat/esleg/eslegclient.(*Connection).execRequest(0xc0006d6480, {0x3961636, 0x0}, {0xc000142e10, 0xff}, {0x0, 0x0})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/esleg/eslegclient/connection.go:371 +0x145
github.com/elastic/beats/v7/libbeat/esleg/eslegclient.(*Connection).Ping(0xc0006d6480)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/esleg/eslegclient/connection.go:260 +0xd3
github.com/elastic/beats/v7/libbeat/esleg/eslegclient.(*Connection).getVersion(0xc0006d6480)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/esleg/eslegclient/connection.go:384 +0x25
github.com/elastic/beats/v7/libbeat/esleg/eslegclient.(*Connection).Connect(0xc0006d6480)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/esleg/eslegclient/connection.go:243 +0x25
github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).Connect(0x2875700)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/outputs/elasticsearch/client.go:429 +0x1b
github.com/elastic/beats/v7/libbeat/outputs.(*backoffClient).Connect(0xc0004939b0)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/outputs/backoff.go:49 +0x29
github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*netClientWorker).run(0xc00053a600)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/publisher/pipeline/output.go:148 +0x242
created by github.com/elastic/beats/v7/libbeat/publisher/pipeline.makeClientWorker
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/publisher/pipeline/output.go:79 +0x2b2

goroutine 42 [syscall]:
os/signal.signal_recv()
        /usr/lib/go/src/runtime/sigqueue.go:169 +0x98
os/signal.loop()
        /usr/lib/go/src/os/signal/signal_unix.go:24 +0x19
created by os/signal.Notify.func1.1
        /usr/lib/go/src/os/signal/signal.go:151 +0x2c

goroutine 43 [chan receive]:
github.com/elastic/beats/v7/libbeat/service.HandleSignals.func1()
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/service/service.go:50 +0x65
created by github.com/elastic/beats/v7/libbeat/service.HandleSignals
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/service/service.go:49 +0x198

goroutine 45 [semacquire]:
sync.runtime_Semacquire(0xc000602d00)
        /usr/lib/go/src/runtime/sema.go:56 +0x25
sync.(*WaitGroup).Wait(0xc00072d2a8)
        /usr/lib/go/src/sync/waitgroup.go:130 +0x71
golang.org/x/sync/errgroup.(*Group).Wait(0xc00053ec60)
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:40 +0x27
github.com/elastic/apm-server/beater.(*serverRunner).run(0xc0003fe1e0, {0x3e454f8, 0xc00072ce28})
        /home/arnaud/Dev/clevercloud/apm-server/beater/beater.go:492 +0xc75
github.com/elastic/apm-server/beater.(*reloader).reload.func1()
        /home/arnaud/Dev/clevercloud/apm-server/beater/beater.go:262 +0x90
created by github.com/elastic/apm-server/beater.(*reloader).reload
        /home/arnaud/Dev/clevercloud/apm-server/beater/beater.go:260 +0x265

goroutine 48 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 49 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 114 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 115 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 116 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 117 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 118 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 119 [chan receive]:
github.com/elastic/apm-server/publish.(*Publisher).run(0xc0001239f0)
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:183 +0x85
github.com/elastic/apm-server/publish.NewPublisher.func1()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:117 +0x58
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:115 +0x305

goroutine 120 [semacquire]:
sync.runtime_Semacquire(0x0)
        /usr/lib/go/src/runtime/sema.go:56 +0x25
sync.(*WaitGroup).Wait(0x0)
        /usr/lib/go/src/sync/waitgroup.go:130 +0x71
github.com/elastic/apm-server/publish.NewPublisher.func2()
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:122 +0x5b
created by github.com/elastic/apm-server/publish.NewPublisher
        /home/arnaud/Dev/clevercloud/apm-server/publish/pub.go:120 +0x405

goroutine 121 [semacquire]:
sync.runtime_Semacquire(0xc0005829c0)
        /usr/lib/go/src/runtime/sema.go:56 +0x25
sync.(*WaitGroup).Wait(0xc00072df50)
        /usr/lib/go/src/sync/waitgroup.go:130 +0x71
golang.org/x/sync/errgroup.(*Group).Wait(0xc00053fad0)
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:40 +0x27
github.com/elastic/apm-server/beater.server.run({0xc0003f8020, 0xc000400500, {{0x3e14a40, 0xc00072d2d8}, {0x3e1a120, 0xc00072d2c0}, 0x6fc23ac00, 0xc0005351c0, 0xc0000b8900}, 0xc00015d5c0, ...})
        /home/arnaud/Dev/clevercloud/apm-server/beater/server.go:268 +0x245
github.com/elastic/apm-server/beater.newBaseRunServer.func1({_, _}, {{{0x396cad8, 0xa}, {0x396181c, 0x3}, {0x3962c58, 0x5}, 0x0, {0xc00040a630, ...}, ...}, ...})
        /home/arnaud/Dev/clevercloud/apm-server/beater/server.go:127 +0x358
github.com/elastic/apm-server/beater.WrapRunServerWithProcessors.func1({_, _}, {{{0x396cad8, 0xa}, {0x396181c, 0x3}, {0x3962c58, 0x5}, 0x0, {0xc00040a630, ...}, ...}, ...})
        /home/arnaud/Dev/clevercloud/apm-server/beater/beater.go:799 +0x168
github.com/elastic/apm-server/beater.(*serverRunner).run.func5()
        /home/arnaud/Dev/clevercloud/apm-server/beater/beater.go:479 +0x215
golang.org/x/sync/errgroup.(*Group).Go.func1()
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:57 +0x67
created by golang.org/x/sync/errgroup.(*Group).Go
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:54 +0x92

