search

Sysinternals / ProcDump-for-Linux

A Linux version of the ProcDump Sysinternals tool
MIT License
2.94k stars 303 forks source link

the procdump looks like hanging #117

Closed gaowayne closed 2 years ago

gaowayne commented 3 years ago

Expected behavior

Actual behavior

I run below to catch hang dump, but it is hanging there without write anything or progress info.

Steps to reproduce the behavior

[root@localhost ProcDump-for-Linux]# procdump -p 3486177

ProcDump v1.1.1 - Sysinternals process dump utility Copyright (C) 2020 Microsoft Corporation. All rights reserved. Licensed under the MIT license. Mark Russinovich, Mario Hewardt, John Salem, Javid Habibi Monitors a process and writes a dump file when the process exceeds the specified criteria.

Process: fio (3486177) CPU Threshold: n/a Commit Threshold: n/a Polling interval (ms): 1000 Threshold (s): 10 Number of Dumps: 1 Output directory for core dumps: .

Press Ctrl-C to end monitoring without terminating the process.

System information (e.g., distro, kernel version, etc.)

jahabibi commented 3 years ago

Hey @gaowayne can you provide the distro and kernel information for your system? Additionally is this a containerized environment?

GitTorre commented 3 years ago

Name: Ubuntu 18.04.5 LTS Version: Linux version 5.4.0-1051-azure (buildd@lgw01-amd64-052) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1\~18.04)) 53~18.04.1-Ubuntu SMP Fri Jun 18 22:32:58 UTC 2021

foo@SFRole00000042:~$ sudo procdump -p 20100

ProcDump v1.1.1 - Sysinternals process dump utility Copyright (C) 2020 Microsoft Corporation. All rights reserved. Licensed under the MIT license. Mark Russinovich, Mario Hewardt, John Salem, Javid Habibi Monitors a process and writes a dump file when the process exceeds the specified criteria.

Process: FabricObserver (20100) CPU Threshold: n/a Commit Threshold: n/a Polling interval (ms): 1000 Threshold (s): 10 Number of Dumps: 1

Press Ctrl-C to end monitoring without terminating the process.

[01:08:35 - ERROR]: An error occured while generating the core dump [01:08:35 - ERROR]: GCORE - Could not attach to process. If your uid matches the uid of the target [01:08:35 - ERROR]: GCORE - process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try [01:08:35 - ERROR]: GCORE - again as the root user. For more details, see /etc/sysctl.d/10-ptrace.conf [01:08:35 - ERROR]: GCORE - warning: process 20100 is already traced by process 23146 [01:08:35 - ERROR]: GCORE - ptrace: Operation not permitted. [01:08:35 - ERROR]: GCORE - You can't do that without a process to debug. [01:08:35 - ERROR]: GCORE - The program is not being run. [01:08:35 - ERROR]: GCORE - gcore: failed to create FabricObserver_time_2021-07-21_01:08:35.20100

Using gcore directly also has this problem. Further, why is the process blown up to 4GB of working set after this fails?!! The goal in my case is to not modify a process when taking a snapshot of its memory, handles, stack. Like on Windows, where I can create a MiniDumpPlus dmp that leaves the target process in place as is... I guess I can try the createdump utility, but I suspect it may also fail unless they are generating their own dumps outside of gcore.

FabricObserver is a netcoreapp 3.1 process.

I suspect the issue is here:

[01:08:35 - ERROR]: GCORE - warning: process 20100 is already traced by process 23146 [01:08:35 - ERROR]: GCORE - ptrace: Operation not permitted. [01:08:35 - ERROR]: GCORE - You can't do that without a process to debug.

But I am not sure what it actually means in context.

Anyway, FYI. Same/similar problem as original filer of this issue..

Thanks, ...Charles

MarioHewardt commented 3 years ago

@GitTorre new issue created.