tt
tt copied to clipboard
Published
20 hours ago •
tarantool
tarantool
tt crashes with "Operation is not permitted"
I run tt inside docker and it crashes with following stacktrace
#16 0.400 + tt pack proj --version=1.2.3-3-ge556d347 --with-binaries --name myproj
#16 0.402 runtime/cgo: pthread_create failed: Operation not permitted
#16 0.405 SIGABRT: abort
#16 0.405 PC=0x10a6adc m=0 sigcode=18446744073709551610
#16 0.405
#16 0.405 goroutine 0 [idle]:
#16 0.405 runtime: g 0: unknown pc 0x10a6adc
#16 0.405 stack: frame={sp:0x7ffcced7eb90, fp:0x0} stack=[0x7ffcce580140,0x7ffcced7f150)
#16 0.405 0x00007ffcced7ea90: 0x00007ffcced7eab0 0x0000000000471d78 <runtime.callCgoMmap+0x0000000000000038>
#16 0.405 0x00007ffcced7eaa0: 0x00007ffcced7eaa0 0x0000000000114c10
#16 0.405 0x00007ffcced7eab0: 0x00007ffcced7eaf0 0x00007ff993c77000
#16 0.405 0x00007ffcced7eac0: 0x000000000040a0e0 <runtime.mmap.func1+0x0000000000000000> 0x00007ffcced7eab8
#16 0.405 0x00007ffcced7ead0: 0x00007ff993c77000 0x0000000000001000
#16 0.405 0x00007ffcced7eae0: 0x0000003200000003 0x00000000ffffffff
#16 0.405 0x00007ffcced7eaf0: 0x00007ffcced7eb38 0x000000000041d253 <runtime.sysMapOS+0x0000000000000033>
#16 0.405 0x00007ffcced7eb00: 0x00007ffcced7eb38 0x0000000000000000
#16 0.405 0x00007ffcced7eb10: 0x00007ff9819e2000 0x0000000000dd6757
#16 0.405 0x00007ffcced7eb20: 0xffffffff00000000 0x0000000300000022
#16 0.405 0x00007ffcced7eb30: 0x0000000000100000 0x0000000000000000
#16 0.405 0x00007ffcced7eb40: 0x0000000000000120 0x00000012818e2000
#16 0.405 0x00007ffcced7eb50: 0x0000000001142c50 0x000000001c000004
#16 0.405 0x00007ffcced7eb60: 0x0000000000000110 0x0000000000000000
#16 0.405 0x00007ffcced7eb70: 0x000080c00008ffff 0x000080c000088000
#16 0.405 0x00007ffcced7eb80: 0x0000000000000004 0x00000000010a6ace
#16 0.405 0x00007ffcced7eb90: <0x0000000000000000 0x0000000000000000
#16 0.405 0x00007ffcced7eba0: 0x0000000000000000 0x000000770000007c
#16 0.405 0x00007ffcced7ebb0: 0x0000005b0000006e 0x0000000000002000
#16 0.405 0x00007ffcced7ebc0: 0x0000000000000004 0x00000000010f4111
#16 0.405 0x00007ffcced7ebd0: 0x00007ff9818c1640 0x00007ffcced7efb0
#16 0.405 0x00007ffcced7ebe0: 0x00007ffcced7ed1e 0x00007ffcced7ed1f
#16 0.405 0x00007ffcced7ebf0: 0x0000000000000000 0x00000000010a4e19
#16 0.405 0x00007ffcced7ec00: 0x0000000000800280 <github.com/tarantool/go-tarantool.encodeSQLBind+0x00000000000001a0> 0x0000000000000000
#16 0.406 0x00007ffcced7ec10: 0x00000000003d0f00 0x6d2d08af2e089700
#16 0.406 0x00007ffcced7ec20: 0x00000000028383c0 0x0000000000000006
#16 0.406 0x00007ffcced7ec30: 0x0000000000000001 0x0000000000000000
#16 0.406 0x00007ffcced7ec40: 0x0000000001efa460 0x0000000001086de6
#16 0.406 0x00007ffcced7ec50: 0x0000000001f2da30 0x000000000040f
#16 0.406 0x00007ffcced7ec60: 0x0000000000000020 0x6d2d08af2e089700
#16 0.406 0x00007ffcced7ec70: 0x00007ffcced7ed60 0x00007ff9818c1640
#16 0.406 0x00007ffcced7ec80: 0x0000000000000000 0x00007ffcced7efb0
#16 0.406 runtime: g 0: unknown pc 0x10a6adc
#16 0.406 stack: frame={sp:0x7ffcced7eb90, fp:0x0} stack=[0x7ffcce580140,0x7ffcced7f150)
#16 0.406 0x00007ffcced7ea90: 0x00007ffcced7eab0 0x0000000000471d78 <runtime.callCgoMmap+0x0000000000000038>
#16 0.406 0x00007ffcced7eaa0: 0x00007ffcced7eaa0 0x0000000000114c10
#16 0.406 0x00007ffcced7eab0: 0x00007ffcced7eaf0 0x00007ff993c77000
#16 0.406 0x00007ffcced7eac0: 0x000000000040a0e0 <runtime.mmap.func1+0x0000000000000000> 0x00007ffcced7eab8
#16 0.406 0x00007ffcced7ead0: 0x00007ff993c77000 0x0000000000001000
#16 0.406 0x00007ffcced7eae0: 0x0000003200000003 0x00000000ffffffff
#16 0.406 0x00007ffcced7eaf0: 0x00007ffcced7eb38 0x000000000041d253 <runtime.sysMapOS+0x0000000000000033>
#16 0.406 0x00007ffcced7eb00: 0x00007ffcced7eb38 0x0000000000000000
#16 0.406 0x00007ffcced7eb10: 0x00007ff9819e2000 0x0000000000dd6757
#16 0.406 0x00007ffcced7eb20: 0xffffffff00000000 0x0000000300000022
#16 0.406 0x00007ffcced7eb30: 0x0000000000100000 0x0000000000000000
