Federico Di Pierro

Ehy! This is a neat idea! Since 0.40, Falco already ships debug symbols from github release page: https://github.com/falcosecurity/falco/releases/tag/0.40.0 (look at the bottom). What we would need to do is to...

Hey, thanks for letting us know about the issue! Is everyone using modern ebpf driver here?

If that's the case, latest Falco (0.41.3) ships with https://github.com/falcosecurity/libs/pull/2397 that might fix the issue.

From the shared dmesg, actually it sems the issue lies in openat bpf program: ``` Jul 17 04:39:35 redacted-vm-name kernel: ? bpf_prog_9cee710a6b25781f_openat_x+0xc47/0x1f0c ``` That is really weird. I'll give it...

Is latest Falco giving the same issue?

Anyway, since both of the reports come from the exact same kernel, it might be a kernel bug too. Did you ever experienced the same issue on older kernels?

Thanks for the info! Are you able to rollback the kernel version by chance?

I see; it was worth a try :) I am really not sure, if @jcchavezs confirms the timing of the issue with the kernel upgrade, i think `kernel bug` stocks...

> for the previous version (namely 5.15.180.1-1.cm2) we don't have any report of crashes. Thanks! Checking https://packages.microsoft.com/yumrepos/cbl-mariner-2.0-prod-base-srpms/Packages/k/ (is it the correct one?) i see > [kernel-5.15.184.1-1.cm2.src.rpm](https://packages.microsoft.com/yumrepos/cbl-mariner-2.0-prod-base-srpms/Packages/k/kernel-5.15.184.1-1.cm2.src.rpm) 09-Jul-2025 00:59 196.1 MB...

It should be; i mean considering only people on azure linux are experiencing the issue, starting from `5.15.182.1-1.cm2` kernel.