 int syscall__trace_entry_openat(struct pt_regs * ctx):
; struct pt_regs * __ctx = ctx->di
0: (79) r6 = *(u64 *)(r1 +112)
; int dfd; bpf_probe_read(&dfd, sizeof(dfd), &__ctx->di)
1: (bf) r3 = r6
2: (07) r3 += 112
3: (bf) r1 = r10
4: (07) r1 += -4
; int dfd; bpf_probe_read(&dfd, sizeof(dfd), &__ctx->di)
5: (b7) r2 = 4
6: (85) call bpf_probe_read_compat#-115168
; const char __user *filename; bpf_probe_read(&filename, sizeof(filename), &__ctx->si)
7: (bf) r3 = r6
8: (07) r3 += 104
9: (bf) r1 = r10
10: (07) r1 += -16
; const char __user *filename; bpf_probe_read(&filename, sizeof(filename), &__ctx->si)
11: (b7) r2 = 8
12: (85) call bpf_probe_read_compat#-115168
; int flags; bpf_probe_read(&flags, sizeof(flags), &__ctx->dx)
13: (07) r6 += 96
14: (bf) r1 = r10
15: (07) r1 += -20
; int flags; bpf_probe_read(&flags, sizeof(flags), &__ctx->dx)
16: (b7) r2 = 4
17: (bf) r3 = r6
18: (85) call bpf_probe_read_compat#-115168
19: (b7) r6 = 0
20: (73) *(u8 *)(r10 -24) = r6
21: (79) r3 = *(u64 *)(r10 -16)
22: (bf) r1 = r10
23: (07) r1 += -24
24: (b7) r2 = 1
25: (85) call bpf_probe_read_compat#-115168
26: (71) r1 = *(u8 *)(r10 -24)
27: (55) if r1 != 0x66 goto pc+368
28: (73) *(u8 *)(r10 -24) = r6
29: (79) r3 = *(u64 *)(r10 -16)
30: (07) r3 += 1
31: (bf) r1 = r10
32: (07) r1 += -24
33: (b7) r2 = 1
34: (85) call bpf_probe_read_compat#-115168
35: (71) r1 = *(u8 *)(r10 -24)
36: (55) if r1 != 0x6c goto pc+359
37: (b7) r6 = 0
38: (73) *(u8 *)(r10 -24) = r6
39: (79) r3 = *(u64 *)(r10 -16)
40: (07) r3 += 2
41: (bf) r1 = r10
42: (07) r1 += -24
43: (b7) r2 = 1
44: (85) call bpf_probe_read_compat#-115168
45: (71) r1 = *(u8 *)(r10 -24)
46: (55) if r1 != 0x61 goto pc+349
47: (73) *(u8 *)(r10 -24) = r6
48: (79) r3 = *(u64 *)(r10 -16)
49: (07) r3 +=3
50: (bf) r1 = r10
51: (07) r1 += -24
52: (b7) r2 = 1
53: (85) call bpf_probe_read_compat#-115168
54: (71) r1 = *(u8 *)(r10 -24)
55: (55) if r1 != 0x67 goto pc+340
56: (b7) r6 = 0
57: (73) *(u8 *)(r10 -24) = r6
58: (79) r3 = *(u64 *)(r10 -16)
59: (07) r3 += 4
60: (bf) r1 = r10
61: (07) r1 += -24
62: (b7) r2 = 1
63: (85) call bpf_probe_read_compat#-115168
64: (71) r1 = *(u8 *)(r10 -24)
65: (55) if r1 != 0x2e goto pc+330
66: (73) *(u8 *)(r10 -24) = r6
67: (79) r3 = *(u64 *)(r10 -16)
68: (07) r3 += 5
69: (bf) r1 = r10
70: (07) r1 += -24
71: (b7) r2 = 1
72: (85) call bpf_probe_read_compat#-115168
73: (71) r1 = *(u8 *)(r10 -24)
