9

I'm facing a weird issue regarding sending signal 9 (SIGKILL) to the init process (PID 1). As you may know, SIGKILL can't be ignored via signal handlers. As I tried sending SIGKILL to init, I noticed that nothing was happening; init would not get terminated. Trying to figure out this behaviour, I decided to attach myself to the init process with strace too see more clearly what was happening. Now comes the weird part. If I'm "looking" at the init process with strace and send it SIGKILL, the system crashes.

My question is why is this happening? Why does the system crash when I look at the process and why does it not crash when I'm not? As I said, in both cases I send SIGKILL to init. Tested on CentOS 6.5, Debian 7 and Arch.

Improve this question
3
  • Without init, I don't think you have a functioning operating system. If you want to kill init, you could just as well shutdown/halt/poweroff. Commented Jan 9, 2014 at 21:33
  • 1
    Yes, you are right, but my "experiment" was out of pure curiosity. Commented Jan 9, 2014 at 21:34
  • You're right, it's kinda fun. Commented Jan 9, 2014 at 21:40

1 Answer 1

Reset to default
11

The Linux kernel deliberately forces a system crash if init terminates (see https://elixir.bootlin.com/linux/v3.12/source/kernel/exit.c#L501 and particularly the call to panic therein). Therefore, as a safeguard, the kernel will not deliver any fatal signal to init, and SIGKILL is not excepted (see https://elixir.bootlin.com/linux/v3.12/A/ident/SIGNAL_UNKILLABLE) (however, the code flow is convoluted enough that I'm not sure, but I suspect a kernel-generated SIGSEGV or similar would go through).

Applying ptrace(2) (the system call that strace uses) to process 1 apparently disables this protection. This could be said to be a bug in the kernel. I am insufficiently skilled at digging around in the code to find this bug.

I do not know if other Unix variants apply the same crash-on-exit semantics or signal protection to init. It would be reasonable to have the OS perform a clean shutdown or reboot, rather than a panic, if init terminates (at least, if it does so by calling _exit) but as far as I know, all modern Unix variants have a dedicated system call to request this, instead (reboot(2)).

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

BTW, On Debian 7, SIGSEGV doesn't crash the init. On Arch and CentOS, it does.
I'm afraid "Debian 7", "Arch", and "CentOS" all refer to such large bundles of diverse software of uncertain age that this is useless as a data point. Also, if you tried kill -SEGV 1, that tells you nothing about what happens for kernel-generated SIGSEGV, e.g. if init actually attempts to dereference an invalid pointer.
The second link got broken. And... I wonder what makes it specialcase PID 1 (default actions are not performed)?.. I posted my guess here.
@x-yuri Link corrected.
It seems like the only place where SIGNAL_UNKILLABLE is set is here, where a new process is created, and if pid == 1 SIGNAL_UNKILLABLE is set. Which supposedly confirms my guess. Or so it seems.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.