goroutine 122 [select]:
github.com/elastic/apm-server/beater.newBaseRunServer.func1.1()
        /home/arnaud/Dev/clevercloud/apm-server/beater/server.go:120 +0x87
created by github.com/elastic/apm-server/beater.newBaseRunServer.func1
        /home/arnaud/Dev/clevercloud/apm-server/beater/server.go:119 +0x232

goroutine 123 [select]:
github.com/elastic/apm-server/agentcfg.Reporter.Run({{0x3e14a40, 0xc00072d2d8}, {0x3e1a120, 0xc00072d2c0}, 0x6fc23ac00, 0xc0005351c0, 0xc0000b8900}, {0x3e57f78, 0xc00015cd80})
        /home/arnaud/Dev/clevercloud/apm-server/agentcfg/reporter.go:76 +0x248
created by github.com/elastic/apm-server/beater.newBaseRunServer.func1
        /home/arnaud/Dev/clevercloud/apm-server/beater/server.go:126 +0x329

goroutine 124 [IO wait]:
internal/poll.runtime_pollWait(0x7f9cc0f4e7d0, 0x72)
        /usr/lib/go/src/runtime/netpoll.go:229 +0x89
internal/poll.(*pollDesc).wait(0xc000162280, 0x2, 0x0)
        /usr/lib/go/src/internal/poll/fd_poll_runtime.go:84 +0x32
internal/poll.(*pollDesc).waitRead(...)
        /usr/lib/go/src/internal/poll/fd_poll_runtime.go:89
internal/poll.(*FD).Accept(0xc000162280)
        /usr/lib/go/src/internal/poll/fd_unix.go:402 +0x22c
net.(*netFD).accept(0xc000162280)
        /usr/lib/go/src/net/fd_unix.go:173 +0x35
net.(*TCPListener).accept(0xc00072ce28)
        /usr/lib/go/src/net/tcpsock_posix.go:140 +0x28
net.(*TCPListener).Accept(0xc00072ce28)
        /usr/lib/go/src/net/tcpsock.go:262 +0x3d
net/http.(*Server).Serve(0xc000028000, {0x3e454f8, 0xc00072ce28})
        /usr/lib/go/src/net/http/server.go:3001 +0x394
github.com/elastic/apm-server/beater.(*httpServer).start(0xc00015d5c0)
        /home/arnaud/Dev/clevercloud/apm-server/beater/http.go:119 +0x2f2
golang.org/x/sync/errgroup.(*Group).Go.func1()
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:57 +0x67
created by golang.org/x/sync/errgroup.(*Group).Go
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:54 +0x92

goroutine 125 [chan receive]:
github.com/elastic/gmux.(*chanListener).Accept(0x359f500)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/gmux@v0.1.0/conn.go:100 +0x28
google.golang.org/grpc.(*Server).Serve(0xc00071f180, {0x3e38cb8, 0xc00072de18})
        /home/arnaud/Dev/golang/pkg/mod/google.golang.org/grpc@v1.40.0/server.go:786 +0x362
github.com/elastic/apm-server/beater.server.run.func1()
        /home/arnaud/Dev/clevercloud/apm-server/beater/server.go:263 +0x29
golang.org/x/sync/errgroup.(*Group).Go.func1()
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:57 +0x67
created by golang.org/x/sync/errgroup.(*Group).Go
        /home/arnaud/Dev/golang/pkg/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:54 +0x92

goroutine 107 [select]:
net/http.setRequestCancel.func4()
        /usr/lib/go/src/net/http/client.go:398 +0x94
created by net/http.setRequestCancel
        /usr/lib/go/src/net/http/client.go:397 +0x43e

