[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 5 Dec 2020 18:06:39 +0100
From: Adam Zabrocki <pi3@....com.pl>
To: lkrg-users@...ts.openwall.com
Subject: Re: p_lkrg] <Exploit Detection> Trying to kill
process[ThreadPoolSingl | 2170]!
Hi,
Thanks for the report. I've just pushed fix for it. Can you verify if it helps?
Thanks,
Adam
On Fri, Dec 04, 2020 at 02:26:01AM +0100, Jacek wrote:
> LKRG Commit:
>
> # root ~> git log |head -n20
> commit 47804120c371aa7673b47d9c34ecfe19026a3c52
> Author: Adam_pi3 <pi3@....com.pl>
> Date: Thu Dec 3 15:07:40 2020 -0500
>
> Fix a gentle bug when compiled with P_LKRG_TASK_OFF_DEBUG
>
> P_LKRG_TASK_OFF_DEBUG introduces extra lines of code which was not taken
> into account for seccomp() and namespace API. This commit fixes it.
> Additionally, we are adding extra information in case of corruption
> (dump_stack()).
>
> commit d051bc28026729f50b2a38051d55e47e60db4e04
> Author: Adam_pi3 <pi3@....com.pl>
> Date: Tue Dec 1 16:47:19 2020 -0500
>
> Fix debug task logic for seccomp
>
> Track child in case of SECCOMP_FILTER_FLAG_TSYNC flag
>
> commit 24f4156516b839da1c025639ac4a9bae7bdf3747
> Author: Adam_pi3 <pi3@....com.pl>
> Date: Sun Nov 29 20:47:47 2020 -0500
>
> After this commit Firefox works fine. :0
>
> Akregator (KDE Akregator uses chromium based Qtwebengine library):
>
> LKRG in dmesg:
>
> [75020.719634] [p_lkrg] <Exploit Detection> ON process[2578 |
> Chrome_IOThread] has corrupted 'off' flag!
> [75020.719636] [p_lkrg] 'off' flag[0x7cbc69aae8aa39a] (normalization via
> 0x3e5e34d574551cd)
> [75020.719637] [p_lkrg] OFF debug: normalization[0x3e5e34d574551cd]
> cookie[0x3d5fe5bf6d05cd89]
> [75020.719638] [p_lkrg] Process[2578 | Chrome_IOThread] Parent[1 | init] has
> [7] entries:
> [75020.719639] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF]
> old_off[0x3e5e34d574551cd] debug_val[1]
> [75020.719639] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON]
> old_off[0x7cbc69aae8aa39a] debug_val[0]
> [75020.719640] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> OFF] old_off[0x3e5e34d574551cd] debug_val[1]
> [75020.719641] [p_lkrg] Stack trace:
> [75020.719649] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> [75020.719653] pre_handler_kretprobe+0xaa/0x1b0
> [75020.719654] opt_pre_handler+0x47/0x80
> [75020.719656] optimized_callback+0xbc/0xe0
> [75020.719657] 0xffffffffc040130e
> [75020.719657] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> old_off[0x7cbc69aae8aa39a] debug_val[0]
> [75020.719658] [p_lkrg] Stack trace:
> [75020.719661] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> [75020.719663] pre_handler_kretprobe+0xaa/0x1b0
> [75020.719664] opt_pre_handler+0x47/0x80
> [75020.719665] optimized_callback+0xbc/0xe0
> [75020.719666] 0xffffffffc0401388
> [75020.719666] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> OFF] old_off[0x3e5e34d574551cd] debug_val[1]
> [75020.719667] [p_lkrg] Stack trace:
> [75020.719670] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> [75020.719671] pre_handler_kretprobe+0xaa/0x1b0
> [75020.719673] opt_pre_handler+0x47/0x80
> [75020.719674] optimized_callback+0xbc/0xe0
> [75020.719674] 0xffffffffc040130e
> [75020.719675] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> old_off[0x7cbc69aae8aa39a] debug_val[0]
> [75020.719675] [p_lkrg] Stack trace:
> [75020.719678] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> [75020.719680] pre_handler_kretprobe+0xaa/0x1b0
> [75020.719681] opt_pre_handler+0x47/0x80
> [75020.719682] optimized_callback+0xbc/0xe0
> [75020.719682] 0xffffffffc0401388
> [75020.719683] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> OFF] old_off[0x3e5e34d574551cd] debug_val[1]
> [75020.719683] [p_lkrg] Stack trace:
> [75020.719686] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> [75020.719688] pre_handler_kretprobe+0xaa/0x1b0
> [75020.719689] opt_pre_handler+0x47/0x80
> [75020.719690] optimized_callback+0xbc/0xe0
> [75020.719690] 0xffffffffc040130e
> [75020.719692] CPU: 1 PID: 2578 Comm: ThreadPoolSingl Tainted: G C
> O T 5.9.12-g1 #1
> [75020.719692] Hardware name: Gigabyte Technology Co., Ltd.