74: (55) if r1 != 0x74 goto pc+321
75: (b7) r6 = 0
76: (73) *(u8 *)(r10 -24) = r6
77: (79) r3 = *(u64 *)(r10 -16)
78: (07) r3 += 6
79: (bf) r1 = r10
80: (07) r1 += -24
81: (b7) r2 = 1
82: (85) call bpf_probe_read_compat#-115168
83: (71) r1 = *(u8 *)(r10 -24)
84: (55) if r1 != 0x78 goto pc+311
85: (73) *(u8 *)(r10 -24) = r6
86: (79) r3 = *(u64 *)(r10 -16)
87: (07) r3 += 7
88: (bf) r1 = r10
89: (07) r1 += -24
90: (b7) r2 = 1
91: (85) call bpf_probe_read_compat#-115168
92: (71) r1 = *(u8 *)(r10 -24)
93: (55) if r1 != 0x74 goto pc+302
94: (b7) r8 = 0
95: (63) *(u32 *)(r10 -24) = r8
96: (18) r1 = map[id:4]
98: (bf) r7 = r10
99: (07) r7 += -24
100: (bf) r2 = r7
101: (07) r1 += 272
102: (61) r0 = *(u32 *)(r2 +0)
103: (35) if r0 >= 0x8 goto pc+3
104: (67) r0 <<=3
105: (0f) r0 += r1
106: (05) goto pc+1
107: (b7) r0 = 0
108: (bf) r6 = r0
109: (18) r1 = map[id:3]
111: (bf) r2 = r7
112: (07) r1 += 272
113: (61) r0 = *(u32 *)(r2 +0)
114: (35) if r0 >= 0x8 goto pc+3
115: (67) r0 <<=3
116: (0f) r0 += r1
117: (05) goto pc+1
118: (b7) r0 = 0
119: (b7) r1 = 0
120: (15) if r6 == 0x0 goto pc+2
121: (61) r1 = *(u32 *)(r6 +0)
122: (a7) r1 ^= 5
123: (15) if r0 == 0x0 goto pc+6
124: (61) r2 = *(u32 *)(r0 +0)
125: (67) r1 <<=32
126: (77) r1 >>=32
127: (b7) r8 = 1
128: (1d) if r1 == r2 goto pc+1
129: (b7) r8 = 0
130: (b7) r1 = 1
131: (63) *(u32 *)(r10 -24) = r1
132: (18) r1 = map[id:4]
134: (bf) r7 = r10
135: (07) r7 += -24
136: (bf) r2 = r7
137: (07) r1 += 272
138: (61) r0 = *(u32 *)(r2 +0)
139: (35) if r0 >= 0x8 goto pc+3
140: (67) r0 <<=3
141: (0f) r0 += r1
142: (05) goto pc+1
143: (b7) r0 = 0
144: (bf) r6 = r0
145: (18) r1 = map[id:3]
147: (bf) r2 = r7
148: (07) r1 += 272
149: (61) r0 = *(u32 *)(r2 +0)
150: (35) if r0 >= 0x8 goto pc+3
151: (67) r0 <<=3
152: (0f) r0 += r1
153: (05) goto pc+1
154: (b7) r0 = 0
155: (b7) r1 = 0
156: (15) if r6 == 0x0 goto pc+2
157: (61) r1 = *(u32 *)(r6 +0)
158: (a7) r1 ^= 5
159: (15) if r0 == 0x0 goto pc+7
160: (61) r3 = *(u32 *)(r0 +0)
161: (67) r1 <<=32
162: (77) r1 >>=32
163: (b7) r2 = 1
164: (1d) if r1 == r3 goto pc+1
165: (b7) r2 = 0
166: (0f) r8 += r2
167: (b7) r1 = 2
168: (63) *(u32 *)(r10 -24) = r1
169: (18) r1 = map[id:4]
171: (bf) r7 = r10
172: (07) r7 += -24
173: (bf) r2 = r7
174: (07) r1 += 272
175: (61) r0 = *(u32 *)(r2 +0)
176: (35) if r0 >= 0x8 goto pc+3
177: (67) r0 <<=3
178: (0f) r0 += r1
