Hello everyone!

I am experiencing some issues with the execveat tracepoints, and was wondering if others could reproduce it or help me understand what I am doing wrong.

On Arch Linux (kernel 5.9.1, perf 5.7.g3d77e6a8804a), both sys_enter_execveat and sys_exit_execveat never seem to report any event.

On Ubuntu 20.04 (kernel 5.4.0, perf 5.4.65), sys_enter_execveat will work provided there is no one else making use of that tracepoint, while sys_exit_execveat is always completely silent.

I traced the program I am using to test this with strace and verified that execveat is being called correctly. The following is the source code for that program:

---
#include <unistd.h>
#include <linux/fcntl.h>
#include <linux/unistd.h>

int main() {
syscall(__NR_execveat, AT_FDCWD,
"/usr/bin/bash", nullptr,
nullptr, 0);

return 0;
}
---

Here's a recording of what I'm experiencing on Ubuntu: https://asciinema.org/a/6EiDfoOpK1AYcDm7aPftrYqdo

Thanks for your help!

Alessandro Gario