> Z97-D3H/Z97-D3H-CF, BIOS F9 09/18/2015
> [75020.719693] Call Trace:
> [75020.719696] dump_stack+0x57/0x6a
> [75020.719701] p_ed_is_off_off.part.0+0x3e/0x53 [p_lkrg]
> [75020.719705] p_security_ptrace_access_entry+0x5b/0x90 [p_lkrg]
> [75020.719707] pre_handler_kretprobe+0xaa/0x1b0
> [75020.719708] opt_pre_handler+0x47/0x80
> [75020.719709] optimized_callback+0xbc/0xe0
> [75020.719710] 0xffffffffc0401758
> [75020.719714] ? security_ptrace_access_check+0x1/0x50
> [75020.719716] ? ptrace_may_access+0x25/0x40
> [75020.719719] ? proc_pid_permission+0x3f/0xb0
> [75020.719721] ? inode_permission+0xc7/0x160
> [75020.719723] ? link_path_walk+0x23b/0x3b0
> [75020.719724] ? path_lookupat.isra.0+0x72/0x140
> [75020.719726] ? filename_lookup+0xc1/0x1a0
> [75020.719729] ? do_faccessat+0x89/0x2a0
> [75020.719732] ? do_syscall_64+0x33/0x40
> [75020.719734] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
> [75020.719735] [p_lkrg] <Exploit Detection> Trying to kill
> process[ThreadPoolSingl | 2578]!
>
> W dniu 03.12.2020 o 21:13, Adam Zabrocki pisze:
> > Thanks!
> >
> > I've introduced a very gentle bug for namespace and seccomp() API when compiled
> > wwith P_LKRG_TASK_OFF_DEBUG (it does not exist with normal compilation). That's
> > why you started to see more bugs - very sorry about that ;/
> >
> > I've just pushed fixes for that specific issue. Would you be able to update
> > LKRG code-base and re-run it with P_LKRG_TASK_OFF_DEBUG again? If there is
> > going to be next FP, it should be real ;p
> >
> > Thanks,
> > Adam
> >
> > On Thu, Dec 03, 2020 at 08:43:59AM +0100, Jacek wrote:
> > > OK, LKRG
> > >
> > > P_LKRG_TASK_OFF_DEBUG
> > >
> > > log:
> > >
> > >
> > > [17733.791399] [p_lkrg] Loading LKRG...
> > > [17733.791408] [p_lkrg] System does NOT support SMAP. LKRG can't enforce
> > > SMAP validation :(
> > > [17733.816444] Freezing user space processes ... (elapsed 0.033 seconds)
> > > done.
> > > [17733.849497] OOM killer disabled.
> > > [17737.475672] [p_lkrg] [kretprobe] register_kretprobe() for
> > > <ttwu_do_wakeup> failed! [err=-22]
> > > [17737.475675] [p_lkrg] Trying to find ISRA / CONSTPROP name for
> > > <ttwu_do_wakeup>
> > > [17737.482067] [p_lkrg] Found ISRA version of function
> > > <ttwu_do_wakeup.isra.0>
> > > [17737.595461] [p_lkrg] ISRA / CONSTPROP version was found and hook was
> > > planted at <ttwu_do_wakeup.isra.0>
> > > [17738.042763] [p_lkrg] LKRG initialized successfully!
> > > [17738.042764] OOM killer enabled.
> > > [17738.042764] Restarting tasks ... done.
> > > [17753.483746] [p_lkrg] <Exploit Detection> ON process[4072 |
> > > QtWebEngineProc] has corrupted 'off' flag!