179: (05) goto pc+1
180: (b7) r0 = 0
181: (bf) r6 = r0
182: (18) r1 = map[id:3]
184: (bf) r2 = r7
185: (07) r1 += 272
186: (61) r0 = *(u32 *)(r2 +0)
187: (35) if r0 >= 0x8 goto pc+3
188: (67) r0 <<=3
189: (0f) r0 += r1
190: (05) goto pc+1
191: (b7) r0 = 0
192: (b7) r1 = 0
193: (15) if r6 == 0x0 goto pc+2
194: (61) r1 = *(u32 *)(r6 +0)
195: (a7) r1 ^= 5
196: (15) if r0 == 0x0 goto pc+7
197: (61) r3 = *(u32 *)(r0 +0)
198: (67) r1 <<=32
199: (77) r1 >>=32
200: (b7) r2 = 1
201: (1d) if r1 == r3 goto pc+1
202: (b7) r2 = 0
203: (0f) r8 += r2
204: (b7) r1 =3
205: (63) *(u32 *)(r10 -24) = r1
206: (18) r1 = map[id:4]
208: (bf) r7 = r10
209: (07) r7 += -24
210: (bf) r2 = r7
211: (07) r1 += 272
212: (61) r0 = *(u32 *)(r2 +0)
213: (35) if r0 >= 0x8 goto pc+3
214: (67) r0 <<=3
215: (0f) r0 += r1
216: (05) goto pc+1
217: (b7) r0 = 0
218: (bf) r6 = r0
219: (18) r1 = map[id:3]
221: (bf) r2 = r7
222: (07) r1 += 272
223: (61) r0 = *(u32 *)(r2 +0)
224: (35) if r0 >= 0x8 goto pc+3
225: (67) r0 <<=3
226: (0f) r0 += r1
227: (05) goto pc+1
228: (b7) r0 = 0
229: (b7) r1 = 0
230: (15) if r6 == 0x0 goto pc+2
231: (61) r1 = *(u32 *)(r6 +0)
232: (a7) r1 ^= 5
233: (15) if r0 == 0x0 goto pc+7
234: (61) r3 = *(u32 *)(r0 +0)
235: (67) r1 <<=32
236: (77) r1 >>=32
237: (b7) r2 = 1
238: (1d) if r1 == r3 goto pc+1
239: (b7) r2 = 0
240: (0f) r8 += r2
241: (b7) r1 = 4
242: (63) *(u32 *)(r10 -24) = r1
243: (18) r1 = map[id:4]
245: (bf) r7 = r10
246: (07) r7 += -24
247: (bf) r2 = r7
248: (07) r1 += 272
249: (61) r0 = *(u32 *)(r2 +0)
250: (35) if r0 >= 0x8 goto pc+3
251: (67) r0 <<=3
252: (0f) r0 += r1
253: (05) goto pc+1
254: (b7) r0 = 0
255: (bf) r6 = r0
256: (18) r1 = map[id:3]
258: (bf) r2 = r7
259: (07) r1 += 272
260: (61) r0 = *(u32 *)(r2 +0)
261: (35) if r0 >= 0x8 goto pc+3
262: (67) r0 <<=3
263: (0f) r0 += r1
264: (05) goto pc+1
265: (b7) r0 = 0
266: (b7) r1 = 0
267: (15) if r6 == 0x0 goto pc+2
268: (61) r1 = *(u32 *)(r6 +0)
269: (a7) r1 ^= 5
270: (15) if r0 == 0x0 goto pc+7
271: (61) r3 = *(u32 *)(r0 +0)
272: (67) r1 <<=32
273: (77) r1 >>=32
274: (b7) r2 = 1
275: (1d) if r1 == r3 goto pc+1
276: (b7) r2 = 0
277: (0f) r8 += r2
278: (b7) r1 = 5
279: (63) *(u32 *)(r10 -24) = r1
280: (18) r1 = map[id:4]
282: (bf) r7 = r10
283: (07) r7 += -24
284: (bf) r2 = r7
285: (07) r1 += 272
286: (61) r0 = *(u32 *)(r2 +0)
287: (35) if r0 >= 0x8 goto pc+3
288: (67) r0 <<=3
