arm sandbox and squid error

[2576834738]

Self Checks

• This is only for bug report, if you would like to ask a question, please head to Discussions.
• I have searched for existing issues search for existing issues, including closed ones.
• I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
• [FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:）
• Please do not modify this template :) and fill in all the required fields.

Dify version

0.15.3

Cloud or Self Hosted

Self Hosted (Docker)

Steps to reproduce

In the ARM environment, Sandbox and Ubuntu/Squit encounter errors, and the error persists after restarting repeatedly

1. sandbox

runtime/cgo: pthread_create failed: Operation not permitted
SIGABRT: abort
PC=0x7f8c957240 m=0 sigcode=18446744073709551610

goroutine 0 [idle]:
runtime: g 0: unknown pc 0x7f8c957240
stack: frame={sp:0x7fd848f930, fp:0x0} stack=[0x7fd7c90e18,0x7fd848fe30)
0x0000007fd848f830:  0x0000000000000000  0x00000000021afa20 
0x0000007fd848f840:  0x0000007f8cad2640  0x0000007fd848fc90 
0x0000007fd848f850:  0x000000000270e000  0x00000000027260c0 
0x0000007fd848f860:  0x0000007fd848f8a0  0x0000007fd848f8d0 
0x0000007fd848f870:  0x0000000000000000  0x0000007f8cad86f8 
0x0000007fd848f880:  0x0000007f8ca7f198  0x0000007f8cad7000 
0x0000007fd848f890:  0x0000000000000002  0x0000000000000001 
0x0000007fd848f8a0:  0x0000007fd848f8e0  0x0000007f8c91cda8 
0x0000007fd848f8b0:  0x0000007fd848f948  0x0000000002178030 
0x0000007fd848f8c0:  0x0000007fd848fa50  0x0000000000679694 
0x0000007fd848f8d0:  0x0000007f8c8e5c98  0x0000007f8cad1170 
0x0000007fd848f8e0:  0x0000007f8ca82590  0x000000000000002e 
0x0000007fd848f8f0:  0x0000007fd848fa50  0x00000000027260c0 
0x0000007fd848f900:  0x0000007fd848fbb0  0x0000007fd848fbb0 
0x0000007fd848f910:  0x0000007fd848fa70  0x0000007f8caa6884 
0x0000007fd848f920:  0x0000007f8ca81630  0x0000000002178030 
0x0000007fd848f930: <0x00000000027632f0  0x27a6034fa0c13200 
0x0000007fd848f940:  0x0000007fd848f980  0x0000007f8c9067a0 
0x0000007fd848f950:  0x0000000000000006  0x0000007f8cad1f00 
0x0000007fd848f960:  0x0000007f8ca81a50  0x0000000000000001 
0x0000007fd848f970:  0x0000007f8c8f1950  0x5f64616572687470 
0x0000007fd848f980:  0x0000007fd848fa40  0x0000007f8c8f1a48 
0x0000007fd848f990:  0x0000007f8ca81000  0x0000000000000000 
0x0000007fd848f9a0:  0x0000000000000020  0x00000000ffffffff 
0x0000007fd848f9b0:  0x0000007fd848f9f8  0x0000007fd848f9a6 
0x0000007fd848f9c0:  0x00000000fbad2887  0x0000000000000000 
0x0000007fd848f9d0:  0x000000000000000a  0x0000007f8ca82590 
0x0000007fd848f9e0:  0x2525252525252525  0x2525252525252525 
0x0000007fd848f9f0:  0x25203a64656c6961  0x0000000000000073 
0x0000007fd848fa00:  0x00000000f0000000  0x0000000000000000 
0x0000007fd848fa10:  0xff00000000000000  0xffffffffffffff00 
0x0000007fd848fa20:  0xfffffff0f0000000  0x0000000000000000 
runtime: g 0: unknown pc 0x7f8c957240
stack: frame={sp:0x7fd848f930, fp:0x0} stack=[0x7fd7c90e18,0x7fd848fe30)
0x0000007fd848f830:  0x0000000000000000  0x00000000021afa20 
0x0000007fd848f840:  0x0000007f8cad2640  0x0000007fd848fc90 
0x0000007fd848f850:  0x000000000270e000  0x00000000027260c0 
0x0000007fd848f860:  0x0000007fd848f8a0  0x0000007fd848f8d0 
0x0000007fd848f870:  0x0000000000000000  0x0000007f8cad86f8 
0x0000007fd848f880:  0x0000007f8ca7f198  0x0000007f8cad7000 
0x0000007fd848f890:  0x0000000000000002  0x0000000000000001 
0x0000007fd848f8a0:  0x0000007fd848f8e0  0x0000007f8c91cda8 
0x0000007fd848f8b0:  0x0000007fd848f948  0x0000000002178030 
0x0000007fd848f8c0:  0x0000007fd848fa50  0x0000000000679694 
0x0000007fd848f8d0:  0x0000007f8c8e5c98  0x0000007f8cad1170 
0x0000007fd848f8e0:  0x0000007f8ca82590  0x000000000000002e 
0x0000007fd848f8f0:  0x0000007fd848fa50  0x00000000027260c0 
0x0000007fd848f900:  0x0000007fd848fbb0  0x0000007fd848fbb0 
0x0000007fd848f910:  0x0000007fd848fa70  0x0000007f8caa6884 
0x0000007fd848f920:  0x0000007f8ca81630  0x0000000002178030 
0x0000007fd848f930: <0x00000000027632f0  0x27a6034fa0c13200 
0x0000007fd848f940:  0x0000007fd848f980  0x0000007f8c9067a0 
0x0000007fd848f950:  0x0000000000000006  0x0000007f8cad1f00 
0x0000007fd848f960:  0x0000007f8ca81a50  0x0000000000000001 
0x0000007fd848f970:  0x0000007f8c8f1950  0x5f64616572687470 
0x0000007fd848f980:  0x0000007fd848fa40  0x0000007f8c8f1a48 
0x0000007fd848f990:  0x0000007f8ca81000  0x0000000000000000 
0x0000007fd848f9a0:  0x0000000000000020  0x00000000ffffffff 
0x0000007fd848f9b0:  0x0000007fd848f9f8  0x0000007fd848f9a6 
0x0000007fd848f9c0:  0x00000000fbad2887  0x0000000000000000 
0x0000007fd848f9d0:  0x000000000000000a  0x0000007f8ca82590 
0x0000007fd848f9e0:  0x2525252525252525  0x2525252525252525 
0x0000007fd848f9f0:  0x25203a64656c6961  0x0000000000000073 
0x0000007fd848fa00:  0x00000000f0000000  0x0000000000000000 
0x0000007fd848fa10:  0xff00000000000000  0xffffffffffffff00 
0x0000007fd848fa20:  0xfffffff0f0000000  0x0000000000000000 

