Open
Description
Description
Found in internal e2e tests:
{"level":"error","ts":1745854868.8045926,"msg":"error reading argument from buffer","error":"bufferdecoder.(*EbpfDecoder).DecodeArguments: failed to read argument 2 of event security_socket_connect: bufferdecoder.readArgFromBuff: bufferdecoder.readSockaddrFromBuff: error parsing sockaddr_un: bufferdecoder.readSunPathFromBuff: error reading sun_path: can't read context from buffer: buffer too short"}
An example of an event matching the error:
{"timestamp":1745854870773181642,"threadStartTime":1745854308244023878,"processorId":3,"processId":1,"cgroupId":28,"threadId":1,"parentProcessId":0,"hostProcessId":1,"hostThreadId":1,"hostParentProcessId":0,"userId":0,"mountNamespace":4026531841,"pidNamespace":4026531836,"processName":"systemd","executable":{"path":""},"hostName":"ip-10-198-2-59","containerId":"","container":{},"kubernetes":{},"eventId":"736","eventName":"security_socket_connect","matchedPolicies":["default"],"argsNum":3,"returnValue":0,"syscall":"connect","stackAddresses":null,"contextFlags":{"containerStarted":false,"isCompat":false},"threadEntityId":3465834367,"processEntityId":3465834367,"parentEntityId":3703956197,"args":[{"name":"sockfd","type":"int32","value":17},{"name":"type","type":"string","value":"SOCK_STREAM"},{"name":"remote_addr","type":"SockAddr","value":null}]}
Seems to be something done in systemd, not sure what. Any idea for a reproducer is welcome.
Output of tracee version:
Commit 997b5c3
Output of uname -a:
unknown