289: (0f) r0 += r1
290: (05) goto pc+1
291: (b7) r0 = 0
292: (bf) r6 = r0
293: (18) r1 = map[id:3]
295: (bf) r2 = r7
296: (07) r1 += 272
297: (61) r0 = *(u32 *)(r2 +0)
298: (35) if r0 >= 0x8 goto pc+3
299: (67) r0 <<=3
300: (0f) r0 += r1
301: (05) goto pc+1
302: (b7) r0 = 0
303: (b7) r1 = 0
304: (15) if r6 == 0x0 goto pc+2
305: (61) r1 = *(u32 *)(r6 +0)
306: (a7) r1 ^= 5
307: (15) if r0 == 0x0 goto pc+7
308: (61) r3 = *(u32 *)(r0 +0)
309: (67) r1 <<=32
310: (77) r1 >>=32
311: (b7) r2 = 1
312: (1d) if r1 == r3 goto pc+1
313: (b7) r2 = 0
314: (0f) r8 += r2
315: (b7) r1 = 6
316: (63) *(u32 *)(r10 -24) = r1
317: (18) r1 = map[id:4]
319: (bf) r7 = r10
320: (07) r7 += -24
321: (bf) r2 = r7
322: (07) r1 += 272
323: (61) r0 = *(u32 *)(r2 +0)
324: (35) if r0 >= 0x8 goto pc+3
325: (67) r0 <<=3
326: (0f) r0 += r1
327: (05) goto pc+1
328: (b7) r0 = 0
329: (bf) r6 = r0
330: (18) r1 = map[id:3]
332: (bf) r2 = r7
333: (07) r1 += 272
334: (61) r0 = *(u32 *)(r2 +0)
335: (35) if r0 >= 0x8 goto pc+3
336: (67) r0 <<=3
337: (0f) r0 += r1
338: (05) goto pc+1
339: (b7) r0 = 0
340: (b7) r1 = 0
341: (15) if r6 == 0x0 goto pc+2
342: (61) r1 = *(u32 *)(r6 +0)
343: (a7) r1 ^= 5
344: (15) if r0 == 0x0 goto pc+7
345: (61) r3 = *(u32 *)(r0 +0)
346: (67) r1 <<=32
347: (77) r1 >>=32
348: (b7) r2 = 1
349: (1d) if r1 == r3 goto pc+1
350: (b7) r2 = 0
351: (0f) r8 += r2
352: (b7) r1 = 7
353: (63) *(u32 *)(r10 -24) = r1
354: (18) r1 = map[id:4]
356: (bf) r7 = r10
357: (07) r7 += -24
358: (bf) r2 = r7
359: (07) r1 += 272
360: (61) r0 = *(u32 *)(r2 +0)
361: (35) if r0 >= 0x8 goto pc+3
362: (67) r0 <<=3
363: (0f) r0 += r1
364: (05) goto pc+1
365: (b7) r0 = 0
366: (bf) r6 = r0
367: (18) r1 = map[id:3]
369: (bf) r2 = r7
370: (07) r1 += 272
371: (61) r0 = *(u32 *)(r2 +0)
372: (35) if r0 >= 0x8 goto pc+3
373: (67) r0 <<=3
374: (0f) r0 += r1
375: (05) goto pc+1
376: (b7) r0 = 0
377: (b7) r1 = 0
378: (15) if r6 == 0x0 goto pc+2
379: (61) r1 = *(u32 *)(r6 +0)
380: (a7) r1 ^= 5
381: (55) if r0 != 0x0 goto pc+1
382: (05) goto pc+10
383: (61) r3 = *(u32 *)(r0 +0)
384: (67) r1 <<=32
385: (77) r1 >>=32
386: (b7) r2 = 1
387: (1d) if r1 == r3 goto pc+1
388: (b7) r2 = 0
389: (0f) r8 += r2
390: (67) r8 <<=32
391: (77) r8 >>=32
392: (15) if r8 == 0x8 goto pc+3
393: (85) call bpf_get_current_pid_tgid#239984
394: (b7) r1 = 9
395: (85) call bpf_send_signal#-115264
396: (b7) r0 = 0
397: (95) exit