goroutine 108 [runnable]:
crypto/x509.parseName({0xc000a5a0cd, 0x2d, 0x4c1})
        /usr/lib/go/src/crypto/x509/parser.go:136 +0x134
crypto/x509.parseCertificate({0xc000a5a000, 0x578, 0x58e})
        /usr/lib/go/src/crypto/x509/parser.go:901 +0x62b
crypto/x509.ParseCertificate({0xc000a5a000, 0x578, 0xc000627320})
        /usr/lib/go/src/crypto/x509/parser.go:983 +0x25
crypto/x509.(*CertPool).AppendCertsFromPEM(0xc0004cade0, {0xc0009d2000, 0xc000864ba8, 0x400c000864bc8})
        /usr/lib/go/src/crypto/x509/cert_pool.go:218 +0x119
crypto/x509.loadSystemRoots()
        /usr/lib/go/src/crypto/x509/root_unix.go:45 +0x43e
crypto/x509.initSystemRoots()
        /usr/lib/go/src/crypto/x509/root.go:27 +0x1b
sync.(*Once).doSlow(0x1458d54, 0x8)
        /usr/lib/go/src/sync/once.go:68 +0xd2
sync.(*Once).Do(...)
        /usr/lib/go/src/sync/once.go:59
crypto/x509.systemRootsPool(...)
        /usr/lib/go/src/crypto/x509/root.go:22
crypto/x509.(*Certificate).Verify(0xc0005b9600, {{0x0, 0x0}, 0xc0004cad50, 0x0, {0x0, 0x0, 0x0}, {0x0, 0x0, ...}, ...})
        /usr/lib/go/src/crypto/x509/verify.go:750 +0x177
github.com/elastic/beats/v7/libbeat/common/transport/tlscommon.verifyCertsWithOpts({0xc000145f08, 0x0, 0x0}, {0x0, 0x0, 0x0}, {{0x0, 0x0}, 0xc0004cad50, 0x0, ...})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/common/transport/tlscommon/tls_config.go:254 +0xfa
github.com/elastic/beats/v7/libbeat/common/transport/tlscommon.makeVerifyConnection.func1({0x304, 0x0, 0x0, 0x1302, {0x0, 0x0}, 0x1, {0xc0006e0d40, 0x3c}, {0xc000145f08, ...}, ...})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/common/transport/tlscommon/tls_config.go:167 +0x128
crypto/tls.(*Conn).verifyServerCertificate(0xc000483180, {0xc000904960, 0x3, 0x4})
        /usr/lib/go/src/crypto/tls/handshake_client.go:893 +0x4b5
crypto/tls.(*clientHandshakeStateTLS13).readServerCertificate(0xc0008654c8)
        /usr/lib/go/src/crypto/tls/handshake_client_tls13.go:457 +0x2d1
crypto/tls.(*clientHandshakeStateTLS13).handshake(0xc0008654c8)
        /usr/lib/go/src/crypto/tls/handshake_client_tls13.go:87 +0x1d9
crypto/tls.(*Conn).clientHandshake(0xc000483180, {0x3e57f78, 0xc000476f40})
        /usr/lib/go/src/crypto/tls/handshake_client.go:219 +0x585
crypto/tls.(*Conn).handshakeContext(0xc000483180, {0x3e57fb0, 0xc000058128})
        /usr/lib/go/src/crypto/tls/conn.go:1445 +0x3d1
crypto/tls.(*Conn).HandshakeContext(...)
        /usr/lib/go/src/crypto/tls/conn.go:1395
crypto/tls.(*Conn).Handshake(...)
        /usr/lib/go/src/crypto/tls/conn.go:1379
github.com/elastic/beats/v7/libbeat/common/transport.tlsDialWith({0x3e773e8, 0x58f4260}, {0x3e1a380, 0xc00011e7a0}, {0x3961ac2, 0x203000}, {0xc0006e0d40, 0x203000}, 0x14f46b0400, 0xc0006d6900, ...)
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/common/transport/tls.go:163 +0x207
github.com/elastic/beats/v7/libbeat/common/transport.TestTLSDialer.func1({0x3961ac2, 0x3}, {0xc0006e0d40, 0x17be24f})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/common/transport/tls.go:72 +0x385
github.com/elastic/beats/v7/libbeat/common/transport.DialerFunc.Dial(0x10, {0x3961ac2, 0xc00053af01}, {0xc0006e0d40, 0x17cb2bd})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/common/transport/transport.go:38 +0x33
github.com/elastic/beats/v7/libbeat/common/transport.ConnWrapper.func1({0x3961ac2, 0xc0000118c0}, {0xc0006e0d40, 0xc00053b020})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/common/transport/wrap.go:26 +0x45
github.com/elastic/beats/v7/libbeat/common/transport.DialerFunc.Dial(0xc0006e0d40, {0x3961ac2, 0x0}, {0xc0006e0d40, 0x1649085})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/common/transport/transport.go:38 +0x33
github.com/elastic/beats/v7/libbeat/common/transport.LoggingDialer.func1({0x3961ac2, 0x3}, {0xc0006e0d40, 0x40})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/common/transport/logging.go:35 +0x163
github.com/elastic/beats/v7/libbeat/common/transport.DialerFunc.Dial(0x100000000000060, {0x3961ac2, 0x118}, {0xc0006e0d40, 0x7f9ce8512108})
        /home/arnaud/Dev/golang/pkg/mod/github.com/elastic/beats/v7@v7.0.0-alpha2.0.20210919222345-01bd66d28b87/libbeat/common/transport/transport.go:38 +0x33
net/http.(*Transport).customDialTLS(0xc00053ac00, {0x3e57fe8, 0xc00053ac00}, {0x3961ac2, 0x0}, {0xc0006e0d40, 0xc000476cc0})
        /usr/lib/go/src/net/http/transport.go:1316 +0x6b
net/http.(*Transport).dialConn(0xc0005b6c80, {0x3e57fe8, 0xc00053ac00}, {{}, 0x0, {0xc000142e10, 0x5}, {0xc0006e0d40, 0x40}, 0x0})
        /usr/lib/go/src/net/http/transport.go:1580 +0x3ff
net/http.(*Transport).dialConnFor(0x287d466, 0xc0004848f0)
        /usr/lib/go/src/net/http/transport.go:1446 +0xb0
created by net/http.(*Transport).queueForDial
        /usr/lib/go/src/net/http/transport.go:1415 +0x3d7

rax    0x0
rbx    0x7f9cb97fa640
rcx    0x7f9ce85e3ad3
rdx    0x6
rdi    0xebc9f
rsi    0xebca8
rbp    0xebca8
rsp    0x7f9cb97f9840
r8     0x7f9cb97f9870
r9     0x0
r10    0x8
r11    0x202
r12    0x6
r13    0x7f9cb97f9b60
r14    0xc0006024e0
r15    0x7f9cc19e915b
rip    0x7f9ce85e3ad3
rflags 0x202
cs     0x33
fs     0x0
gs     0x0

APM logs

{"log.level":"info","@timestamp":"2021-09-24T00:52:53.564+0200","log.origin":{"file.name":"instance/beat.go","file.line":654},"message":"Home path: [/home/arnaud/Dev/clevercloud/apm-server] Config path: [/home/arnaud/Dev/clevercloud/apm-server] Data path: [/home/arnaud/Dev/clevercloud/apm-server/data] Logs path: [/home/arnaud/Dev/clevercloud/apm-server/logs]","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.564+0200","log.origin":{"file.name":"instance/beat.go","file.line":662},"message":"Beat ID: da8fee46-f825-4071-86cd-43796243f7ac","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.565+0200","log.logger":"seccomp","log.origin":{"file.name":"seccomp/seccomp.go","file.line":124},"message":"Syscall filter successfully installed","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.565+0200","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":996},"message":"Beat info","service.name":"apm-server","system_info":{"beat":{"path":{"config":"/home/arnaud/Dev/clevercloud/apm-server","data":"/home/arnaud/Dev/clevercloud/apm-server/data","home":"/home/arnaud/Dev/clevercloud/apm-server","logs":"/home/arnaud/Dev/clevercloud/apm-server/logs"},"type":"apm-server","uuid":"da8fee46-f825-4071-86cd-43796243f7ac"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.565+0200","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1005},"message":"Build info","service.name":"apm-server","system_info":{"build":{"commit":"unknown","libbeat":"8.0.0","time":"0001-01-01T00:00:00.000Z","version":"8.0.0"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.565+0200","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1008},"message":"Go runtime info","service.name":"apm-server","system_info":{"go":{"os":"linux","arch":"amd64","max_procs":8,"version":"go1.17.1"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.566+0200","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1012},"message":"Host info","service.name":"apm-server","system_info":{"host":{"architecture":"x86_64","boot_time":"2021-09-15T09:02:01+02:00","containerized":false,"name":"exherswag","ip":["127.0.0.1/8","::1/128","192.168.1.6/24","2a01:e34:ec52:4920:a952:2b5f:f139:634c/64","fe80::345e:3214:b582:590e/64"],"kernel_version":"5.13.16+","mac":["2e:88:67:4e:96:5b","40:a3:cc:c2:b1:db"],"os":{"type":"linux","family":"","platform":"exherbo","name":"Exherbo","version":"","major":0,"minor":0,"patch":0},"timezone":"CEST","timezone_offset_sec":7200,"id":"8c53e4b5e43a473dabab6e031c03f534"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.566+0200","log.logger":"beat","log.origin":{"file.name":"instance/beat.go","file.line":1041},"message":"Process info","service.name":"apm-server","system_info":{"process":{"capabilities":{"inheritable":null,"permitted":null,"effective":null,"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read","38","39","40"],"ambient":null},"cwd":"/home/arnaud/Dev/golang/src/github.com/elastic/apm-server","exe":"/home/arnaud/Dev/golang/src/github.com/elastic/apm-server/apm-server","name":"apm-server","pid":965791,"ppid":3091366,"seccomp":{"mode":"filter","no_new_privs":true},"start_time":"2021-09-24T00:52:52.830+0200"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.566+0200","log.origin":{"file.name":"instance/beat.go","file.line":309},"message":"Setup Beat: apm-server; Version: 8.0.0","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.567+0200","log.logger":"esclientleg","log.origin":{"file.name":"eslegclient/connection.go","file.line":102},"message":"elasticsearch url: https://btzojipgx65c22yejkwz-elasticsearch.services.clever-cloud.com:443","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.567+0200","log.logger":"publisher","log.origin":{"file.name":"pipeline/module.go","file.line":113},"message":"Beat name: exherswag","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.567+0200","log.logger":"beater","log.origin":{"file.name":"beater/beater.go","file.line":634},"message":"Registering pipeline callback","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.567+0200","log.origin":{"file.name":"instance/beat.go","file.line":473},"message":"apm-server start running.","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"beater","log.origin":{"file.name":"beater/http.go","file.line":155},"message":"Listening on: [::]:8080","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path / added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path /assets/v1/sourcemaps added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path /config/v1/agents added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path /config/v1/rum/agents added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path /intake/v2/rum/events added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path /intake/v3/rum/events added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path /intake/v2/events added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"handler","log.origin":{"file.name":"api/mux.go","file.line":125},"message":"Path /intake/v2/profile added to request handler","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"beater","log.origin":{"file.name":"beater/server.go","file.line":259},"message":"Starting apm-server [unknown built 0001-01-01 00:00:00 +0000 UTC]. Hit CTRL-C to stop it.","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"beater","log.origin":{"file.name":"beater/http.go","file.line":99},"message":"RUM endpoints disabled.","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"onboarding","log.origin":{"file.name":"beater/onboarding.go","file.line":34},"message":"Publishing onboarding document","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"beater","log.origin":{"file.name":"beater/http.go","file.line":115},"message":"Secret token is set, but SSL is not enabled.","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:53.568+0200","log.logger":"beater","log.origin":{"file.name":"beater/http.go","file.line":117},"message":"SSL disabled.","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:54.569+0200","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/output.go","file.line":143},"message":"Connecting to backoff(elasticsearch(https://btzojipgx65c22yejkwz-elasticsearch.services.clever-cloud.com:443))","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:54.569+0200","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":219},"message":"retryer: send unwait signal to consumer","service.name":"apm-server","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-09-24T00:52:54.569+0200","log.logger":"publisher","log.origin":{"file.name":"pipeline/retry.go","file.line":223},"message":"  done","service.name":"apm-server","ecs.version":"1.6.0"}

