Basically, to use systemtap we need to install not only the systemtap itself but also

• linux-headers and
• linux-image-debug

Install systemtap

sudo apt-get install systemtap
sudo apt-get install gcc

Well, gcc is necessary to build systemtap script.

Install linux-headers and linux-image-debug

Usually, the installation could be accomplished by apt.

Use uname -a and aptitude search to get the proper package name.

$aptitude search linux-image | grep dbg
i  linux-image-unsigned-4.15.0-33-generic-dbgsym - Linux kernel debug image for version 4.15.0 on 64 bit x86 SMP

$aptitude search linux-headers
 
-4.15.0-33-generic
i A linux-headers-4.15.0-33-generic                                                                 - Linux kernel headers for version 4.15.0 on 64 bit x86 SMP                                                
p   linux-headers-4.15.0-33-generic:i386                                                            -
 
 Linux kernel headers for version 4.15.0 on 32 bit x86 SMP

Then install them.

In case you can’t find the linux-image-debug package, refer to Install debug file part in this post.

Verify the installation

sudo stap -v -e 'probe begin { printf("Hello, World!\n"); exit() }'

sudo stap -v -e 'probe vfs.read {printf("read performed\n"); exit()}'

If both of them works fine, congratulations.

Simple example

$ cat exec.stp 
probe syscall.execve
{
    printf ("%s(%d) execve (%s)\n", execname(), pid(), argstr)
}
probe syscall.exit
{
    printf ("%s(%d) exit (%s)\n", execname(), pid(), argstr)
}

Then run this script

sudo stap -v exec.stp

Reference