I've got 2 experimental environment: CentOS 6.8 and Ubuntu 16.04 Both run inside Virtualbox VM.
On CentOS I installed
yum install kernel-devel kernel-debug
On Ubuntu I installed:
sudo apt-get install linux-headers-$(uname -r)
sudo apt-get install fakeroot build-essential crash kexec-tools makedumpfile kernel-wedge
On both systems I can run this successfully:
stap -ve 'probe begin { log("hello world") exit() }'
I tried this .stp
script from systemtap guide:
#!/usr/bin/stap
probe begin
{
log("begin probe")
}
probe syscall.open
{
printf("%s(%d) open (%s)\n",execname(),pid(),argstr)
}
probe timer.ms(4000)#4s later
{
exit()
}
probe end
{
log("end probe")
}
chmod +x ...
the script and run as root
user. Both systems report errors like:
./test2.stp -v
Pass 1: parsed user script and 124 library script(s) using 217780virt/45168res/3204shr/42664data kb, in 210usr/20sys/238real ms.
semantic error: while resolving probe point: identifier 'kernel' at /usr/share/systemtap/tapset/linux/syscalls2.stp:197:24
source: probe __syscall.open = kernel.function("sys_open").call
^
semantic error: missing x86_64 kernel/module debuginfo [man warning::debuginfo] under '/lib/modules/2.6.32-642.el6.x86_64/build'
semantic error: while resolving probe point: identifier '__syscall' at :177:47
source: probe syscall.open = __syscall.compat_open ?, __syscall.open
^
semantic error: no match
semantic error: while resolving probe point: identifier 'syscall' at ./test2.stp:6:7
source: probe syscall.open
^
semantic error: no match
Pass 2: analyzed script: 3 probe(s), 6 function(s), 0 embed(s), 0 global(s) using 230172virt/57516res/5204shr/52952data kb, in 120usr/150sys/270real ms.
Pass 2: analysis failed. [man error::pass2]
What's this error about? Is it an installation problem? Is there a syntax error in my script?
Thanks a lot.
tl;dr install kernel image debug symbols, e.g. package linux-image-$(uname -r)-dbgsym
.
I was having similar error
$ sudo stap -v udp_detect_exec.stp
...
semantic error: while resolving probe point: identifier 'kernel' at /usr/share/systemtap/tapset/linux/udp.stp:39:21
source: probe udp.sendmsg = kernel.function("udp_sendmsg") {
From a systemtap
script to track DNS requests
#! /usr/bin/env stap
probe udp.sendmsg {
if ( dport == 53 && ( daddr == "8.8.8.8" || daddr == "8.8.4.4" ) ) {
printf ("PID %5d (%s) sent UDP to %15s 53\n", pid(), execname(), daddr)
}
}
Following this blog.jeffli.me post, a hello world systemtap
script worked.
sudo stap -e 'probe kernel.function("sys_open") {log("hello world") exit()}'
Following this wiki.ubuntu.com entry, my Ubuntu 16.04 system was missing the kernel debug symbols. I ran install steps:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C8CAB6595FDFF622
codename=$(lsb_release -c | awk '{print $2}')
sudo tee /etc/apt/sources.list.d/ddebs.list << EOF
deb http://ddebs.ubuntu.com/ ${codename} main restricted universe multiverse
deb http://ddebs.ubuntu.com/ ${codename}-security main restricted universe multiverse
deb http://ddebs.ubuntu.com/ ${codename}-updates main restricted universe multiverse
deb http://ddebs.ubuntu.com/ ${codename}-proposed main restricted universe multiverse
EOF
sudo apt-get update
sudo apt-get install linux-image-$(uname -r)-dbgsym
The script udp_detect_exec.stp
successfully ran.
I recommended checking for updated apt-get install
steps at the wiki.ubuntu.com entry.