Remove redundant debug logging in connection manager and I/O setup

internal/guest/vminit/runc/platform.go

@@ -80,7 +80,6 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, cons console.Console, i
 		cwg.Add(1)
 		go func() {
 			cwg.Done()
-			log.L.Debug("console stdin copy goroutine started")
 			bp := iobuf.Get()
 			defer iobuf.Put(bp)
 			n, err := io.CopyBuffer(epollConsole, in, *bp)

internal/guest/vminit/runc/util.go

@@ -132,6 +132,5 @@ func RelaxOCISpec(ctx context.Context, bundlePath string) error {
 
 	spec.Mounts = newMounts
 
-	log.G(ctx).Debug("relaxed OCI spec for VM isolation")
 	return writeSpec(bundlePath, spec)
 }

internal/guest/vminit/systools/proc.go

@@ -13,8 +13,6 @@ import (
 
 // DumpPids logs basic information for processes in /proc.
 func DumpPids(ctx context.Context) {
-	log.G(ctx).Debug("dumping /proc process info")
-
 	es, err := os.ReadDir("/proc")
 	if err != nil {
 		log.G(ctx).WithError(err).Error("failed to read /proc")

internal/shim/task/connmanager.go

@@ -61,16 +61,10 @@ func (m *ConnectionManager) GetClient(ctx context.Context) (*ttrpc.Client, error
 	if hasCachedClient && !isClosed {
 		client := m.client
 		m.mu.RUnlock()
-		log.G(ctx).Debug("connmanager: returning cached client")
 		return client, nil
 	}
 	m.mu.RUnlock()
 
-	log.G(ctx).WithFields(log.Fields{
-		"has_cached_client": hasCachedClient,
-		"is_closed":         isClosed,
-	}).Debug("connmanager: no cached client, will dial")
-
 	return m.getOrCreateClient(ctx)
 }
 
@@ -82,11 +76,9 @@ func (m *ConnectionManager) getOrCreateClient(ctx context.Context) (*ttrpc.Clien
 
 	// Double-check after acquiring write lock (another goroutine may have created it)
 	if m.closed {
-		log.G(ctx).Debug("connmanager: manager is closed, returning canceled")
 		return nil, context.Canceled
 	}
 	if m.client != nil {
-		log.G(ctx).Debug("connmanager: another goroutine created client, returning it")
 		return m.client, nil
 	}
 
@@ -124,12 +116,10 @@ func (m *ConnectionManager) SetClient(client *ttrpc.Client) {
 
 	// Close existing client if different
 	if m.client != nil && m.client != client {
-		log.L.Debug("connmanager: replacing existing client")
 		m.client.Close()
 	}
 
 	m.client = client
-	log.L.Debug("connmanager: client set")
 }
 
 // ClearClient removes the cached client without closing it.
@@ -158,7 +148,6 @@ func (m *ConnectionManager) Invalidate(ctx context.Context) {
 	defer m.mu.Unlock()
 
 	if m.client != nil {
-		log.G(ctx).Debug("connmanager: invalidating stale client")
 		m.client.Close()
 		m.client = nil
 	}
@@ -178,7 +167,6 @@ func (m *ConnectionManager) Close() error {
 	m.closed = true
 
 	if m.client != nil {
-		log.L.Debug("connmanager: closing task client")
 		err := m.client.Close()
 		m.client = nil
 		return err

internal/shim/task/io.go

@@ -141,7 +141,6 @@ func setupForwardIO(ctx context.Context, vmi vm.Instance, pio stdio.Stdio) (forw
 	if u.Scheme == "" {
 		u.Scheme = defaultScheme
 	}
-	log.G(ctx).WithField("scheme", u.Scheme).Debug("resolved stdout scheme")
 
 	switch u.Scheme {
 	case "stream":
@@ -159,7 +158,6 @@ func setupForwardIO(ctx context.Context, vmi vm.Instance, pio stdio.Stdio) (forw
 // setupFileScheme handles the "file://" URI scheme.
 // It creates VM-side streams and saves the original file path for host-side copying.
 func setupFileScheme(ctx context.Context, vmi vm.Instance, pio stdio.Stdio, stdoutFilePath string) (forwardIOSetup, error) {
-	log.G(ctx).WithField("stdoutFilePath", stdoutFilePath).Debug("file scheme: using host file paths for logging")
 