goroutine 1 [running]:
runtime.systemstack_switch()
        /opt/hostedtoolcache/go/1.20.6/arm64/src/runtime/asm_arm64.s:200 +0x8 fp=0x400004e770 sp=0x400004e760 pc=0x73608
runtime.main()
        /opt/hostedtoolcache/go/1.20.6/arm64/src/runtime/proc.go:170 +0x6c fp=0x400004e7d0 sp=0x400004e770 pc=0x4704c
runtime.goexit()
        /opt/hostedtoolcache/go/1.20.6/arm64/src/runtime/asm_arm64.s:1172 +0x4 fp=0x400004e7d0 sp=0x400004e7d0 pc=0x75bd4

r0      0x0
r1      0x1
r2      0x6
r3      0x7f8cad1f00
r4      0x7f8cad6b30
r5      0x1
r6      0x20
r7      0xffffffff
r8      0x83
r9      0x0
r10     0x7f8c8e5c98
r11     0x0
r12     0x7f8cad8350
r13     0x7fd848fd30
r14     0x3d
r15     0x3c47b5
r16     0x0
r17     0x0
r18     0x1ad000
r19     0x1
r20     0x7f8cad1f00
r21     0x6
r22     0x1
r23     0x0
r24     0x0
r25     0x0
r26     0x7fd848fc90
r27     0x270e000
r28     0x27260c0
r29     0x7fd848f940
lr      0x7f8c95722c
sp      0x7fd848f930
pc      0x7f8c957240
fault   0x0`

