Today I had a colleague approach me about a oneliner I sent him many months ago, saying that it kept rebooting a server he was running it on.
It was little more than running
sar in a loop, extract some values and
run another command if certain thresholds were exceeded.
Hardly anything that you’d think would result in a reboot.
After whittling down the oneliner to the offending command, it turned out that
sar was the culprit.
Some further debugging revealed that sar merely spawns a process called
sadc, which does the actual heavy lifting.
In certain circumstances, if you send SIGINT (ctrl+c, for example) to sar, it
can exit before sadc has done its thing.
When that happens, sadc becomes an orphan, and /sbin/init being a good little init system, takes it under its wing and becomes its parent process.
sadc receives the SIGINT signal, it’s signal handler will pass it up to its parent process… You see
where this is going, right?
Yep, /sbin/init gets the signal, and does what it should do. Initiates a reboot.