Open phsmenon opened 5 years ago
Thanks for the detailed bug report @phsmenon! It seems like you are building with -j32
so it is possible that the sysdig
kernel ring buffer can't keep up or maybe we're not processing them fast enough in userland. As far as I understand, sysdig
is geared toward production use meaning that they will drop events rather than slowing down the system being monitored.
Would it be easy for you to try a build with the full set of flags but with less parallelism?
I tried the build with no parallelism. But it seems to exhibit the same behavior. I have attached the cctrace logs as well as the build logs.
Let me know if I you want me to try anything else.
I can reproduce the issue using a small, single-threaded test script. It looks like we're hitting a sysdig
limitation. According to this issue, sysdig
does not handle arguments longer than one page size.
For long command lines cctrace appears to see/check only the first 4095 characters or so. This seems to be causing bogus "missing argument" errors. For example, see the error on line 978 in the attached log file; the command line appears to be cut-off towards the end.
When I build with fewer flags (which causes the command line to shrink somewhat), the error seems to go away.
I built the variant set based on the latest VGT and the postgres ATD included with it. For reference, I have attached the cctrace policy file I used as well as the build and command logs.
cctrace-postgres-with-long-line-error.log
variant-21-logs-and-policy.zip