Missing expected event: security_socket_connect

[OriGlassman]

Description

I ran some binary and expected to see a security_socket_connect. I did see a socketcall syscall with 'call' argument being 3 which leads to __sys_connect, and eventually to security_socket_connect - but I don't get any security_socket_connect in tracee.
The return value of socketcall syscall is 0, so the call indeed succeeds (and I have an established connection).

./tracee -f e=security_socket*,socket*,security_socket_connect

Output of tracee version:

Tracee version: "v0.16.0"

Output of uname -a:

Linux kali 6.1.0-kali5-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.12-1kali2 (2023-02-23) x86_64 GNU/Linux

Additional details

08:41:19:699082 1000 payload 1922 1922 0 security_socket_create family: AF_INET, type: SOCK_STREAM, protocol: 0, kern: 0
08:41:19:699078 1000 payload 1922 1922 3 socketcall call: 1, args: 0xffb7fd24
08:41:19:699118 1000 payload 1922 1922 0 socketcall call: 3, args: 0xffb7fd14
08:41:19:699699 1000 payload 1922 1922 106 read fd: 3, buf: 0xffb7fd18, count: 106
08:41:19:732676 1000 payload 1922 1922 1017704 socketcall call: 10, args: 0xffb7fd08
08:41:19:738542 1000 payload 1922 1922 0 security_file_open pathname: /proc/stat, flags: O_RDONLY|O_LARGEFILE, dev: 20, inode: 4026532118, ctime: 1688623941048000000, syscall_pathname: /proc/stat

[geyslan]

@OriGlassman is this still reproducible?