Re: Invalid filename/mode in openat tracepoint data


Tristan Mayfield
 

I ran the same test with strace. One of the file data points that doesn't show up is this:

bpftrace:
sys_enter_openat mode:0 filename: (93911401193582)

strace:
openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3

But "locale-archive" does show up in different contexts in bpftrace.
The major commonality I'm seeing is that the file opened right before the "no-name" file seems to be a shared object that was (presumably) dynamically used. Here are some examples:

sys_enter_openat mode:0 filename:/lib/x86_64-linux-gnu/libc.so.6 (140092012560096)
sys_enter_openat mode:0 filename: (93826516217966)

sys_enter_openat mode:0 filename:/lib/x86_64-linux-gnu/libtinfo.so.6 (139814679237888)
sys_enter_openat mode:0 filename: (139814679027664)

sys_enter_openat mode:0 filename:/lib/x86_64-linux-gnu/libc.so.6 (140231836626656)
sys_enter_openat mode:0 filename: (94880667103342)

This might be a linking issue and openat isn't getting supplied a filename? I'll keep debugging since this is interesting. Have you looked through bug reports for bpftrace or BCC?

Tristan

Join iovisor-dev@lists.iovisor.org to automatically receive all group messages.