Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <86a3c093-b316-d3b4-fdb1-13fb1aa1c57f@gmail.com>
Date: Mon, 12 Nov 2018 18:27:13 +0100
From: Jiří Moravec <jim.lkml@...il.com>
To: lkrg-users@...ts.openwall.com
Subject: p_lkrg failed to start with error: 'KMOD error! Can't initialize
 global modules variable'

# modprobe p_lkrg p_init_log_level=4

ended with following output in dmesg:

Loading LKRG...
Inserting pid => 1034
Inserting pid => 2945
.... 1100 more similar messages ....
Inserting pid => 7125
Inserting pid => 7126
Planted [kretprobe] <__x64_sys_execve> at: 000000007f808d27
Planted [kretprobe] <__x64_sys_execveat> at: 00000000e2f87e98
Planted [kretprobe] <call_usermodehelper_exec_async> at: 000000006805112f
Planted [kretprobe] <_do_fork> at: 00000000bf71ee49
Planted [kretprobe] <do_exit> at: 000000002ed8b790
Planted [kretprobe] <__sys_setuid> at: 0000000051ced5cb
<Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
<Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
Planted [kretprobe] <__sys_setreuid> at: 00000000f04e3d12
Planted [kretprobe] <__sys_setresuid> at: 000000006a29f114
Planted [kretprobe] <__sys_setfsuid> at: 000000004b4672dd
Planted [kretprobe] <__sys_setgid> at: 00000000575e0351
Planted [kretprobe] <__sys_setregid> at: 000000009e4767b2
Planted [kretprobe] <__sys_setresgid> at: 000000009407577b
Planted [kretprobe] <__sys_setfsgid> at: 000000000248292d
Planted [kretprobe] <set_current_groups> at: 000000000f7a7ef6
Planted [kretprobe] <do_init_module> at: 000000003d70ad5f
Planted [kretprobe] <__x64_sys_delete_module> at: 00000000eb584be2
Planted [kretprobe] <generic_permission> at: 00000000041f359a
<Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
<Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
Planted [kretprobe] <do_seccomp> at: 00000000cf6e1df0
Planted [kretprobe] <ksys_unshare> at: 00000000ad807cea
Planted [kretprobe] <userns_install> at: 0000000002c1e2b4
Planted [kretprobe] <__x64_sys_capset> at: 000000002eb260e1
Planted [kretprobe] <cap_task_prctl> at: 00000000d313e37e
Planted [kretprobe] <key_change_session_keyring> at: 000000003fa5827f
<Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
<Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
Planted [kretprobe] <__x64_sys_add_key> at: 00000000af2132ab
<Exploit Detection> Can't find process[1 |init] in internal tracking list!
<Exploit Detection> Can't find process[1 |init] in internal tracking list!
<Exploit Detection> Can't find process[1 |init] in internal tracking list!
<Exploit Detection> Can't find process[1 |init] in internal tracking list!
Planted [kretprobe] <__x64_sys_request_key> at: 00000000ed4d4523
<Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
<Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
Inserting pid => 7134
<Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
<Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
<Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
<Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
<Exploit Detection> Can't find process[7135 |chrome] in internal tracking list!
<Exploit Detection> Error[-1] during process[7135 |chrome] iteration!
Inserting pid => 7135
<Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
<Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
<Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
<Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
Updating ED pid[7134]
Updating ED pid[7135]
Inserting pid => 7136
<Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
<Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
Updating ED pid[7136]
Planted [kretprobe] <__x64_sys_keyctl> at: 0000000076abcb9f
Planted [kretprobe] <__x64_sys_ptrace> at: 000000000c38d105
Planted [kretprobe] <__ia32_compat_sys_execve> at: 00000000ced89c71
Planted [kretprobe] <__ia32_compat_sys_execveat> at: 000000001460f1e5
Planted [kretprobe] <__ia32_compat_sys_keyctl> at: 00000000eab00aba
Planted [kretprobe] <__ia32_compat_sys_ptrace> at: 0000000071fb62a8
Planted [kretprobe] <__ia32_sys_delete_module> at: 0000000097ae06b0
<Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
<Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
<Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
<Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
Inserting pid => 7138
<Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
<Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
<Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
<Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
<Exploit Detection> Can't find process[7139 |chrome] in internal tracking list!
<Exploit Detection> Error[-1] during process[7139 |chrome] iteration!
Inserting pid => 7139
<Exploit Detection> Can't find process[7129 |syslog-ng] in internal tracking list!
<Exploit Detection> Error[-1] during process[7129 |syslog-ng] iteration!
Updating ED pid[7139]
Updating ED pid[7138]
Removing ED pid => 7126
Planted [kretprobe] <__ia32_sys_capset> at: 0000000015a75f35
Planted [kretprobe] <__ia32_sys_add_key> at: 00000000cb669968
Planted [kretprobe] <__ia32_sys_request_key> at: 00000000b4693613
Planted [kretprobe] <override_creds> at: 000000006864bef0
Planted [kretprobe] <revert_creds> at: 00000000acb66d2b

.... and now this error is coming: ....