GDB backtrace

Thread 7 "apm-server" received signal SIGABRT, Aborted.
[Switching to LWP 974562]
0x00007ffff7e31ad3 in pthread_kill@GLIBC_2.2.5 () from /usr/x86_64-pc-linux-gnu/lib/libc.so.6
(gdb) bt



#0  0x00007ffff7e31ad3 in pthread_kill@GLIBC_2.2.5 () from /usr/x86_64-pc-linux-gnu/lib/libc.so.6



#1  0x00007ffff7de52f6 in raise () from /usr/x86_64-pc-linux-gnu/lib/libc.so.6



#2  0x00007ffff7dcf7b5 in abort () from /usr/x86_64-pc-linux-gnu/lib/libc.so.6



#3  0x0000000003300069 in fatalf (format=format@entry=0x3f2854c "pthread_create failed: %s") at gcc_fatalf.c:22



#4  0x0000000003300411 in _cgo_sys_thread_start (ts=<optimized out>) at gcc_linux_amd64.c:78



#5  0x000000000147502d in runtime.asmcgocall () at /usr/lib/go/src/runtime/asm_amd64.s:795



#6  0x00007fffc9ffac28 in ?? ()



#7  0x0000000001418727 in runtime.newobject (typ=<optimized out>, ~r1=<optimized out>) at /usr/lib/go/src/runtime/malloc.go:1228



#8  0x0000000000000000 in ?? ()

** Additional information **

This issue started to happen as soon as we switched to glibc 2.34. It did not happen on glibc 2.33. Downgrading glibc from 2.34 to 2.33 resolves the issue, with the exact same binaries. This problem might as well be a golang bug but I'm not really sure and since I don't see any issue on their bug tracker, I'm wondering if we are the only ones hitting this.

Glibc 2.34 started to use the new clone3 syscall on thread creation (in the pthread_create() function from my understanding). This syscall sometimes returns EPERM leading to the following crash (https://github.com/golang/go/blob/4e308d73ba3610838305997b6f4793c4f4dcfc4e/src/runtime/cgo/gcc_libinit.c#L94). I say "sometimes" because there are other successful clone3() calls before.

I've seen a few projects that also had issue with this new syscall (Docker, Firefox and Chromium). They all mention issues with their sandbox which is based on seccomp. I see the APM project also depend on https://github.com/elastic/go-seccomp-bpf. I couldn't see it really used or even any syscall filtering on the go-seccomp-bpf project as there are on the previously mentionned projets, but maybe I'm overlooking something?

It's also worth to mention that running as root doesn't fix the Operation not permitted error.

Let me know if you need any other information, I'm not a go expert at all. Thanks for any help you could provide, I'll keep looking on my side.

The text was updated successfully, but these errors were encountered:

graphaelli · 2021-09-24T02:55:07Z

Thanks for the report! I can confirm this reproduces as you described. It also does appear to be related to seccomp. Briefly, you should see something like this logged on startup:

{"log.level":"info","@timestamp":"2021-09-24T02:42:42.766Z","log.logger":"seccomp","log.origin":{"file.name":"seccomp/seccomp.go","file.line":124},"message":"Syscall filter successfully installed","service.name":"apm-server","ecs.version":"1.6.0"}

The default policy for linux/amd64 is defined here: https://github.com/elastic/beats/blob/7e4affb6702a39f378170b8866f966d1b29e06fc/libbeat/common/seccomp/policy_linux_amd64.go#L25. This policy can be redefined via the apm-server.yml, adding clone3, apparently resolving the issue.