> > > [17753.483747] [p_lkrg] 'off' flag[0x0] (normalization via
> > > 0x3a3d5b3e3034f5b)
> > > [17753.483748] [p_lkrg] OFF debug: normalization[0x3a3d5b3e3034f5b]
> > > cookie[0x69470f9547639fd1]
> > > [17753.483749] [p_lkrg] Process[4072 | QtWebEngineProc] Parent[3992 |
> > > akregator] has [76] entries:
> > > [17753.483749] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF]
> > > old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483750] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483751] [p_lkrg] => caller[p_sys_execve_entry] action[OFF]
> > > old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483751] [p_lkrg] => caller[p_sys_execve_ret] action[RESET]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483752] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483752] [p_lkrg] Stack trace:
> > > [17753.483759] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483763] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483764] opt_pre_handler+0x47/0x80
> > > [17753.483766] optimized_callback+0xbc/0xe0
> > > [17753.483766] 0xffffffffc044f30e
> > > [17753.483767] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483767] [p_lkrg] Stack trace:
> > > [17753.483771] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.483772] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483773] opt_pre_handler+0x47/0x80
> > > [17753.483774] optimized_callback+0xbc/0xe0
> > > [17753.483774] 0xffffffffc044f388
> > > [17753.483775] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF]
> > > old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483775] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483776] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483776] [p_lkrg] Stack trace:
> > > [17753.483779] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483781] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483782] opt_pre_handler+0x47/0x80
> > > [17753.483782] optimized_callback+0xbc/0xe0
> > > [17753.483783] 0xffffffffc044f30e
> > > [17753.483783] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483784] [p_lkrg] Stack trace:
> > > [17753.483787] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.483788] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483789] opt_pre_handler+0x47/0x80
> > > [17753.483790] optimized_callback+0xbc/0xe0
> > > [17753.483790] 0xffffffffc044f388
> > > [17753.483791] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483791] [p_lkrg] Stack trace:
> > > [17753.483794] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483795] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483796] opt_pre_handler+0x47/0x80
> > > [17753.483797] optimized_callback+0xbc/0xe0
> > > [17753.483798] 0xffffffffc044f30e
> > > [17753.483798] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483798] [p_lkrg] Stack trace:
> > > [17753.483801] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.483803] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483804] opt_pre_handler+0x47/0x80
> > > [17753.483804] optimized_callback+0xbc/0xe0
> > > [17753.483805] 0xffffffffc044f388
> > > [17753.483805] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483806] [p_lkrg] Stack trace:
> > > [17753.483809] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483810] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483811] opt_pre_handler+0x47/0x80
> > > [17753.483812] optimized_callback+0xbc/0xe0
> > > [17753.483812] 0xffffffffc044f30e
> > > [17753.483813] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483813] [p_lkrg] Stack trace:
> > > [17753.483816] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.483817] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483818] opt_pre_handler+0x47/0x80
> > > [17753.483819] optimized_callback+0xbc/0xe0
> > > [17753.483819] 0xffffffffc044f388
> > > [17753.483820] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483820] [p_lkrg] Stack trace:
> > > [17753.483823] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483824] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483825] opt_pre_handler+0x47/0x80
> > > [17753.483826] optimized_callback+0xbc/0xe0
> > > [17753.483826] 0xffffffffc044f30e
> > > [17753.483827] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483827] [p_lkrg] Stack trace:
> > > [17753.483830] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.483831] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483832] opt_pre_handler+0x47/0x80
> > > [17753.483833] optimized_callback+0xbc/0xe0
> > > [17753.483834] 0xffffffffc044f388
> > > [17753.483834] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483834] [p_lkrg] Stack trace:
> > > [17753.483837] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483838] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483840] opt_pre_handler+0x47/0x80
> > > [17753.483840] optimized_callback+0xbc/0xe0
> > > [17753.483841] 0xffffffffc044f30e
> > > [17753.483841] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483841] [p_lkrg] Stack trace:
> > > [17753.483844] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.483846] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483847] opt_pre_handler+0x47/0x80
> > > [17753.483847] optimized_callback+0xbc/0xe0
> > > [17753.483848] 0xffffffffc044f388
> > > [17753.483848] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483849] [p_lkrg] Stack trace:
> > > [17753.483851] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483853] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483854] opt_pre_handler+0x47/0x80