#16 0.406 0x00007ffcced7eb40: 0x0000000000000120 0x00000012818e2000
#16 0.406 0x00007ffcced7eb50: 0x0000000001142c50 0x000000001c000004
#16 0.406 0x00007ffcced7eb60: 0x0000000000000110 0x0000000000000000
#16 0.406 0x00007ffcced7eb70: 0x000080c00008ffff 0x000080c000088000
#16 0.406 0x00007ffcced7eb80: 0x0000000000000004 0x00000000010a6ace
#16 0.406 0x00007ffcced7eb90: <0x0000000000000000 0x0000000000000000
#16 0.406 0x00007ffcced7eba0: 0x0000000000000000 0x000000770000007c
#16 0.406 0x00007ffcced7ebb0: 0x0000005b0000006e 0x0000000000002000
#16 0.406 0x00007ffcced7ebc0: 0x0000000000000004 0x00000000010f4111
#16 0.406 0x00007ffcced7ebd0: 0x00007ff9818c1640 0x00007ffcced7efb0
#16 0.406 0x00007ffcced7ebe0: 0x00007ffcced7ed1e 0x00007ffcced7ed1f
#16 0.406 0x00007ffcced7ebf0: 0x0000000000000000 0x00000000010a4e19
#16 0.406 0x00007ffcced7ec00: 0x0000000000800280 <github.com/tarantool/go-tarantool.encodeSQLBind+0x00000000000001a0> 0x0000000000000000
#16 0.406 0x00007ffcced7ec10: 0x00000000003d0f00 0x6d2d08af2e089700
#16 0.406 0x00007ffcced7ec20: 0x00000000028383c0 0x0000000000000006
#16 0.406 0x00007ffcced7ec30: 0x0000000000000001 0x0000000000000000
#16 0.406 0x00007ffcced7ec40: 0x0000000001efa460 0x0000000001086de6
#16 0.406 0x00007ffcced7ec50: 0x0000000001f2da30 0x000000000040223f
#16 0.406 0x00007ffcced7ec60: 0x0000000000000020 0x6d2d08af2e089700
#16 0.406 0x00007ffcced7ec70: 0x00007ffcced7ed60 0x00007ff9818c1640
#16 0.406 0x00007ffcced7ec80: 0x0000000000000000 0x00007ffcced7efb0
#16 0.406
#16 0.406 goroutine 1 [running]:
#16 0.406 runtime.systemstack_switch()
#16 0.406 /__w/_tool/go/1.21.4/x64/src/runtime/asm_amd64.s:474 +0x8 fp=0xc00006c740 sp=0xc00006c730 pc=0x46e088
#16 0.406 runtime.main()
#16 0.406 /__w/_tool/go/1.21.4/x64/src/runtime/proc.go:169 +0x6d fp=0xc00006c7e0 sp=0xc00006c740 pc=0x43f46d
#16 0.406 runtime.goexit()
#16 0.406 /__w/_tool/go/1.21.4/x64/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00006c7e8 sp=0xc00006c7e0 pc=0x470061
#16 0.406
#16 0.406 rax 0x0
#16 0.406 rbx 0x28383c0
#16 0.406 rcx 0xffffffffffffffff
#16 0.406 rdx 0x6
#16 0.406 rdi 0x11
#16 0.406 rsi 0x11
#16 0.406 rbp 0x11
#16 0.406 rsp 0x7ffcced7eb90
#16 0.406 r8 0x7ffcced7ec60
#16 0.406 r9 0x0
#16 0.406 r10 0x8
#16 0.406 r11 0x5
#16 0.406 r12 0x6
#16 0.406 r13 0x16
#16 0.406 r14 0x1efa460
#16 0.406 r15 0x6
#16 0.406 rip 0x10a6adc
#16 0.406 rflags 0x246
#16 0.406 cs 0x33
#16 0.406 fs 0x0
#16 0.406 gs 0x0
#16 0.406 r11 0x246
#16 0.406 r12 0x6
#16 0.406 r13 0x16
#16 0.406 r14 0x1efa460
#16 0.406 r15 0x6
#16 0.406 rip 0x10a6adc
#16 0.406 rflags 0x246
#16 0.406 cs 0x33
#16 0.406 fs 0x0
#16 0.406 gs 0x0
https://github.com/actions/runner-images/issues/3812
It seems like not the tt problem, but the build environment problem. It could be fixed in that way: https://github.com/mpv-player/mpv/pull/9264/files
or by using a latest docker version on a runner.
It seems like not the
ttproblem, but the build environment problem.
Why does it work for cartridge-cli then?
It could be fixed in that way: https://github.com/mpv-player/mpv/pull/9264/files
It can't be easily controlled by me (I don't have an access to the runner). And it looks really insecure to use docker options.
I cite https://docs.docker.com/engine/security/seccomp/:
Secure computing mode (seccomp) is a Linux kernel feature. You can use it to restrict the actions available within the container. The seccomp() system call operates on the seccomp state of the calling process. You can use this feature to restrict your application's access.
That's exactly that we require from docker. And we shouldn't disable it in untrusted environments.
It seems like not the
ttproblem, but the build environment problem.Why does it work for cartridge-cli then?
I'll guess that the cartridge-cli compiled with CGO_ENABLED=0 unlike the tt. The problem requires more thorough investigation.
I just noticed that this can be quick-fixed with a some temporary workaround at the moment.