example config

seccomp:
  default_action: errno
  syscalls:
  - action: allow
    names: 
      - accept
      - accept4
      - access
      - arch_prctl
      - bind
      - brk
      - chmod
      - chown
      - clock_gettime
      - clone
      - clone3
      - close
      - connect
      - dup
      - dup2
      - epoll_create
      - epoll_create1
      - epoll_ctl
      - epoll_pwait
      - epoll_wait
      - exit
      - exit_group
      - fchdir
      - fchmod
      - fchmodat
      - fchown
      - fchownat
      - fcntl
      - fdatasync
      - flock
      - fstat
      - fstatfs
      - fsync
      - ftruncate
      - futex
      - getcwd
      - getdents
      - getdents64
      - geteuid
      - getgid
      - getpeername
      - getpid
      - getppid
      - getrandom
      - getrlimit
      - getrusage
      - getsockname
      - getsockopt
      - gettid
      - gettimeofday
      - getuid
      - inotify_add_watch
      - inotify_init1
      - inotify_rm_watch
      - ioctl
      - kill
      - listen
      - lseek
      - lstat
      - madvise
      - mincore
      - mkdirat
      - mmap
      - mprotect
      - munmap
      - nanosleep
      - newfstatat
      - open
      - openat
      - pipe
      - pipe2
      - poll
      - ppoll
      - pread64
      - pselect6
      - pwrite64
      - read
      - readlink
      - readlinkat
      - recvfrom
      - recvmmsg
      - recvmsg
      - rename
      - renameat
      - rt_sigaction
      - rt_sigprocmask
      - rt_sigreturn
      - sched_getaffinity
      - sched_yield
      - sendfile
      - sendmmsg
      - sendmsg
      - sendto
      - set_robust_list
      - setitimer
      - setsockopt
      - shutdown
      - sigaltstack
      - socket
      - splice
      - stat
      - statfs
      - sysinfo
      - tgkill
      - time
      - tkill
      - uname
      - unlink
      - unlinkat
      - wait4
      - waitid
      - write
      - writev

You may also disable seccomp altogether with seccomp.enabled: false but I wouldn't recommend that generally.

BlackYoup · 2021-09-24T08:59:55Z

Thanks for the answer, your workaround seems to work fine indeed!

I'll open an issue in the beats repository, mentioning this one. Should we keep this issue open until apm-server has updated its dependency to beats?

graphaelli · 2021-09-24T12:46:47Z

Yes, let's keep this open until the dependency update. Thanks again!

clone3 is a linux syscall that is now used by glibc starting version 2.34. It is used when pthread_create() gets called. Current seccomp filters do not allow this syscall leading to crashes like runtime/cgo: pthread_create failed: Operation not permitted See elastic/apm-server#6238 for more details

clone3 is a linux syscall that is now used by glibc starting version 2.34. It is used when pthread_create() gets called. Current seccomp filters do not allow this syscall leading to crashes like runtime/cgo: pthread_create failed: Operation not permitted See elastic/apm-server#6238 for more details (cherry picked from commit 82507fd)

clone3 is a linux syscall that is now used by glibc starting version 2.34. It is used when pthread_create() gets called. Current seccomp filters do not allow this syscall leading to crashes like runtime/cgo: pthread_create failed: Operation not permitted See elastic/apm-server#6238 for more details

* singleton sysinfo host to avoid frequently collecting host info * add Host object to Stats object * update changelog * set procStats.host to nil if any error calling sysinfo.Host() * Update aws-lambda-go library version to 1.13.3 (#28236) * [cloud][docker] use the private docker namespace (#28286) * [7.x] [DOCS] Update api_key example on elasticsearch output (#28288) * packetbeat/protos/dns: don't render missing A and AAAA addresses from truncated records (#28297) * seccomp: allow clone3 syscall for x86 (#28117) clone3 is a linux syscall that is now used by glibc starting version 2.34. It is used when pthread_create() gets called. Current seccomp filters do not allow this syscall leading to crashes like runtime/cgo: pthread_create failed: Operation not permitted See elastic/apm-server#6238 for more details * Osquerybeat: Improve handling of osquery.autoload file, allow customizations (#28289) Previously the osquery.autoload file was overwritten every time on osquerybeat start and stamped with our extension. After the change we check the content of the file and do not overwrite it on each osquerybeat start. This allows the user to deploy their own extensions if their want and start osquery with that. * Osquerybeat: Runner and Fetcher unit tests (#28290) * Runner and Fetcher unit tests * Fix header formatting * Tweak test * Update go release version 1.17.1 (#27543) * format of conditional build tags has changed * matching of * in regexes was fixed, thus breaking some of our code: golang/go#46123 * iproute package was missing from the new Golang Docker image, thus, we had to add it for our tests * go.mod file contains separate require directive for transitive dependencies * Move labels and annotations under kubernetes.namespace. (#27917) * Move labels and annotations under kubernetes.namespace. * Remove GCP support from Functionbeat (#28253) * Fix build tags for Go 1.17 (#28338) * [Elastic Agent] Add ability to communicate with Kibana through service token (#28096) * Add ability to communicate with Kibana through service token. Add ability to pass service token to container subcommand. * Add changelog entry. * Fix go fmt. * Add username to ASA Security negotiation log (#26975) * Add username to ASA Security negotiation log I added the username user.name field to ASA Security negotiation log line. * adding support for both formats * adding changelog entry * updating geo fields in expected output files * reverse formatting * reverting to older version of file * reverting formatting again * regenrate golden files again * remove formatting, ready for review * fixing missing message due to no newline * fix dissect pattern to fit correctly Co-authored-by: Marius Iversen <marius.iversen@elastic.co> * x-pack/filebeat/module/cisco: loosen time parsing and add group and session type capture (#28325) * Redis: remove deprecated fields (#28246) * Redis: remove deprecated fields * Disable generator tests temporarily (#28362) * Windows/perfmon metricset - remove deprecated perfmon.counters configuration (#28282) * remove deprecated config * changelog * [Filebeat] - S3 Input - Add support for only iterating/accessing only… (#28252) * [Filebeat] - S3 Input - Add support for only iterating/accessing only specific folders or datapaths * Breaking change for 8.0, namespace_annotations replaced by namespace.annotations (#28230) * Breaking change for 8.0, namespace_annotations replaced by namespace.annotations * Take care of namespace being nil * [Heartbeat] Setuid to regular user / lower capabilities when possible (#27878) partial fix for #27648 , this PR: Detects if the user is running as root then: Checks to see if an environment variable BEAT_SETUID_AS (set in our Docker.tmpl) is present Attempts to Setuid , Setgid and Setgroups to that user / groups Invokes setcap to drop all privileges except NET_RAW+ep This PR also fixes the broken syscall filtering in heartbeat, some non-syscall strings were breaking that. With the changes here elastic-agent can still run as root, but the subprocesses can lower their privileges ASAP. This should also make it possible for heartbeat to safely run ICMP pings and synthetics. Synthetics must run as non-root, but ICMP requires NET_RAW. This lets us be consistent in our docs with the recommendation that elastic-agent run as root. * mage fmt Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co> Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com> Co-authored-by: Ugo Sangiorgi <ugo.sangiorgi@elastic.co> Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com> Co-authored-by: Arnaud Lefebvre <a.lefebvre@outlook.fr> Co-authored-by: Aleksandr Maus <aleksandr.maus@elastic.co> Co-authored-by: apmmachine <58790750+apmmachine@users.noreply.github.com> Co-authored-by: Michael Katsoulis <michaelkatsoulis88@gmail.com> Co-authored-by: Noémi Ványi <kvch@users.noreply.github.com> Co-authored-by: Blake Rouse <blake.rouse@elastic.co> Co-authored-by: LaZyDK <dennisperto@gmail.com> Co-authored-by: Marius Iversen <marius.iversen@elastic.co> Co-authored-by: Andrea Spacca <andrea.spacca@elastic.co> Co-authored-by: Mariana Dima <mariana@elastic.co> Co-authored-by: Andrew Cholakian <andrew@andrewvc.com>

axw · 2021-10-26T07:55:56Z

Fixed in elastic/beats#28117

clone3 is a linux syscall that is now used by glibc starting version 2.34. It is used when pthread_create() gets called. Current seccomp filters do not allow this syscall leading to crashes like runtime/cgo: pthread_create failed: Operation not permitted See elastic/apm-server#6238 for more details

* singleton sysinfo host to avoid frequently collecting host info * add Host object to Stats object * update changelog * set procStats.host to nil if any error calling sysinfo.Host() * Update aws-lambda-go library version to 1.13.3 (elastic#28236) * [cloud][docker] use the private docker namespace (elastic#28286) * [7.x] [DOCS] Update api_key example on elasticsearch output (elastic#28288) * packetbeat/protos/dns: don't render missing A and AAAA addresses from truncated records (elastic#28297) * seccomp: allow clone3 syscall for x86 (elastic#28117) clone3 is a linux syscall that is now used by glibc starting version 2.34. It is used when pthread_create() gets called. Current seccomp filters do not allow this syscall leading to crashes like runtime/cgo: pthread_create failed: Operation not permitted See elastic/apm-server#6238 for more details * Osquerybeat: Improve handling of osquery.autoload file, allow customizations (elastic#28289) Previously the osquery.autoload file was overwritten every time on osquerybeat start and stamped with our extension. After the change we check the content of the file and do not overwrite it on each osquerybeat start. This allows the user to deploy their own extensions if their want and start osquery with that. * Osquerybeat: Runner and Fetcher unit tests (elastic#28290) * Runner and Fetcher unit tests * Fix header formatting * Tweak test * Update go release version 1.17.1 (elastic#27543) * format of conditional build tags has changed * matching of * in regexes was fixed, thus breaking some of our code: golang/go#46123 * iproute package was missing from the new Golang Docker image, thus, we had to add it for our tests * go.mod file contains separate require directive for transitive dependencies * Move labels and annotations under kubernetes.namespace. (elastic#27917) * Move labels and annotations under kubernetes.namespace. * Remove GCP support from Functionbeat (elastic#28253) * Fix build tags for Go 1.17 (elastic#28338) * [Elastic Agent] Add ability to communicate with Kibana through service token (elastic#28096) * Add ability to communicate with Kibana through service token. Add ability to pass service token to container subcommand. * Add changelog entry. * Fix go fmt. * Add username to ASA Security negotiation log (elastic#26975) * Add username to ASA Security negotiation log I added the username user.name field to ASA Security negotiation log line. * adding support for both formats * adding changelog entry * updating geo fields in expected output files * reverse formatting * reverting to older version of file * reverting formatting again * regenrate golden files again * remove formatting, ready for review * fixing missing message due to no newline * fix dissect pattern to fit correctly Co-authored-by: Marius Iversen <marius.iversen@elastic.co> * x-pack/filebeat/module/cisco: loosen time parsing and add group and session type capture (elastic#28325) * Redis: remove deprecated fields (elastic#28246) * Redis: remove deprecated fields * Disable generator tests temporarily (elastic#28362) * Windows/perfmon metricset - remove deprecated perfmon.counters configuration (elastic#28282) * remove deprecated config * changelog * [Filebeat] - S3 Input - Add support for only iterating/accessing only… (elastic#28252) * [Filebeat] - S3 Input - Add support for only iterating/accessing only specific folders or datapaths * Breaking change for 8.0, namespace_annotations replaced by namespace.annotations (elastic#28230) * Breaking change for 8.0, namespace_annotations replaced by namespace.annotations * Take care of namespace being nil * [Heartbeat] Setuid to regular user / lower capabilities when possible (elastic#27878) partial fix for elastic#27648 , this PR: Detects if the user is running as root then: Checks to see if an environment variable BEAT_SETUID_AS (set in our Docker.tmpl) is present Attempts to Setuid , Setgid and Setgroups to that user / groups Invokes setcap to drop all privileges except NET_RAW+ep This PR also fixes the broken syscall filtering in heartbeat, some non-syscall strings were breaking that. With the changes here elastic-agent can still run as root, but the subprocesses can lower their privileges ASAP. This should also make it possible for heartbeat to safely run ICMP pings and synthetics. Synthetics must run as non-root, but ICMP requires NET_RAW. This lets us be consistent in our docs with the recommendation that elastic-agent run as root. * mage fmt Co-authored-by: kaiyan-sheng <kaiyan.sheng@elastic.co> Co-authored-by: Victor Martinez <victormartinezrubio@gmail.com> Co-authored-by: Ugo Sangiorgi <ugo.sangiorgi@elastic.co> Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com> Co-authored-by: Arnaud Lefebvre <a.lefebvre@outlook.fr> Co-authored-by: Aleksandr Maus <aleksandr.maus@elastic.co> Co-authored-by: apmmachine <58790750+apmmachine@users.noreply.github.com> Co-authored-by: Michael Katsoulis <michaelkatsoulis88@gmail.com> Co-authored-by: Noémi Ványi <kvch@users.noreply.github.com> Co-authored-by: Blake Rouse <blake.rouse@elastic.co> Co-authored-by: LaZyDK <dennisperto@gmail.com> Co-authored-by: Marius Iversen <marius.iversen@elastic.co> Co-authored-by: Andrea Spacca <andrea.spacca@elastic.co> Co-authored-by: Mariana Dima <mariana@elastic.co> Co-authored-by: Andrew Cholakian <andrew@andrewvc.com>

