From 1f38612a301dd4249670052fb3a479384a5f5404 Mon Sep 17 00:00:00 2001
From: Jose Donizetti <jdbjunior@gmail.com>
Date: Mon, 12 Jun 2023 08:29:37 -0300
Subject: [PATCH] tracee: fix panic when ctrl-c after the boot

---
 pkg/ebpf/events_enrich.go    | 9 +++++++++
 pkg/ebpf/events_pipeline.go  | 8 ++++++++
 pkg/ebpf/signature_engine.go | 4 ++++
 3 files changed, 21 insertions(+)

diff --git a/pkg/ebpf/events_enrich.go b/pkg/ebpf/events_enrich.go
index febbbb6ffe73..7d300b4a681c 100644
--- a/pkg/ebpf/events_enrich.go
+++ b/pkg/ebpf/events_enrich.go
@@ -76,6 +76,10 @@ func (t *Tracee) enrichContainerEvents(ctx gocontext.Context, in <-chan *trace.E
 		for { // enqueue events
 			select {
 			case event := <-in:
+				if event == nil {
+					continue // might happen during initialization (ctrl+c seg faults)
+				}
+
 				eventID := events.ID(event.EventID)
 				// send out irrelevant events (non container or already enriched), don't skip the cgroup lifecycle events
 				if (event.Container.ID == "" || event.Container.Name != "") && eventID != events.CgroupMkdir && eventID != events.CgroupRmdir {
@@ -130,6 +134,11 @@ func (t *Tracee) enrichContainerEvents(ctx gocontext.Context, in <-chan *trace.E
 					// de-queue event if queue is enriched
 					if _, ok := queues[cgroupId]; ok {
 						event := <-queues[cgroupId]
+
+						if event == nil {
+							continue // might happen during initialization (ctrl+c seg faults)
+						}
+
 						eventID := events.ID(event.EventID)
 						// check if not enriched, and only enrich regular non cgroup related events
 						if event.Container.Name == "" && eventID != events.CgroupMkdir && eventID != events.CgroupRmdir {
diff --git a/pkg/ebpf/events_pipeline.go b/pkg/ebpf/events_pipeline.go
index 27cb94a40f65..14eef66eedcd 100644
--- a/pkg/ebpf/events_pipeline.go
+++ b/pkg/ebpf/events_pipeline.go
@@ -420,6 +420,10 @@ func (t *Tracee) processEvents(ctx context.Context, in <-chan *trace.Event) (
 		defer close(errc)
 
 		for event := range in { // For each received event...
+			if event == nil {
+				continue // might happen during initialization (ctrl+c seg faults)
+			}
+
 			// Go through event processors if needed
 			errs := t.processEvent(event)
 			if len(errs) > 0 {
@@ -541,6 +545,10 @@ func (t *Tracee) sinkEvents(ctx context.Context, in <-chan *trace.Event) <-chan
 		defer close(errc)
 
 		for event := range in {
+			if event == nil {
+				continue // might happen during initialization (ctrl+c seg faults)
+			}
+
 			// Only emit events requested by the user and matched by at least one policy.
 			id := events.ID(event.EventID)
 			event.MatchedPoliciesUser &= t.events[id].emit
diff --git a/pkg/ebpf/signature_engine.go b/pkg/ebpf/signature_engine.go
index d578608db196..d3a89af42f00 100644
--- a/pkg/ebpf/signature_engine.go
+++ b/pkg/ebpf/signature_engine.go
@@ -86,6 +86,10 @@ func (t *Tracee) engineEvents(ctx context.Context, in <-chan *trace.Event) (<-ch
 		for {
 			select {
 			case finding := <-engineOutput:
+				if finding.Event.Payload == nil {
+					continue // might happen during initialization (ctrl+c seg faults)
+				}
+
 				event, err := FindingToEvent(finding)
 				if err != nil {
 					t.handleError(err)