> > > [17753.483855] optimized_callback+0xbc/0xe0
> > > [17753.483855] 0xffffffffc044f30e
> > > [17753.483855] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483856] [p_lkrg] Stack trace:
> > > [17753.483859] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.483860] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483861] opt_pre_handler+0x47/0x80
> > > [17753.483862] optimized_callback+0xbc/0xe0
> > > [17753.483862] 0xffffffffc044f388
> > > [17753.483863] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483863] [p_lkrg] Stack trace:
> > > [17753.483866] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483867] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483868] opt_pre_handler+0x47/0x80
> > > [17753.483869] optimized_callback+0xbc/0xe0
> > > [17753.483869] 0xffffffffc044f30e
> > > [17753.483870] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483870] [p_lkrg] Stack trace:
> > > [17753.483873] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.483874] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483875] opt_pre_handler+0x47/0x80
> > > [17753.483876] optimized_callback+0xbc/0xe0
> > > [17753.483877] 0xffffffffc044f388
> > > [17753.483877] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483877] [p_lkrg] Stack trace:
> > > [17753.483880] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483881] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483882] opt_pre_handler+0x47/0x80
> > > [17753.483883] optimized_callback+0xbc/0xe0
> > > [17753.483884] 0xffffffffc044f30e
> > > [17753.483884] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483884] [p_lkrg] Stack trace:
> > > [17753.483887] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.483888] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483890] opt_pre_handler+0x47/0x80
> > > [17753.483890] optimized_callback+0xbc/0xe0
> > > [17753.483891] 0xffffffffc044f388
> > > [17753.483891] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483891] [p_lkrg] Stack trace:
> > > [17753.483894] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483896] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483897] opt_pre_handler+0x47/0x80
> > > [17753.483897] optimized_callback+0xbc/0xe0
> > > [17753.483898] 0xffffffffc044f30e
> > > [17753.483898] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483899] [p_lkrg] Stack trace:
> > > [17753.483902] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.483903] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483904] opt_pre_handler+0x47/0x80
> > > [17753.483905] optimized_callback+0xbc/0xe0
> > > [17753.483905] 0xffffffffc044f388
> > > [17753.483906] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483906] [p_lkrg] Stack trace:
> > > [17753.483909] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483910] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483911] opt_pre_handler+0x47/0x80
> > > [17753.483912] optimized_callback+0xbc/0xe0
> > > [17753.483912] 0xffffffffc044f30e
> > > [17753.483913] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483913] [p_lkrg] Stack trace:
> > > [17753.483916] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.483917] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483918] opt_pre_handler+0x47/0x80
> > > [17753.483919] optimized_callback+0xbc/0xe0
> > > [17753.483919] 0xffffffffc044f388
> > > [17753.483920] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483920] [p_lkrg] Stack trace:
> > > [17753.483923] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483924] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483925] opt_pre_handler+0x47/0x80
> > > [17753.483926] optimized_callback+0xbc/0xe0
> > > [17753.483927] 0xffffffffc044f30e
> > > [17753.483927] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483927] [p_lkrg] Stack trace:
> > > [17753.483930] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.483932] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483933] opt_pre_handler+0x47/0x80
> > > [17753.483933] optimized_callback+0xbc/0xe0
> > > [17753.483934] 0xffffffffc044f388
> > > [17753.483934] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483935] [p_lkrg] Stack trace:
> > > [17753.483937] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483939] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483940] opt_pre_handler+0x47/0x80
> > > [17753.483940] optimized_callback+0xbc/0xe0
> > > [17753.483941] 0xffffffffc044f30e
> > > [17753.483941] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483942] [p_lkrg] Stack trace:
> > > [17753.483945] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.483946] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483947] opt_pre_handler+0x47/0x80
> > > [17753.483948] optimized_callback+0xbc/0xe0
> > > [17753.483948] 0xffffffffc044f388
> > > [17753.483949] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483949] [p_lkrg] Stack trace:
> > > [17753.483952] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483953] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483954] opt_pre_handler+0x47/0x80
> > > [17753.483955] optimized_callback+0xbc/0xe0
> > > [17753.483955] 0xffffffffc044f30e
> > > [17753.483956] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483956] [p_lkrg] Stack trace:
> > > [17753.483959] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.483960] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483961] opt_pre_handler+0x47/0x80