clone3 is a linux syscall that is now used by glibc starting version 2.34. It is used when pthread_create() gets called. Current seccomp filters do not allow this syscall leading to crashes like runtime/cgo: pthread_create failed: Operation not permitted See elastic/apm-server#6238 for more details (cherry picked from commit 82507fd)

* seccomp: allow clone3 syscall for x86 (#28117) clone3 is a linux syscall that is now used by glibc starting version 2.34. It is used when pthread_create() gets called. Current seccomp filters do not allow this syscall leading to crashes like runtime/cgo: pthread_create failed: Operation not permitted See elastic/apm-server#6238 for more details (cherry picked from commit 82507fd) Co-authored-by: Arnaud Lefebvre <a.lefebvre@outlook.fr> Co-authored-by: Jaime Soriano Pastor <jaime.soriano@elastic.co>

BlackYoup added the bug label Sep 23, 2021

BlackYoup changed the title ~~runtime/cgo: pthread_create failed: Operation not permitted~~ runtime/cgo: pthread_create failed: Operation not permitted on glibc 2.34 Sep 23, 2021

BlackYoup mentioned this issue Sep 24, 2021

Allow clone3 syscall in seccomp filters elastic/beats#28117

Merged

7 tasks

zube bot added the [zube]: Blocked label Sep 28, 2021

axw closed this as completed Oct 26, 2021

zube bot added [zube]: Done and removed [zube]: Blocked labels Oct 26, 2021

zube bot removed the [zube]: Done label Jan 24, 2022

simitt mentioned this issue Jan 17, 2022

[Elastic Agent] Allow beats subprocess to define custom configuration. elastic/elastic-agent#90

Closed

mkalcok mentioned this issue Aug 17, 2022

Ubuntu Jammy support. canonical/layer-filebeat#96

Merged

alecxvs mentioned this issue Sep 22, 2022

Plugin fails to start on Grafana 9.1.5: "Unrecognized remote plugin message" grafana/grafana-zabbix#1507

Closed

arctan90 mentioned this issue Nov 9, 2022

make iamges error using glibc-2.34 emissary-ingress/emissary#4679

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

runtime/cgo: pthread_create failed: Operation not permitted on glibc 2.34 #6238

runtime/cgo: pthread_create failed: Operation not permitted on glibc 2.34 #6238

BlackYoup commented Sep 23, 2021 •

edited by zube bot

Loading

graphaelli commented Sep 24, 2021

BlackYoup commented Sep 24, 2021

graphaelli commented Sep 24, 2021

axw commented Oct 26, 2021

runtime/cgo: pthread_create failed: Operation not permitted on glibc 2.34 #6238

runtime/cgo: pthread_create failed: Operation not permitted on glibc 2.34 #6238

Comments

BlackYoup commented Sep 23, 2021 • edited by zube bot Loading

graphaelli commented Sep 24, 2021

BlackYoup commented Sep 24, 2021

graphaelli commented Sep 24, 2021

axw commented Oct 26, 2021

BlackYoup commented Sep 23, 2021 •

edited by zube bot

Loading