This is a canonical question. I want to understand why a specific system call is failing. Is it possible to display the kernel stack trace of the syscall:
- when the return is non-zero or is negative (it depends on syscall to know when it fails, maybe we should base the failure on
errno
) - and when the execution reaches the return instruction?
Tried with trace
/trace-bpfcc
from bcc-tools
(Fedora)/bpfcc-tools
(Ubuntu):
$ sudo /usr/sbin/trace-bpfcc -K 'r::do_sys_open "%llx", retval'&
$ touch /root # As normal user
15979 15979 touch do_sys_open fffffffffffffffe
kretprobe_trampoline+0x0 [kernel]
do_syscall_64+0x5a [kernel]
entry_SYSCALL_64_after_hwframe+0x44 [kernel]
But the stack trace is meaningless.