> > > [17753.483962] optimized_callback+0xbc/0xe0
> > > [17753.483962] 0xffffffffc044f388
> > > [17753.483963] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483963] [p_lkrg] Stack trace:
> > > [17753.483966] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483967] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483968] opt_pre_handler+0x47/0x80
> > > [17753.483979] optimized_callback+0xbc/0xe0
> > > [17753.483980] 0xffffffffc044f30e
> > > [17753.483980] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483980] [p_lkrg] Stack trace:
> > > [17753.483983] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.483985] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483986] opt_pre_handler+0x47/0x80
> > > [17753.483987] optimized_callback+0xbc/0xe0
> > > [17753.483987] 0xffffffffc044f388
> > > [17753.483988] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.483988] [p_lkrg] Stack trace:
> > > [17753.483991] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.483992] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.483994] opt_pre_handler+0x47/0x80
> > > [17753.483994] optimized_callback+0xbc/0xe0
> > > [17753.483995] 0xffffffffc044f30e
> > > [17753.483995] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.483996] [p_lkrg] Stack trace:
> > > [17753.483999] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484000] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484001] opt_pre_handler+0x47/0x80
> > > [17753.484002] optimized_callback+0xbc/0xe0
> > > [17753.484011] 0xffffffffc044f388
> > > [17753.484012] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484012] [p_lkrg] Stack trace:
> > > [17753.484015] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484016] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484017] opt_pre_handler+0x47/0x80
> > > [17753.484018] optimized_callback+0xbc/0xe0
> > > [17753.484019] 0xffffffffc044f30e
> > > [17753.484019] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484019] [p_lkrg] Stack trace:
> > > [17753.484022] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484023] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484025] opt_pre_handler+0x47/0x80
> > > [17753.484025] optimized_callback+0xbc/0xe0
> > > [17753.484026] 0xffffffffc044f388
> > > [17753.484026] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484027] [p_lkrg] Stack trace:
> > > [17753.484029] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484031] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484032] opt_pre_handler+0x47/0x80
> > > [17753.484033] optimized_callback+0xbc/0xe0
> > > [17753.484033] 0xffffffffc044f30e
> > > [17753.484033] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484034] [p_lkrg] Stack trace:
> > > [17753.484036] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484038] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484039] opt_pre_handler+0x47/0x80
> > > [17753.484040] optimized_callback+0xbc/0xe0
> > > [17753.484040] 0xffffffffc044f388
> > > [17753.484040] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484041] [p_lkrg] Stack trace:
> > > [17753.484044] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484045] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484046] opt_pre_handler+0x47/0x80
> > > [17753.484047] optimized_callback+0xbc/0xe0
> > > [17753.484047] 0xffffffffc044f30e
> > > [17753.484048] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484048] [p_lkrg] Stack trace:
> > > [17753.484051] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484052] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484053] opt_pre_handler+0x47/0x80
> > > [17753.484054] optimized_callback+0xbc/0xe0
> > > [17753.484054] 0xffffffffc044f388
> > > [17753.484055] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484055] [p_lkrg] Stack trace:
> > > [17753.484058] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484059] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484060] opt_pre_handler+0x47/0x80
> > > [17753.484061] optimized_callback+0xbc/0xe0
> > > [17753.484061] 0xffffffffc044f30e
> > > [17753.484062] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484062] [p_lkrg] Stack trace:
> > > [17753.484065] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484066] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484067] opt_pre_handler+0x47/0x80
> > > [17753.484068] optimized_callback+0xbc/0xe0
> > > [17753.484068] 0xffffffffc044f388
> > > [17753.484069] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484069] [p_lkrg] Stack trace:
> > > [17753.484072] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484073] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484074] opt_pre_handler+0x47/0x80
> > > [17753.484075] optimized_callback+0xbc/0xe0
> > > [17753.484076] 0xffffffffc044f30e
> > > [17753.484076] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484076] [p_lkrg] Stack trace:
> > > [17753.484079] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484080] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484081] opt_pre_handler+0x47/0x80
> > > [17753.484082] optimized_callback+0xbc/0xe0
> > > [17753.484083] 0xffffffffc044f388
> > > [17753.484083] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484083] [p_lkrg] Stack trace:
> > > [17753.484086] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484087] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484088] opt_pre_handler+0x47/0x80
