Linux Run Kernel Probe Systemtap Script Failed with Semantic Error: No Match"

  • Home
  • Languages
  • Linux
  • Linux Run Kernel Probe Systemtap Script Failed with Semantic Error: No Match"

Linux run kernel probe systemtap script failed with semantic error: no match

tl;dr install kernel image debug symbols, e.g. package linux-image-$(uname -r)-dbgsym.

Problem Background

I was having similar error

$ sudo stap -v udp_detect_exec.stp
...
semantic error: while resolving probe point: identifier 'kernel' at /usr/share/systemtap/tapset/linux/udp.stp:39:21
        source: probe udp.sendmsg = kernel.function("udp_sendmsg") {

From a systemtap script to track DNS requests

#! /usr/bin/env stap
probe udp.sendmsg (
  if ( dport == 53 && ( daddr == "8.8.8.8" || daddr == "8.8.4.4" ) ) {
    printf ("PID %5d (%s) sent UDP to %15s 53\n", pid(), execname(), daddr)
  }
}

Following this blog.jeffli.me post, a hello world systemtap script worked.

sudo stap -e 'probe kernel.function("sys_open") {log("hello world") exit()}'

Solution (install kernel debug symbols)

Following this wiki.ubuntu.com entry, my Ubuntu 16.04 system was missing the kernel debug symbols. I ran install steps:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C8CAB6595FDFF622
codename=$(lsb_release -c | awk  '{print $2}')
sudo tee /etc/apt/sources.list.d/ddebs.list << EOF
  deb http://ddebs.ubuntu.com/ ${codename}      main restricted universe multiverse
  deb http://ddebs.ubuntu.com/ ${codename}-security main restricted universe multiverse
  deb http://ddebs.ubuntu.com/ ${codename}-updates  main restricted universe multiverse
  deb http://ddebs.ubuntu.com/ ${codename}-proposed main restricted universe multiverse
EOF
sudo apt-get update
sudo apt-get install linux-image-$(uname -r)-dbgsym

The script udp_detect_exec.stp successfully ran.

I recommended checking for updated apt-get install steps at the wiki.ubuntu.com entry.

systemtap failed to probe the functions. Registration error

systemtap does not support overlays/union filesystems. The systemtap userspace code has to be changed to get the real inode of a file if it is in overlayfs. For this the systemtap need to be code changed and built. Download systemtap source code make changes in the file uprobes-inode.c . The change is to use the d_backing_inode to find inode. Need to make changes in two places.

    inode_1 = d_backing_inode(d_real((struct dentry *) dentry, NULL, 0, 0)); //use inode_1 in the following function.
    if ((vm_flags & VM_EXEC) && !(vm_flags & VM_WRITE))
        rc = stapiu_change_plus(target, task, addr, length,
                    offset, vm_flags, inode_1);
        //          offset, vm_flags, dentry->d_inode);

    vm_file = stap_find_exe_file(mm);
    if (vm_file) {
        if (vm_file->f_path.dentry)
        {
            //inode = vm_file->f_path.dentry->d_inode;
            inode = d_backing_inode(d_real((struct dentry *) vm_file->f_path.dentry, NULL, 0, 0));
        
        }
        fput(vm_file);

Systemtap libdwfl error on Linux

Found the problem!!!! It seemed that I was using the wrong version of the Linux Kernel. I was using the default kernel supplied by the version I wrote in the question. It seems that that version (the 2.6.32-5-686 one) has problems with the debug-info so all I did was try the same with another version (the Linux version 3.9.6 with gcc version 4.7.2 Debian 4.7.2-5) and it worked without trouble :)

Dirty CoW mitigation on CentOS 7.2 - semantic error: while resolving probe point

Yes, I have successfully implemented this temporary mitigation on CentOS 7.

As described in one of the comments on that bugzilla entry, you need to install the both systemtap and the debuginfo for the kernel in order for this mitigation to work.

The commands given are:

yum install systemtap yum-utils
debuginfo-install kernel-$(uname -r)

Based on what you posted, presumably you already have systemtap, but the error you're getting suggests you need the debuginfo packages. The second command above should install the right stuff; you could also get the RPMs by hand from http://debuginfo.centos.org/ (this is what I ended up doing)

By the way, this mitigation using systemtap is not a real fix, it just makes one of the proof of concept programs fail. It is worth doing, but no substitute for a real patched kernel.

I don't understand why Red Hat and CentOS haven't pushed out patched kernel packages yet, Ubuntu and others had their updates out days ago. What's the holdup?

systemtap probing by line number analysis failed

This would be the expected behaviour if your program lacks debuginfo but has a symbol table - i.e., if it was compiled without CFLAGS=-g.


Related Topics

Renaming a Set of Files to 001, 002,

Tomcat 7 with Java 8 on Windows and Linux

Jenkins Path to Git Windows Master/Linux Slave

Finding Contents of One File in Another File

System Wide Keyboard Hook on X Under Linux

Syntax With Pound and Percent Sign After Shell Parameter Name

Clear a Terminal Screen For Real

See Socket Options on Existing Sockets Created by Other Apps

Executing Script on Receiving Incoming Connection with Xinetd

Return Code When Os Kills Your Process

How to Download PHP Script from a Web Page with Wget

How to Install Opencv on Amazon Linux

Replace String in a File with Value from Another File

Git Permission Denied (Publickey,Gssapi-Keyex,Gssapi-With-Mic)

Why Do I Have to 'Wait()' for Child Processes

Setting CPU Affinity of a Process from the Start on Linux

What Is the Linux Built-In Driver Load Order

How to Install Xvfb (X Virtual Framebuffer) on Redhat 6.5


Leave a reply



Submit