sysdig icon indicating copy to clipboard operation
sysdig copied to clipboard
verified publisher icon draios

empty capture if sysdig is not run for a minimum period (e.g. 1 s).

Open apteryks opened this issue 7 months ago • 1 comments

Hello! Consider the following script:

sudo ls >/dev/null  # warm up sudo
sudo sysdig --modern-bpf -z -w guix-unshare-bug.scap &
#sleep 1                         # otherwise sysdig captures nothing?

SYSDIG_PID=$!

guix shell --manifest=extras/packaging/gnu-linux/guix/manifest.scm \
  --symlink=/usr/bin/env=bin/env \
  --symlink=/etc/ssl/certs=etc/ssl/certs \
  --container --network -- \
  sh -c exit

# Now stop sysdig
#sleep 1                         # otherwise sysdig captures nothing?
sudo kill $SYSDIG_PID

# Refine the trace to just the right 'guix shell' process.
# The PID of the parent 'guix shell' process was found to be 31074.
# sysdig -r guix-unshare-bug.scap -z -w refined-unshare-bug.scap \
#        "(proc.pid=31074 or proc.apid=31074)"

What I was trying to do there is run sysdig for as little time as possible to get the minimal trace of a problem I was trying to debug (a crash in Guix), but unless I used sleeps in the above script, no output file would be produced:

$ ./guix-unshare-bug-repro.sh
guix shell: erreur : unshare : 268566528: Argument invalide
Backtrace:
          16 (primitive-load "/home/maxim/.config/guix/current/bin/guix")
In guix/ui.scm:
   2369:7 15 (run-guix . _)
  2332:10 14 (run-guix-command _ . _)
In ice-9/boot-9.scm:
  1752:10 13 (with-exception-handler _ _ #:unwind? _ #:unwind-for-type _)
In guix/status.scm:
    842:4 12 (call-with-status-report _ _)
In guix/store.scm:
    703:3 11 (_)
In ice-9/boot-9.scm:
  1752:10 10 (with-exception-handler _ _ #:unwind? _ #:unwind-for-type _)
In guix/store.scm:
   690:37  9 (thunk)
   1331:8  8 (call-with-build-handler _ _)
   1331:8  7 (call-with-build-handler #<procedure 7fddd2337840 at guix/ui.scm:1259:2 (continue stor…> …)
In guix/scripts/environment.scm:
  1205:11  6 (proc _)
In guix/store.scm:
  2212:25  5 (run-with-store #<store-connection 256.100 7fdddbf4a0f0> _ #:guile-for-build _ #:system …)
In guix/scripts/environment.scm:
    911:8  4 (_ _)
In gnu/build/linux-container.scm:
    485:7  3 (call-with-container _ _ #:namespaces _ #:host-uids _ #:guest-uid _ #:guest-gid _ # _ # …)
In unknown file:
           2 (waitpid #f #<undefined>)
In ice-9/boot-9.scm:
  1685:16  1 (raise-exception _ #:continuable? _)
  1685:16  0 (raise-exception _ #:continuable? _)

ice-9/boot-9.scm:1685:16: In procedure raise-exception:
Wrong type (expecting exact integer): #f
$ ls *.scap
ls: impossible d'accéder à '*.scap': Aucun fichier ou dossier de ce nom

Is it a known limitation that sysdig can't run for very short intervals like in my example above?

apteryks avatar Jul 16 '25 12:07 apteryks

By the way, I'm used to use strace, which is able to start the application to troubleshoot itself; such a mode for sysdig would be very handy, where you could e.g.: sysdig -w hello.scap -- hello-app --some-arg

apteryks avatar Jul 16 '25 12:07 apteryks

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Nov 14 '25 02:11 github-actions[bot]

not stale (arg, stale bot!)

apteryks avatar Nov 14 '25 03:11 apteryks