normally the extension just connects to an already running osquery instance

I set the auto load property in the osquery flag file and point it to the extension run file full path.

It's unusual for the process to get restarted multiple times like that, can you reduce your extension code to something that can reproduce the error?

class MyTablePlugin(osquery.TablePlugin): def name(self): return "foobar2" def columns(self): return [ osquery.TableColumn(name="foo", type=osquery.STRING), osquery.TableColumn(name="baz", type=osquery.STRING), ] def query_table(self): try: # Spawn an osquery process using an ephemeral extension socket. instance = osquery.SpawnInstance() instance.open() # This may raise an exception # Issues queries and call osquery Thrift APIs. RESULTS = instance.client.query("SELECT name, path, pid FROM processes limit 2") if RESULTS.status.code != 0: print("Error running the query: %s" % RESULTS.status.message) sys.exit(1) for row in RESULTS.response: print("=" * 80) for key, val in row.items(): print("%s => %s" % (key, val)) if len(RESULTS.response) > 0: print("=" * 80) #instance.client. #osquery.s except Exception as err: print("Error " + str(err)) def generate(self, context): try: query_data = [] self.query_table() for _ in range(2): row = {} row["foo"] = "bar" row["baz"] = "baz" query_data.append(row) return query_data except Exception as err: print("Error " + str(err))