Public bug reported: Support for decoding bpf() syscall arguments with current packaged version of strace is incomplete.
In particular, on Ubuntu 16.04 LTS with kernel 4.4.0, strace is packaged in version 4.11 and does not decode arguments for bpf(BPF_OBJ_PIN, …) or bpf(BPF_OBJ_GET, …) calls. Also, other constants are added in kernel 4.8 and are missing on Ubuntu 16.10, such as BPF_MAP_TYPE_CGROUP_ARRAY. For calls to bpf() with these commands, strace output is similar to: bpf(0x6 /* BPF_??? */, 0x7fffbf33efe0, 48) = 0 bpf(0x7 /* BPF_??? */, 0x7fffbf33ffe0, 48) = -1 ENOENT (No such file or directory) A patch to update bpf() support was recently merged to strace code base: https://github.com/strace/strace/commit/0a8dd6a68c108654ba5a17dce6c5839495cd26d3 The output of the same calls, after this patch, is as follows, and makes things much easier to debug: bpf(BPF_OBJ_PIN, {pathname="/sys/fs/bpf/tc/globals/foo", bpf_fd=5}, 48) = 0 bpf(BPF_OBJ_GET, {pathname="/sys/fs/bpf/tc/globals/bar", bpf_fd=0}, 48) = -1 ENOENT (No such file or directory) Would it be possible to have it somehow (new strace release, or backport) on 16.04 LTS? ** Affects: strace (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1660309 Title: packaged strace does not decode all arguments for bpf() syscall To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strace/+bug/1660309/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs