#!/usr/bin/stap
#
# Script printing PID + all parents sending kill -2/-9/-15 signals to kernel
# ring buffer
#
# On RHEL7, Guru mode is required because of the use of printk(): add -g to the stap command
#
# Author: Renaud Métrich <rmetrich@redhat.com>
#
# Run instructions:
# 	# yum -y install systemtap
# 	# stap-prep
# 	# stap -v <thiscript.stp>

probe signal.send {
	if (sig_name == "SIGTERM" || sig_name == "SIGKILL" || sig_name == "SIGINT") {
		printk(2 /* crit level */,
			sprintf("PID %ld ('%s') sent %s to PID %ld ('%s')",
				pid(), execname(), sig_name, sig_pid, pid_name)
		)
		msg = sprintf("%ld ('%s')", pid(), execname())
		ts = task_current()
		while ((ts->pid != 1) && (ts->pid != 0)) {
			ts = ts->parent
			msg .= sprintf(" -> %ld ('%s')", ts->pid, pid2execname(ts->pid))
		}
		printk(2, msg)
	}
}