Test all non-syscall events in all kernels

[AlonZivony]

We should run tests that all the non-syscall events we have are not generating any errors when run in all kernels. A proposition to do so is to add the the e2e tests we have a stage that load all events, or test that load one event each time iterating over all of the events.

[rafaeldtinoco]

I agree this should be done. for a v6.5.x kernel, for example, this is the current situation with a complete set of events (from E2E tests):

$ sudo ./dist/tracee --no-containers -p ~/work/cli/test/ -o option:exec-env -o option:e
xec-hash -o option:parse-arguments -o option:sort-events -o none
{"level":"warn","ts":1701694975.813535,"msg":"libbpf: prog 'trace_ret_layout_and_allocate': failed to create kretprobe 'layout_and_allocate+0x0' perf event: No such file or directory"}
{"level":"error","ts":1701694975.8135998,"msg":"Event canceled because of missing probe dependency","missing probe":102,"event":"hidden_kernel_module_seeker"}
{"level":"warn","ts":1701694975.9879267,"msg":"libbpf: prog 'trace_ret_exec_binprm': failed to create kretprobe 'exec_binprm+0x0' perf event: No such file or directory"}
{"level":"error","ts":1701694975.9879916,"msg":"Event canceled because of missing probe dependency","missing probe":96,"event":"process_execute_failed"}
{"level":"warn","ts":1701694976.1228976,"msg":"libbpf: prog 'trace_load_elf_phdrs': failed to create kprobe 'load_elf_phdrs+0x0' perf event: Cannot assign requested address"}
{"level":"warn","ts":1701694976.2762296,"msg":"libbpf: prog 'trace_exec_binprm': failed to create kprobe 'exec_binprm+0x0' perf event: No such file or directory"}
{"level":"error","ts":1701694976.27629,"msg":"Event canceled because of missing probe dependency","missing probe":95,"event":"process_execute_failed"}
{"level":"warn","ts":1701694979.5936491,"msg":"Memory dump","error":"ebpf.(*Tracee).triggerMemDump: policy 0: no address or symbols were provided to print_mem_dump event. please provide it via -e print_mem_dump.args.address=<hex address>, -e print_mem_dump.args.symbol_name=<owner>:<symbol> or -e print_mem_dump.args.symbol_name=<symbol> if specifying a system owned symbol"}
{"level":"warn","ts":1701694979.5936863,"msg":"Memory dump","error":"ebpf.(*Tracee).triggerMemDump: policy 1: invalid symbols provided to print_mem_dump event: {system_,sys_,__x64_sys_,__arm64_sys_}compat_filldir64"}
{"level":"warn","ts":1701694979.5936952,"msg":"Memory dump","error":"ebpf.(*Tracee).triggerMemDump: policy 1: invalid symbols provided to print_mem_dump event: {system_,sys_,__x64_sys_,__arm64_sys_} "}
{"level":"warn","ts":1701694979.5937037,"msg":"Memory dump","error":"ebpf.(*Tracee).triggerMemDump: policy 2: no address or symbols were provided to print_mem_dump event. please provide it via -e print_mem_dump.args.address=<hex address>, -e print_mem_dump.args.symbol_name=<owner>:<symbol> or -e print_mem_dump.args.symbol_name=<symbol> if specifying a system owned symbol"}
{"level":"warn","ts":1701694979.5937123,"msg":"Memory dump","error":"ebpf.(*Tracee).triggerMemDump: policy 3: no address or symbols were provided to print_mem_dump event. please provide it via -e print_mem_dump.args.address=<hex address>, -e print_mem_dump.args.symbol_name=<owner>:<symbol> or -e print_mem_dump.args.symbol_name=<symbol> if specifying a system owned symbol"}

In here we are seeing multiple issues:

1. symbols from the "hidden kernel module" logic that are required and don't exit
2. cancelled event "error" (should it be an error ?)
3. process_execute fails due to the lack of "exec_binprm" hook.
4. load_elf_phdrs fails due to the lack of missing hook.
5. bad symbols being used/given to print_mem_dump