 	// Validate parent directory can be created for stdout
 	if err := os.MkdirAll(filepath.Dir(stdoutFilePath), 0750); err != nil {
@@ -190,13 +188,6 @@ func setupFileScheme(ctx context.Context, vmi vm.Instance, pio stdio.Stdio, stdo
 		return forwardIOSetup{}, err
 	}
 
-	log.G(ctx).WithFields(log.Fields{
-		"stdout":         streamPio.Stdout,
-		"stderr":         streamPio.Stderr,
-		"stdoutFilePath": stdoutFilePath,
-		"stderrFilePath": stderrFilePath,
-	}).Debug("file scheme: created VM streams, copying to host files")
-
 	// Return setup with:
 	// - streamPio: Contains stream:// URIs for VM
 	// - stdoutFilePath/stderrFilePath: Original file paths for host-side copyStreams
@@ -278,13 +269,6 @@ func (s *service) forwardIOWithIDs(ctx context.Context, vmi vm.Instance, contain
 		// pio.Stdout/Stderr contain stream:// URIs which will be sent to the VM
 		stdoutPath = setup.stdoutFilePath
 		stderrPath = setup.stderrFilePath
-		log.G(ctx).WithFields(log.Fields{
-			"stdoutPath":  stdoutPath,
-			"stderrPath":  stderrPath,
-			"vmStdout":    pio.Stdout,
-			"vmStderr":    pio.Stderr,
-			"usePIOPaths": setup.usePIOPaths,
-		}).Debug("forwardIO: using file paths for copyStreams, stream URIs for VM")
 	}
 	keepalives, err := copyStreams(ctx, streams, stdinPath, stdoutPath, stderrPath, ioDone)
 	if err != nil {
@@ -433,12 +417,10 @@ func openOutputDestination(ctx context.Context, name, stdout, stderr string, sam
 		return nil, nil, fmt.Errorf("containerd-shim: creating parent directory for %q failed: %w", name, err)
 	}
 
-	log.G(ctx).WithField("file", name).Debug("openOutputDestination: opening file for writing")
 	fw, err := os.OpenFile(name, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0600)
 	if err != nil {
 		return nil, nil, fmt.Errorf("containerd-shim: opening file %q failed: %w", name, err)
 	}
-	log.G(ctx).WithField("file", name).Debug("openOutputDestination: successfully opened file")
 	if stdout == stderr {
 		*sameFile = newCountingWriteCloser(fw, 1)
 		return *sameFile, nil, nil
@@ -450,10 +432,6 @@ func startOutputCopy(ctx context.Context, cwg *sync.WaitGroup, copying *atomic.I
 	cwg.Add(1)
 	go func() {
 		cwg.Done()
-		log.G(ctx).WithFields(log.Fields{
-			"target": target.name,
-			"label":  target.label,
-		}).Debug("startOutputCopy: starting to copy stream data")
 		p := iobuf.Get()
 		defer iobuf.Put(p)
 		n, err := io.CopyBuffer(wc, target.stream, *p)
@@ -463,12 +441,6 @@ func startOutputCopy(ctx context.Context, cwg *sync.WaitGroup, copying *atomic.I
 				"label":  target.label,
 				"bytes":  n,
 			}).Warn("output stream copy failed")
-		} else {
-			log.G(ctx).WithFields(log.Fields{
-				"target": target.name,
-				"label":  target.label,
-				"bytes":  n,
-			}).Debug("startOutputCopy: finished copying stream data")
 		}
 		if copying.Add(-1) == 0 {
 			close(done)
@@ -482,22 +454,18 @@ func startOutputCopy(ctx context.Context, cwg *sync.WaitGroup, copying *atomic.I
 
