logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

killsnoop - Trace signals issued by the kill() syscall. Uses Linux eBPF/bcc.

Contents

Author

       Brendan Gregg

Description

       killsnoop  traces  the  kill()  syscall,  to  show  signals  sent  via this method. This may be useful to
       troubleshoot failing applications, where an unknown mechanism is sending signals.

       This works by tracing the kernel sys_kill() function using dynamic tracing, and  will  need  updating  to
       match any changes to this function.

       This  makes  use  of  a  Linux 4.4 feature (bpf_perf_event_output()); for kernels older than 4.4, see the
       version under tools/old, which uses an older mechanism.

       Since this uses BPF, only the root user can use this tool.

Examples

       Trace all kill() syscalls:
              # killsnoop

       Trace only kill() syscalls that failed:
              # killsnoop-x

       Trace PID 181 only:
              # killsnoop-p181

       Trace target PID 189 only:
              # killsnoop-T189

       Trace signal 9 only:
              # killsnoop-s9

Fields

       TIME   Time of the kill call.

       PID    Source process ID

       COMM   Source process name

       SIG    Signal number. See signal(7).

       TPID   Target process ID

       RES    Result. 0 == success, a negative value (of the error code) for failure.

Name

       killsnoop - Trace signals issued by the kill() syscall. Uses Linux eBPF/bcc.

Options

       -h     Print usage message.

       -x     Only print failed kill() syscalls.

       -p PID Trace this process ID only which is the sender of signal (filtered in-kernel).

       -T PID Trace this target process ID only which is the receiver of signal (filtered in-kernel).

       -s SIGNAL
              Trace this signal only (filtered in-kernel).

Os

       Linux

Overhead

       This traces the kernel kill function and prints output for each event. As the rate of this  is  generally
       expected  to be low (< 100/s), the overhead is also expected to be negligible. If you have an application
       that is calling a very high rate of kill()s for some reason, then test  and  understand  overhead  before
       use.

Requirements

       CONFIG_BPF and bcc.

See Also

opensnoop(8), funccount(8)

USER COMMANDS                                      2015-08-20                                       killsnoop(8)

Source

       This is from bcc.

              https://github.com/iovisor/bcc

       Also  look  in  the bcc distribution for a companion _examples.txt file containing example usage, output,
       and commentary for this tool.

Stability

       Unstable - in development.

Synopsis

killsnoop[-h][-x][-pPID][-TPID][-sSIGNAL]

See Also

Man Pages
trace Man Pages
Man Pages
killsnoop Man Pages
Man Pages
kill Man Pages
Signal
Signal PNG Icons
Man Pages
process Man Pages
Man Pages
kernel Man Pages
TLDR
Trap command - control signals Tldr
Man Pages
linux Man Pages
Man Pages
Catalyst::Restarter::Win32 Man Pages
← View System admin Category← Back to System startup and services🙏  Credits & Acknowledgments