2. ubuntu/squid

[ENTRYPOINT] re-create snakeoil self-signed certificate removed in the build process
[ENTRYPOINT] replacing environment variables in the template
2025/02/25 11:00:55| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
2025/02/25 11:00:55| aclIpParseIpData: IPv6 has not been enabled.
2025/02/25 11:00:55| aclIpParseIpData: IPv6 has not been enabled.
2025/02/25 11:00:55| aclIpParseIpData: IPv6 has not been enabled.
2025/02/25 11:00:55| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2025/02/25 11:00:55| aclIpParseIpData: IPv6 has not been enabled.
2025/02/25 11:00:55| aclIpParseIpData: IPv6 has not been enabled.
2025/02/25 11:00:55| Processing Configuration File: /etc/squid/conf.d/debian.conf (depth 1)
2025/02/25 11:00:55| Processing Configuration File: /etc/squid/conf.d/rock.conf (depth 1)
2025/02/25 11:00:55| Created PID file (/run/squid.pid)
2025/02/25 11:00:55| ERROR: Cannot open cache_log (/var/log/squid/cache.log) for writing;
    fopen(3) error: (13) Permission denied
2025/02/25 11:00:55| Set Current Directory to /var/spool/squid
2025/02/25 11:00:55| Creating missing swap directories
2025/02/25 11:00:55| No cache_dir stores are configured.
2025/02/25 11:00:55| Removing PID file (/run/squid.pid)
[ENTRYPOINT] starting squid
2025/02/25 11:00:55| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
2025/02/25 11:00:55| aclIpParseIpData: IPv6 has not been enabled.
2025/02/25 11:00:55| aclIpParseIpData: IPv6 has not been enabled.
2025/02/25 11:00:55| aclIpParseIpData: IPv6 has not been enabled.
2025/02/25 11:00:55| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2025/02/25 11:00:55| aclIpParseIpData: IPv6 has not been enabled.
2025/02/25 11:00:55| aclIpParseIpData: IPv6 has not been enabled.
2025/02/25 11:00:55| Processing Configuration File: /etc/squid/conf.d/debian.conf (depth 1)
2025/02/25 11:00:55| Processing Configuration File: /etc/squid/conf.d/rock.conf (depth 1)
2025/02/25 11:00:55| Created PID file (/run/squid.pid)
2025/02/25 11:00:55| ERROR: Cannot open cache_log (/var/log/squid/cache.log) for writing;
    fopen(3) error: (13) Permission denied
2025/02/25 11:00:55| Set Current Directory to /var/spool/squid
2025/02/25 11:00:55| Starting Squid Cache version 6.6 for aarch64-unknown-linux-gnu...
2025/02/25 11:00:55| Service Name: squid
2025/02/25 11:00:55| Process ID 16
2025/02/25 11:00:55| Process Roles: master worker
2025/02/25 11:00:55| With 1024 file descriptors available
2025/02/25 11:00:55| Initializing IP Cache...
2025/02/25 11:00:55| DNS IPv4 socket created at 0.0.0.0, FD 7
2025/02/25 11:00:55| Adding nameserver 127.0.0.11 from /etc/resolv.conf
2025/02/25 11:00:55| Adding ndots 1 from /etc/resolv.conf
2025/02/25 11:00:55| Logfile: opening log daemon:/var/log/squid/access.log
2025/02/25 11:00:55| Logfile Daemon: opening log /var/log/squid/access.log
2025/02/25 11:00:55| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2025/02/25 11:00:55| Store logging disabled
2025/02/25 11:00:55| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2025/02/25 11:00:55| Target number of buckets: 1008
2025/02/25 11:00:55| Using 8192 Store buckets
2025/02/25 11:00:55| Max Mem  size: 262144 KB
2025/02/25 11:00:55| Max Swap size: 0 KB
2025/02/25 11:00:55| Using Least Load store dir selection
2025/02/25 11:00:55| Set Current Directory to /var/spool/squid
2025/02/25 11:00:55| Finished loading MIME types and icons.
2025/02/25 11:00:55| HTCP Disabled.
2025/02/25 11:00:55| Pinger socket opened on FD 13
2025/02/25 11:00:55| Squid plugin modules loaded: 0
2025/02/25 11:00:55| Adaptation support is off.
2025/02/25 11:00:55| Accepting HTTP Socket connections at conn2 local=0.0.0.0:3128 remote=[::] FD 10 flags=9
    listening port: 3128
2025/02/25 11:00:55| Accepting reverse-proxy HTTP Socket connections at conn4 local=0.0.0.0:8194 remote=[::] FD 11 flags=9
    listening port: 8194
2025/02/25 11:00:55| Configuring Parent sandbox
2025/02/25 11:00:55| WARNING: DNS lookup for 'sandbox' failed!
fopen: Permission denied
2025/02/25 11:00:55 pinger| WARNING: BCP 177 violation. Detected non-functional IPv6 loopback.
2025/02/25 11:00:55 pinger| Initialising ICMP pinger ...
2025/02/25 11:00:55 pinger| Open  icmp_sock: (1) Operation not permitted
2025/02/25 11:00:55 pinger| ERROR: Unable to start ICMP pinger.
2025/02/25 11:00:55 pinger| Open  icmp_sock: (1) Operation not permitted
2025/02/25 11:00:55 pinger| ERROR: Unable to start ICMPv6 pinger.
2025/02/25 11:00:55 pinger| FATAL: Unable to open any ICMP sockets.
2025/02/25 11:00:56| ERROR: logfileHandleWrite: daemon:/var/log/squid/access.log: error writing ((32) Broken pipe)
2025/02/25 11:00:56| Closing HTTP(S) port 0.0.0.0:3128
    listening port: 3128
2025/02/25 11:00:56| Closing HTTP(S) port 0.0.0.0:8194
    listening port: 8194
2025/02/25 11:00:56| storeDirWriteCleanLogs: Starting...
2025/02/25 11:00:56|   Finished.  Wrote 0 entries.
2025/02/25 11:00:56|   Took 0.00 seconds (  0.00 entries/sec).
2025/02/25 11:00:56| FATAL: I don't handle this error well!
2025/02/25 11:00:56| Squid Cache (Version 6.6): Terminated abnormally.
CPU Usage: 0.102 seconds = 0.082 user + 0.020 sys
Maximum Resident Size: 94112 KB
Page faults with physical i/o: 0
2025/02/25 11:00:56| Removing PID file (/run/squid.pid)
2025/02/25 11:00:56| Closing Pinger socket on FD 13`

