#!/usr/bin/env stap -DMAXMAPENTRIES=20480 $0 $@; exit $?
# errsnoop.stp
# Copyright (C) 2009 Red Hat, Inc., Eugene Teo <eteo@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# attack "stupid userspace" apps
#

global error, trace

probe syscall.* {
	# assume syscall don't nest
	trace[tid()] = argstr
}

probe syscall.*.return {
	errno = errno_p(returnval())
	if (errno != 0) {
		t = tid()
		argstr = trace[t]
		delete trace[t]

		error[name, execname(), pid(), errno, argstr] <<< 1
	}
}

probe timer.s(%( $# > 0 %? $1 %: 5 %)) {
	ansi_clear_screen()
	printf("%17s %15s %5s %4s %-12s %s\n",
			"SYSCALL", "PROCESS", "PID", "HITS", "ERRSTR", "ARGSTR")
	foreach([fn, comm, pid, errno, argstr] in error- limit %( $# > 1 %? $2 %: 20 %)) {
		errstr = sprintf("%3d (%s)", errno, errno_str(errno))
		printf("%17s %15s %5d %4d %-12s %s\n", fn, comm, pid,
				@count(error[fn, comm, pid, errno, argstr]),
#				errstr, substr(argstr,0,22)) # within cols#80
				errstr, argstr)

	}
	delete error
}