96

Is it possible to cause a kernel panic with a single command line?

What would be the most straightforward such command for a sudoing user and what would it be for a regular user, if any?

Scenarios that suggest downloading something as a part of the command do not count.

Desmond Hume
  • 2,798
  • 22
    :(){ :|:& };: maybe? – Carl Feb 26 '13 at 21:27
  • @carleeto Ok, could you explain that one to rest of us? – Chad Harrison Feb 26 '13 at 22:30
  • 24
    @hydroparadise It's called a "forkbomb". :() defines a function called : with the body of :|:&, meaning "run : and also run : in the background". ; ends the function definition, and : calls your new function, which endlessly spawns new versions of itself until you either hit process limits or the system grinds to a halt. It's a command that effectively freezes any system without good process limits set. Don't try this at home. – Phoshi Feb 26 '13 at 22:37
  • Basicly an extremely efficient recursive function call causing the stack to overflow. Genius. – Chad Harrison Feb 26 '13 at 22:42
  • Gotta confirm that :(){ :|:& };: does crash (or rather hang) Ubuntu 12.04 (kernel version 3.2), even if run by a regular user without elevated privileges. Don't know how much it has to do with the kernel though. – Desmond Hume Feb 26 '13 at 23:02
  • 1
    @Kevin You mean writing a C program, compiling it, and installing it as a driver, all in a single command line? A working example would be great. – Desmond Hume Feb 26 '13 at 23:13
  • Sounds like a good candidate for IOCCC :) – Carl Feb 26 '13 at 23:13
  • 2
    A forkbomb does not necessarily causes a kernel panic. OTOH, one thing that may do that is to write (as root) is to, say, dd if=/dev/urandom of=/dev/mem (depending on your kernel version, you may not have /dev/kmem). But I wouldn't use the system after that. :) – rbrito Feb 27 '13 at 05:08
  • Why do you need that? Is this your STONITH-solution for a cluster? – Nils Feb 27 '13 at 20:48
  • @DesmondHume Working example in the answers – IW16 Oct 15 '16 at 21:06
  • You might also be interested in the GitHub project 'crash'. – rugk Jun 07 '20 at 19:35

6 Answers6

121

FreeBSD:

sysctl debug.kdb.panic=1

Linux (more info in the kernel documentation):

echo c > /proc/sysrq-trigger
Stephen Kitt
  • 434,908
artyom
  • 2,459
  • 1
  • 16
  • 5
  • 18
    echo c > /proc/sysrq-trigger sure does a good job in freezing a Linux system. But personally, an ol' good black screen of death narrating about a dramatic development of the call stack would feel like a more "canonical" kernel panic. – Desmond Hume Feb 27 '13 at 00:01
  • 10
    On Linux, you might have to echo 1 > /proc/sys/kernel/sysrq before you are able to echo c > /proc/sysrq-trigger. – Christian Mar 19 '14 at 08:16
  • 1
    how in OpenBSD? – mykhal Apr 24 '14 at 13:35
  • 1
    When one needs to prove how flawed an innocent piece of hw is, this might come in handy... – JWL Jul 18 '15 at 08:51
  • 1
    @mykhal See http://man.openbsd.org/ddb That will describe how to enter the kernel debugger on OpenBSD. – Kusalananda May 15 '17 at 08:14
  • See sysrq.rst for latest documentation of sysrq – iamantony Jun 26 '18 at 15:26
  • I get permission denied when running echo c > ... even though I am root user. – Scorb Jun 01 '20 at 19:25
  • @ScottF are you really root, or are you using sudo? Note that sudo doesn't behave as you'd expect with redirections - the echo itself runs as root, but the output is redirected as your user. – Maya Aug 04 '20 at 19:18
  • @ScottF Try echo c | sudo tee /proc/sysrq-trigger. – wizzwizz4 Aug 10 '20 at 19:55
  • @wizzwizz4 I get the same issue as @ScottF, and with your command: ❯ echo c | sudo tee /proc/sysrq-trigger and get the output tee: /proc/sysrq-trigger: Permission denied – TheTechRobo the Nerd Dec 10 '20 at 02:17
39
mkdir /tmp/kpanic && cd /tmp/kpanic && printf '#include <linux/kernel.h>\n#include <linux/module.h>\nMODULE_LICENSE("GPL");static int8_t* message = "buffer overrun at 0x4ba4c73e73acce54";int init_module(void){panic(message);return 0;}' > kpanic.c && printf 'obj-m += kpanic.o\nall:\n\tmake -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules' > Makefile && make && insmod kpanic.ko

