Process gets killed immediately by CrowdStrike

Mozilla-Ocho / llamafile

Distribute and run LLMs with a single file.

https://llamafile.ai

Other

20.29k stars 1.02k forks source link

Process gets killed immediately by CrowdStrike #14

Closed akkomar closed 11 months ago

akkomar commented 11 months ago

Running on Mac 14.1.1, Xcode is installed:

$ xcode-select --install
xcode-select: note: Command line tools are already installed. Use "Software Update" in System Settings or the softwareupdate command line interface to install updates

I downloaded just the llamafile software, following https://github.com/Mozilla-Ocho/llamafile#binary-instructions. Running it results in process getting killed:

$ ./llamafile --help
[1]    4806 killed     ./llamafile --help

Any ideas on how to debug it?

jart commented 11 months ago

This is possibly a duplicate of #11. I haven't been able to reproduce this issue locally. Could you try disabling SIP and running lldb -- $TMPDIR/.ape-1.9 ./llamafile and give me (1) the name of the instruction that's illegal (or its hex value) and (2) the hex address of where that instruction is in memory?

akkomar commented 11 months ago

I'm not sure I'm launching it correctly but that's what I got:

$ lldb -- $TMPDIR/.ape-1.9 ./llamafile
(lldb) target create "/var/folders/tj/6t1b0gmd50z6w50b3fn825fm0000gn/T//.ape-1.9"
Current executable set to '/var/folders/tj/6t1b0gmd50z6w50b3fn825fm0000gn/T/.ape-1.9' (arm64).
(lldb) settings set -- target.run-args  "./llamafile"
(lldb) run
error: process exited with status -1 (no such process.)

jart commented 11 months ago

I wish I could do more to help, but I'm not able to reproduce this and there's not a lot of information to go on here. If you can get more diagnostic information from your system about what's happening, please post it here and I'll re-open this issue. Thank you for reaching out and reporting this!

jart commented 11 months ago

Re-opening because there's additional similar reports for this issue on Hacker News. Currently asking around if anyone knows if there's a security related command that needs to be run.

callmeed commented 11 months ago

I was running into this issue (and reported it on Hacker News) and discovered it was due to security software running on my work laptop.

We use CrowdStrike and I was told by our security team it was likely cosmopolitan libc that was triggering it (as it resembles malware). I was able to get my machine whitelisted.

Might be worth adding a note to the README.

reneric commented 11 months ago

Can confirm, CrowdStrike is what caused this issue for me

jart commented 11 months ago

Thank you for figuring this out for us! I'll add a note to the README.

carbocation commented 11 months ago

I'm not able to disable crowdstrike, but I also reported this issue on HN and I can confirm that I have it running on my machine as well so it sounds like the likely unifying culprit.

akkomar commented 11 months ago

Thank you, I can confirm that Crowdstrike was the culprit.