linuxkernelsystemtap

Linux run kernel probe systemtap script failed with semantic error: no match"


I've got 2 experimental environment: CentOS 6.8 and Ubuntu 16.04 Both run inside Virtualbox VM.

On CentOS I installed

yum install kernel-devel kernel-debug

On Ubuntu I installed:

sudo apt-get install linux-headers-$(uname -r)
sudo apt-get install fakeroot build-essential crash kexec-tools makedumpfile kernel-wedge

On both systems I can run this successfully:

stap -ve 'probe begin { log("hello world") exit() }'

I tried this .stp script from systemtap guide:

#!/usr/bin/stap
probe begin
{
    log("begin probe")
}
probe syscall.open
{
    printf("%s(%d) open (%s)\n",execname(),pid(),argstr)
}
probe timer.ms(4000)#4s later
{
    exit()
}
probe end
{
    log("end probe")
}

chmod +x ... the script and run as root user. Both systems report errors like:

./test2.stp -v
Pass 1: parsed user script and 124 library script(s) using 217780virt/45168res/3204shr/42664data kb, in 210usr/20sys/238real ms.
semantic error: while resolving probe point: identifier 'kernel' at /usr/share/systemtap/tapset/linux/syscalls2.stp:197:24
        source: probe __syscall.open = kernel.function("sys_open").call
                                       ^

semantic error: missing x86_64 kernel/module debuginfo [man warning::debuginfo] under '/lib/modules/2.6.32-642.el6.x86_64/build'

semantic error: while resolving probe point: identifier '__syscall' at :177:47
        source: probe syscall.open = __syscall.compat_open ?, __syscall.open
                                                              ^

semantic error: no match

semantic error: while resolving probe point: identifier 'syscall' at ./test2.stp:6:7
        source: probe syscall.open
                      ^

semantic error: no match

Pass 2: analyzed script: 3 probe(s), 6 function(s), 0 embed(s), 0 global(s) using 230172virt/57516res/5204shr/52952data kb, in 120usr/150sys/270real ms.
Pass 2: analysis failed.  [man error::pass2]

What's this error about? Is it an installation problem? Is there a syntax error in my script?

Thanks a lot.


Solution

  • tl;dr install kernel image debug symbols, e.g. package linux-image-$(uname -r)-dbgsym.

    Problem Background

    I was having similar error

    $ sudo stap -v udp_detect_exec.stp
    ...
    semantic error: while resolving probe point: identifier 'kernel' at /usr/share/systemtap/tapset/linux/udp.stp:39:21
            source: probe udp.sendmsg = kernel.function("udp_sendmsg") {
    

    From a systemtap script to track DNS requests

    #! /usr/bin/env stap
    probe udp.sendmsg {
      if ( dport == 53 && ( daddr == "8.8.8.8" || daddr == "8.8.4.4" ) ) {
        printf ("PID %5d (%s) sent UDP to %15s 53\n", pid(), execname(), daddr)
      }
    }
    

    Following this blog.jeffli.me post, a hello world systemtap script worked.

    sudo stap -e 'probe kernel.function("sys_open") {log("hello world") exit()}'
    

    Solution (install kernel debug symbols)

    Following this wiki.ubuntu.com entry, my Ubuntu 16.04 system was missing the kernel debug symbols. I ran install steps:

    sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C8CAB6595FDFF622
    codename=$(lsb_release -c | awk  '{print $2}')
    sudo tee /etc/apt/sources.list.d/ddebs.list << EOF
      deb http://ddebs.ubuntu.com/ ${codename}      main restricted universe multiverse
      deb http://ddebs.ubuntu.com/ ${codename}-security main restricted universe multiverse
      deb http://ddebs.ubuntu.com/ ${codename}-updates  main restricted universe multiverse
      deb http://ddebs.ubuntu.com/ ${codename}-proposed main restricted universe multiverse
    EOF
    sudo apt-get update
    sudo apt-get install linux-image-$(uname -r)-dbgsym
    

    The script udp_detect_exec.stp successfully ran.

    I recommended checking for updated apt-get install steps at the wiki.ubuntu.com entry.