✔️ Expected Behavior

fix error

❌ Actual Behavior

error

[dosubot]

I found a similar unsolved discussion regarding sandbox issues in the Dify repository: sandbox can't use ^[1].

For the issues you're encountering:

1. Sandbox Error (pthread_create failed):

   • This error often relates to insufficient permissions or resource limits. Ensure that the Docker container has the necessary permissions and that the host system's resource limits (like ulimit) are configured to allow the creation of threads.

2. Squid Error (IPv6 and Permission Denied):

   • IPv6 Warnings: These indicate that IPv6 is not enabled. You can either enable IPv6 on your system or adjust the Squid configuration to not use IPv6.
   • Permission Denied for cache_log: This suggests a file permission issue. Ensure that the Squid process has write permissions to the /var/log/squid/ directory. You might need to adjust the permissions or ownership of this directory.

For Squid configuration, you can refer to the recommended settings for permissions and IPv6 in a Dify setup ^[2].

To continue talking to Dosu, mention @dosu.

---

^{Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other}

[2576834738]

I am using the Squid configuration of dify, which is the default configuration and has not been changed @dosu

[dosubot]

The default Squid configuration in Dify might not explicitly allow all necessary IPv6 traffic and could have restrictive access controls, leading to errors. To address these issues:

1. IPv6 Configuration: Ensure your IPv6 traffic is within the allowed ranges (fc00::/7 and fe80::/10) or modify the ACLs to include your specific IPv6 addresses.

2. Permission Denied: The http_access rules are restrictive. You may need to adjust these ACLs to allow the necessary ports or methods. For example, uncommenting the line to allow more ports for SSL connections might help:

   # acl SSL_ports port 1025-65535
   

   Also, ensure that your http_access rules permit traffic from your specific sources, as the default configuration includes a rule to deny all traffic at the end:

   http_access deny all
   

   Adjust or add rules before this line to permit the necessary traffic.

For more detailed configurations, you can edit the squid.conf file located at docker/volumes/ssrf_proxy/squid.conf ^[1][2].

To continue talking to Dosu, mention @dosu.

---

^{Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other}

[2576834738]

It's no use, can you help me take a look? Squid cannot run, causing the page to be inaccessible now. @crazywoola