Package: sysdig Version: 0.13.0-2 Severity: important Dear Maintainer,
I've started sysdig with this filter on some remote machine: `sysdig "evt.category=file and evt.args contains .ttf"` And it hanged after few seconds. I've reproduced this (though kern.log has only junk) on my local laptop running same Debian release and kernel by running command and closing Firefox browser. Had to do cold reset. This is from kern.log: ``` Dec 9 15:27:47 dl380 kernel: [267690.770499] sysdig_probe: starting capture Dec 9 15:27:50 dl380 kernel: [267692.915596] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 Dec 9 15:27:50 dl380 kernel: [267692.915728] IP: [<ffffffffc08e8f59>] record_event_consumer.part.4+0x289/0x870 [sysdig_probe] Dec 9 15:27:50 dl380 kernel: [267692.915861] PGD 0 Dec 9 15:27:50 dl380 kernel: [267692.915891] Dec 9 15:27:50 dl380 kernel: [267692.916061] Oops: 0000 [#1] SMP Dec 9 15:27:50 dl380 kernel: [267692.916112] Modules linked in: sysdig_probe(O) nf_conntrack_netlink nf_conntrack nfnetlink udp_diag binfmt_misc tcp_diag inet_diag xt_multiport iptable_filter intel_powerclamp kvm_intel kvm iTCO_wdt iTCO_vendor_support amdkfd irqbypass radeon evdev intel_cstate ttm intel_uncore drm_kms_helper serio_raw pcspkr hpilo drm sg hpwdt i2c_algo_bit button i7core_edac ipmi_si ipmi_msghandler edac_core lpc_ich acpi_power_meter mfd_core shpchp pcc_cpufreq coretemp ip_tables x_tables autofs4 ext4 crc16 jbd2 crc32c_generic fscrypto ecb glue_helper lrw gf128mul ablk_helper cryptd aes_x86_64 mbcache sr_mod cdrom ata_generic hid_generic usbhid hid dm_mod sd_mod crc32c_intel psmouse ata_piix ehci_pci uhci_hcd libata mptspi ehci_hcd scsi_transport_spi mptscsih hpsa usbcore mptbase usb_common scsi_transport_sas bnx2 Dec 9 15:27:50 dl380 kernel: [267692.917532] scsi_mod thermal Dec 9 15:27:50 dl380 kernel: [267692.917569] CPU: 10 PID: 26919 Comm: tail Tainted: G IO 4.9.0-11-amd64 #1 Debian 4.9.189-3+deb9u2 Dec 9 15:27:50 dl380 kernel: [267692.917713] Hardware name: HP ProLiant DL380 G6, BIOS P62 08/16/2010 Dec 9 15:27:50 dl380 kernel: [267692.917846] task: ffff88e1cd950ec0 task.stack: ffffb54cc88d0000 Dec 9 15:27:50 dl380 kernel: [267692.917934] RIP: 0010:[<ffffffffc08e8f59>] [<ffffffffc08e8f59>] record_event_consumer.part.4+0x289/0x870 [sysdig_probe] Dec 9 15:27:50 dl380 kernel: [267692.918099] RSP: 0018:ffffb54cc88d3bc8 EFLAGS: 00010046 Dec 9 15:27:50 dl380 kernel: [267692.918177] RAX: 0000000000000000 RBX: ffffd549b3d51950 RCX: ffffb54cc88d3d60 Dec 9 15:27:50 dl380 kernel: [267692.918282] RDX: ffffb54cd03ec592 RSI: 00000000000000e8 RDI: 0000000000001592 Dec 9 15:27:50 dl380 kernel: [267692.918386] RBP: ffffb54cc88d3d00 R08: ffffb54cc337d000 R09: 00000000000000e8 Dec 9 15:27:50 dl380 kernel: [267692.918491] R10: ffffb54cc88d3d10 R11: 00000000007fff97 R12: 0000000000000000 Dec 9 15:27:50 dl380 kernel: [267692.918595] R13: ffffb54cc3149000 R14: 00000000007fff81 R15: 0000000000001592 Dec 9 15:27:50 dl380 kernel: [267692.918701] FS: 00007fd2f2be0480(0000) GS:ffff88ded3b40000(0000) knlGS:0000000000000000Dec 9 15:32:59 dl380 kernel: [ 0.000000] microcode: microcode updated early to revision 0x1d, date = 2018-05-11 ``` -- System Information: Debian Release: 9.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-11-amd64 (SMP w/4 CPU cores) Locale: LANG=lt_LT.UTF-8, LC_CTYPE=lt_LT.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages sysdig depends on: ii libb64-0d 1.2-3+b1 ii libc6 2.24-11+deb9u4 ii libcurl3 7.52.1-5+deb9u9 ii libgcc1 1:6.3.0-18+deb9u1 ii libjq1 1.5+dfsg-1.3 ii libjsoncpp1 1.7.4-3 ii libluajit-5.1-2 2.0.4+dfsg-1+b1 ii libncurses5 6.0+20161126-1+deb9u2 ii libssl1.1 1.1.0l-1~deb9u1 ii libstdc++6 6.3.0-18+deb9u1 ii libtinfo5 6.0+20161126-1+deb9u2 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages sysdig recommends: ii sysdig-dkms 0.13.0-2 sysdig suggests no packages. -- no debconf information
