empty capture if sysdig is not run for a minimum period (e.g. 1 s).

[apteryks]

Hello! Consider the following script:

sudo ls >/dev/null  # warm up sudo
sudo sysdig --modern-bpf -z -w guix-unshare-bug.scap &
#sleep 1                         # otherwise sysdig captures nothing?

SYSDIG_PID=$!

guix shell --manifest=extras/packaging/gnu-linux/guix/manifest.scm \
  --symlink=/usr/bin/env=bin/env \
  --symlink=/etc/ssl/certs=etc/ssl/certs \
  --container --network -- \
  sh -c exit

# Now stop sysdig
#sleep 1                         # otherwise sysdig captures nothing?
sudo kill $SYSDIG_PID

# Refine the trace to just the right 'guix shell' process.
# The PID of the parent 'guix shell' process was found to be 31074.
# sysdig -r guix-unshare-bug.scap -z -w refined-unshare-bug.scap \
#        "(proc.pid=31074 or proc.apid=31074)"

What I was trying to do there is run sysdig for as little time as possible to get the minimal trace of a problem I was trying to debug (a crash in Guix), but unless I used sleeps in the above script, no output file would be produced:

$ ./guix-unshare-bug-repro.sh
guix shell: erreur : unshare : 268566528: Argument invalide
Backtrace:
          16 (primitive-load "/home/maxim/.config/guix/current/bin/guix")
In guix/ui.scm:
   2369:7 15 (run-guix . _)
  2332:10 14 (run-guix-command _ . _)
In ice-9/boot-9.scm:
  1752:10 13 (with-exception-handler _ _ #:unwind? _ #:unwind-for-type _)
In guix/status.scm:
    842:4 12 (call-with-status-report _ _)
In guix/store.scm:
    703:3 11 (_)
In ice-9/boot-9.scm:
  1752:10 10 (with-exception-handler _ _ #:unwind? _ #:unwind-for-type _)
In guix/store.scm:
   690:37  9 (thunk)
   1331:8  8 (call-with-build-handler _ _)
   1331:8  7 (call-with-build-handler #<procedure 7fddd2337840 at guix/ui.scm:1259:2 (continue stor…> …)
In guix/scripts/environment.scm:
  1205:11  6 (proc _)
In guix/store.scm:
  2212:25  5 (run-with-store #<store-connection 256.100 7fdddbf4a0f0> _ #:guile-for-build _ #:system …)
In guix/scripts/environment.scm:
    911:8  4 (_ _)
In gnu/build/linux-container.scm:
    485:7  3 (call-with-container _ _ #:namespaces _ #:host-uids _ #:guest-uid _ #:guest-gid _ # _ # …)
In unknown file:
           2 (waitpid #f #<undefined>)
In ice-9/boot-9.scm:
  1685:16  1 (raise-exception _ #:continuable? _)
  1685:16  0 (raise-exception _ #:continuable? _)

ice-9/boot-9.scm:1685:16: In procedure raise-exception:
Wrong type (expecting exact integer): #f
$ ls *.scap
ls: impossible d'accéder à '*.scap': Aucun fichier ou dossier de ce nom

Is it a known limitation that sysdig can't run for very short intervals like in my example above?

[apteryks]

By the way, I'm used to use strace, which is able to start the application to troubleshoot itself; such a mode for sysdig would be very handy, where you could e.g.: sysdig -w hello.scap -- hello-app --some-arg

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[apteryks]

not stale (arg, stale bot!)