SYSTEMTAP: KILL() [WHO KILLED MY PROCESS?]

Technical Blog Post

Abstract

Body

This small systemtap script will let you know who killed your process. Sometimes you might see that a process gets killed for no obvious reason and you have no idea who killed it. Of course here we're not talking about process dying because of a SEGV or SIGBUS, due to programming errors, but a genuine kill.

In the script below you can of course replace the '9' by another number to catch another signal. The script has to be run as root like this:

# stap -o signal2.out signal2.st

The output file, signal2.out here, might look like this:

[csh - 7211 - 7211] sent SIGKILL to pid 9122

The script is:

#! /usr/bin/env stap

/*
* signal2.st: Track sender of SIGKILL to a given process.
*
* Run as user 'root' using the following command line:
*
* stap -o signal2.out signal2.st
*
*
* dalla
*/

probe syscall.kill
{
    if (sig == 9) {
        printf("[%s - %d - %d] sent SIGKILL to pid %d\n",
               execname(), pid(), tid(), pid);
    }
}

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

UID

ibm13286395

Tips

SYSTEMTAP: KILL() [WHO KILLED MY PROCESS?]

Technical Blog Post

Abstract

Body

UID

Share your feedback

Need support?