KMOD error! Can't initialize global modules variable :( Exiting...
Can't initialize kernel modules handling! Exiting...

.... and then messages just continue:

Removing [kretprobe] <call_usermodehelper_exec_async> at 0x000000006805112f nmissed[0]
Removing [kretprobe] <_do_fork> at 0x00000000bf71ee49 nmissed[0]
Removing ED pid => 7116
Removing ED pid => 7117
Removing ED pid => 7118
Removing [kretprobe] <do_exit> at 0x000000002ed8b790 nmissed[0]
Removing [kretprobe] <__sys_setuid> at 0x0000000051ced5cb nmissed[0]
Removing [kretprobe] <__sys_setreuid> at 0x00000000f04e3d12 nmissed[0]
Removing [kretprobe] <__sys_setresuid> at 0x000000006a29f114 nmissed[0]
Removing [kretprobe] <__sys_setfsuid> at 0x000000004b4672dd nmissed[0]
Removing [kretprobe] <__sys_setgid> at 0x00000000575e0351 nmissed[0]
Removing [kretprobe] <__sys_setregid> at 0x000000009e4767b2 nmissed[0]
Removing [kretprobe] <__sys_setresgid> at 0x000000009407577b nmissed[0]
Removing [kretprobe] <__sys_setfsgid> at 0x000000000248292d nmissed[0]
Removing [kretprobe] <set_current_groups> at 0x000000000f7a7ef6 nmissed[0]
<Exploit Detection> Can't find process[7141 |bash] in internal tracking list!
<Exploit Detection> Can't find process[7140 |bash] in internal tracking list!
....
<Exploit Detection> Can't find process[7141 |less] in internal tracking list!
<Exploit Detection> Can't find process[7141 |less] in internal tracking list!
Removing [kretprobe] <do_init_module> at 0x000000003d70ad5f nmissed[0]
Removing [kretprobe] <__x64_sys_delete_module> at 0x00000000eb584be2 nmissed[0]
Removing [kretprobe] <generic_permission> at 0x00000000041f359a nmissed[0]
Removing [kretprobe] <do_seccomp> at 0x00000000cf6e1df0 nmissed[0]
Removing [kretprobe] <ksys_unshare> at 0x00000000ad807cea nmissed[0]
Removing [kretprobe] <userns_install> at 0x0000000002c1e2b4 nmissed[0]
Removing [kretprobe] <__x64_sys_capset> at 0x000000002eb260e1 nmissed[0]
Removing [kretprobe] <cap_task_prctl> at 0x00000000d313e37e nmissed[0]
Removing [kretprobe] <key_change_session_keyring> at 0x000000003fa5827f nmissed[0]
Removing [kretprobe] <__x64_sys_add_key> at 0x00000000af2132ab nmissed[0]
Removing [kretprobe] <__x64_sys_request_key> at 0x00000000ed4d4523 nmissed[0]
Removing [kretprobe] <__x64_sys_keyctl> at 0x0000000076abcb9f nmissed[0]
Removing [kretprobe] <__x64_sys_ptrace> at 0x000000000c38d105 nmissed[0]
Removing [kretprobe] <__ia32_compat_sys_execve> at 0x00000000ced89c71 nmissed[0]
Removing [kretprobe] <__ia32_compat_sys_execveat> at 0x000000001460f1e5 nmissed[0]
Removing [kretprobe] <__ia32_compat_sys_keyctl> at 0x00000000eab00aba nmissed[0]
Removing [kretprobe] <__ia32_compat_sys_ptrace> at 0x0000000071fb62a8 nmissed[0]
Removing [kretprobe] <__ia32_sys_delete_module> at 0x0000000097ae06b0 nmissed[0]
Removing [kretprobe] <__ia32_sys_capset> at 0x0000000015a75f35 nmissed[0]
Removing [kretprobe] <__ia32_sys_add_key> at 0x00000000cb669968 nmissed[0]
Removing [kretprobe] <__ia32_sys_request_key> at 0x00000000b4693613 nmissed[0]
Removing [kretprobe] <override_creds> at 0x000000006864bef0 nmissed[0]
Removing [kretprobe] <revert_creds> at 0x00000000acb66d2b nmissed[0]
Deleting ED PID => 1034
Deleting ED PID => 2945
....
Deleting ED PID => 7138
Deleting ED PID => 7139
kmem_cache "p_ed_pids" destroyed!
.... EOF ....


After that, following message appeared on command line:

modprobe: ERROR: could not insert 'p_lkrg': Network is unreachable


So, what actually happened?
Thanks for response...
JiM


PS:
x86_64 gentoo with kernel 4.19.1 + some extensions and gcc-8.2.0

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.