Got an answer on reddit.
sudo journalctl _AUDIT_TYPE_NAME=SECCOMP -f
May 05 06:29:26 whonix1 audit[9740]: SECCOMP auid=4294967295 uid=108 gid=118 ses=4294967295 subj==/usr/bin/sdwdate (enforce) pid=9740 comm=“sdwdate” exe=“/usr/bin/python3.7” sig=31 arch=c0000015 syscall=140 compat=0 ip=0x7fff96cc7df4 code=0x0
Found Chromium OS Docs - Linux System Call Table for a table to translate
140
to
_llseek
Platform dependent.
Maybe a better table:
Linux system calls table for several architectures
(Replace sdwdate with the systemd unit name to debug.)
sudoedit /lib/systemd/system/sdwdate.service && sudo systemctl daemon-reload && sudo systemctl restart sdwdate && sudo systemctl --no-page status sdwdate