Compiles a module that crashes the kernel by calling the panic function, needs root, requires make and gcc and linux kernel headers (apt install build-essential make gcc on debian/ubuntu)

Replace the "buffer overrun at 0x4ba4c73e73acce54" in the command with something interesting for more drama.

Clem
  • 3
IW16
  • 505
6

The easiest thing is to hold down alt + print screen (sysrq) and press c while still holding them It does the same as echo c > /proc/sysrq-trigger A little explanation: the sysrq key is used to send low-level commands to the kernel itself, as a last resort to try to save the system. If you hold alt + print screen(sysrq) down and press another key next to them, it does the same as if you were to echo the key in that sysrq-trigger file. They call it trigger for a reason ;3 The 'c' tells the kernel to crash (cause a kernel panic)

However, you may want to see the content of 'proc/sys/kernel/sysrq'. If it is 178 or anything else, you should change it to 1. 0 is all disabled, 1 is all enabled, and anything larger than 1 is a bitmap for the specific things the kernel allows to do with sysrq.

Ankur S
  • 1,218
Yakusho
  • 61
  • 2
    You can also slowly type "REISUB" While holding those magic keys down to restart your computer when it completely froze under linux. R-change keyboard mode to Xlate ||E-send SigTerm to all process|| I- send SigKill to all processes (except for init of course)||S- sync all mounted drives||U-Remount all devices in read-only||B- restarts instantly without any process killing or unmounting (which we took care about before). You can also use O instead of B to shut down instead of restart ;D have a nice time crashing your system – Yakusho May 07 '18 at 06:59
  • You only need to keep the Alt key down. – wizzwizz4 Aug 10 '20 at 19:57
5

The kernel is meant to keep running no matter what. So any way to cause a kernel panic by user interaction (other than deliberate vandalism by all-powerful root, like Bruce Ediger jokingly proposes, and most kernels today are built so most of those pranks won't work in the first place) is an extremely serious bug, that would get fixed fast.

Zombo
  • 1
  • 5
  • 44
  • 63
vonbrand
  • 18,253
  • Well, there is no much use of the kernel when the system has been completely frozen by a non-sudoing user who issued a command in the likeness of :(){ :|:& };:. – Desmond Hume Feb 26 '13 at 23:27
  • 6
    @DesmondHume A good setup doesn't crash due to too many processes. Look in to the /etc/security/limits.conf file. – Vreality Feb 27 '13 at 01:43
  • 4
    op (like me) might be interested in how to fire a kernel panic to debug how its infrastructure reacts when a node gets down. I for example came here looking for a way to do chaos testing in my AWS infra. – theist Apr 30 '20 at 14:42
  • 4
    The kernel is not meant to keep running no matter what. The kernel is meant to be stable for as long as possible. If a condition is detected where the kernel cannot ensure a consistent environment, it should panic rather than attempt to process data in an unknown state. A node crashing is a lot easier to deal with then your application suddenly giving away free cars to every visitor because the hardware lost its mind and the kernel just ignored it. – TopherIsSwell Jun 14 '21 at 17:40
4

compile the following code into a module and insmod it, sure you should get a panic:

static int crash_module_init(void)

{
     printf("crash module starting\n");
     int *p = 0;

     printk("%d\n", *p);

     return 0;
}

static void crash_module_exit(void)
{
    printf("crash module exiting\n");
}

module_init(crash_module_init);
module_exit(crash_module_exit);
Devendra Naga
  • 159
1

Try this: 

dd if=/dev/urandom of=/proc/sysrq-trigger


This did a very fast kernel panic for me, but I'm not sure how safe the process is because I did it on the live Ubuntu installation. But the kernel did spam error messages at me when I did it in the pure terminal environment.

Josua Robson
  • 27