 func startStdinCopy(ctx context.Context, cwg *sync.WaitGroup, stream io.ReadWriteCloser, stdin string) error {
 	if stdin == "" {
-		log.G(ctx).Debug("startStdinCopy: stdin is empty, skipping")
 		return nil
 	}
-	log.G(ctx).WithField("stdin", stdin).Debug("startStdinCopy: opening stdin FIFO")
 	// Open FIFO with background context - it needs to stay open for the lifetime of I/O forwarding,
 	// not tied to any specific operation context. Using the RPC context would cause the FIFO to
 	// close when the Create RPC completes, breaking stdin for later attach operations.
 	f, err := fifo.OpenFifo(context.WithoutCancel(ctx), stdin, syscall.O_RDONLY|syscall.O_NONBLOCK, 0)
 	if err != nil {
 		return fmt.Errorf("containerd-shim: opening %s failed: %w", stdin, err)
 	}
-	log.G(ctx).WithField("stdin", stdin).Debug("startStdinCopy: stdin FIFO opened, starting copy goroutine")
 	cwg.Add(1)
 	go func() {
 		cwg.Done()
-		log.G(ctx).Debug("startStdinCopy: copy goroutine started")
 		defer func() {
 			if err := stream.Close(); err != nil {
 				if !isAlreadyClosedError(err) {

internal/shim/task/service.go

@@ -502,13 +502,11 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
 	// can become stale between Create completing and Start being called.
 	// We also do NOT close it because that can cause the VM to exit unexpectedly.
 	// Subsequent operations (Start, State, etc.) will dial fresh via the connection manager.
-	log.G(ctx).Debug("create: dialing RPC client for bundle/task creation (NOT caching)")
 	rpcClient, err := s.vmLifecycle.DialClient(ctx)
 	if err != nil {
 		log.G(ctx).WithError(err).Error("create: failed to dial RPC client")
 		return nil, errgrpc.ToGRPC(err)
 	}
-	log.G(ctx).Debug("create: RPC client dialed (will NOT be cached, Start will dial fresh)")
 	// rpcClient will be garbage collected - we don't close it to avoid killing the VM
 
 	// Create bundle in VM
@@ -1217,12 +1215,10 @@ func (s *service) CloseIO(ctx context.Context, r *taskAPI.CloseIORequest) (*ptyp
 			if r.ExecID == "" {
 				// Container stdin
 				s.container.io.init.forwarder.CloseStdin()
-				log.G(ctx).Debug("signaled forwarder to close container stdin")
 			} else {
 				// Exec stdin
 				if pio, ok := s.container.io.exec[r.ExecID]; ok {
 					pio.forwarder.CloseStdin()
-					log.G(ctx).WithField("exec", r.ExecID).Debug("signaled forwarder to close exec stdin")
 				}
 			}
 		}
@@ -1431,10 +1427,7 @@ func (s *service) send(evt interface{}) {
 	// and channel close. If the channel is closed after our check, the send
 	// would panic - we catch this and silently drop the event.
 	defer func() {
-		if r := recover(); r != nil {
-			// Event dropped during shutdown race - this is expected and safe
-			log.L.Debug("event dropped during shutdown")
-		}
+		_ = recover() // Event dropped during shutdown race - expected and safe
 	}()
 	s.events <- evt
 }

internal/shim/transform/bundle.go

@@ -45,8 +45,6 @@ func TransformBindMounts(ctx context.Context, b *bundle.Bundle) error {
 // - Ensure cgroup2 mount exists
 // - Grant full capabilities (VM is the security boundary)
 func AdaptForVM(ctx context.Context, b *bundle.Bundle) error {
-	log.G(ctx).Debug("adapting OCI spec for VM execution")
-
 	// Remove network and cgroup namespaces
 	if b.Spec.Linux != nil {
 		var namespaces []specs.LinuxNamespace