> > > [17753.484089] optimized_callback+0xbc/0xe0
> > > [17753.484090] 0xffffffffc044f30e
> > > [17753.484090] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484090] [p_lkrg] Stack trace:
> > > [17753.484093] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484094] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484095] opt_pre_handler+0x47/0x80
> > > [17753.484096] optimized_callback+0xbc/0xe0
> > > [17753.484097] 0xffffffffc044f388
> > > [17753.484097] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484097] [p_lkrg] Stack trace:
> > > [17753.484100] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484101] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484103] opt_pre_handler+0x47/0x80
> > > [17753.484103] optimized_callback+0xbc/0xe0
> > > [17753.484104] 0xffffffffc044f30e
> > > [17753.484104] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484105] [p_lkrg] Stack trace:
> > > [17753.484107] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484109] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484110] opt_pre_handler+0x47/0x80
> > > [17753.484110] optimized_callback+0xbc/0xe0
> > > [17753.484111] 0xffffffffc044f388
> > > [17753.484111] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484112] [p_lkrg] Stack trace:
> > > [17753.484114] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484116] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484117] opt_pre_handler+0x47/0x80
> > > [17753.484117] optimized_callback+0xbc/0xe0
> > > [17753.484118] 0xffffffffc044f30e
> > > [17753.484118] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484119] [p_lkrg] Stack trace:
> > > [17753.484121] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484123] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484124] opt_pre_handler+0x47/0x80
> > > [17753.484125] optimized_callback+0xbc/0xe0
> > > [17753.484125] 0xffffffffc044f388
> > > [17753.484126] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484126] [p_lkrg] Stack trace:
> > > [17753.484129] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484130] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484131] opt_pre_handler+0x47/0x80
> > > [17753.484132] optimized_callback+0xbc/0xe0
> > > [17753.484132] 0xffffffffc044f30e
> > > [17753.484133] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484133] [p_lkrg] Stack trace:
> > > [17753.484136] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484137] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484138] opt_pre_handler+0x47/0x80
> > > [17753.484139] optimized_callback+0xbc/0xe0
> > > [17753.484139] 0xffffffffc044f388
> > > [17753.484140] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484140] [p_lkrg] Stack trace:
> > > [17753.484143] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484144] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484145] opt_pre_handler+0x47/0x80
> > > [17753.484146] optimized_callback+0xbc/0xe0
> > > [17753.484147] 0xffffffffc044f30e
> > > [17753.484147] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484147] [p_lkrg] Stack trace:
> > > [17753.484150] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484151] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484152] opt_pre_handler+0x47/0x80
> > > [17753.484153] optimized_callback+0xbc/0xe0
> > > [17753.484154] 0xffffffffc044f388
> > > [17753.484154] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484154] [p_lkrg] Stack trace:
> > > [17753.484157] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484158] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484159] opt_pre_handler+0x47/0x80
> > > [17753.484160] optimized_callback+0xbc/0xe0
> > > [17753.484161] 0xffffffffc044f30e
> > > [17753.484161] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484161] [p_lkrg] Stack trace:
> > > [17753.484164] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484165] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484166] opt_pre_handler+0x47/0x80
> > > [17753.484167] optimized_callback+0xbc/0xe0
> > > [17753.484168] 0xffffffffc044f388
> > > [17753.484168] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484168] [p_lkrg] Stack trace:
> > > [17753.484171] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484172] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484173] opt_pre_handler+0x47/0x80
> > > [17753.484174] optimized_callback+0xbc/0xe0
> > > [17753.484175] 0xffffffffc044f30e
> > > [17753.484175] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484175] [p_lkrg] Stack trace:
> > > [17753.484178] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484179] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484180] opt_pre_handler+0x47/0x80
> > > [17753.484181] optimized_callback+0xbc/0xe0
> > > [17753.484181] 0xffffffffc044f388
> > > [17753.484182] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484182] [p_lkrg] Stack trace:
> > > [17753.484185] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484186] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484188] opt_pre_handler+0x47/0x80
> > > [17753.484188] optimized_callback+0xbc/0xe0
> > > [17753.484189] 0xffffffffc044f30e
> > > [17753.484189] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484189] [p_lkrg] Stack trace:
> > > [17753.484192] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484193] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484195] opt_pre_handler+0x47/0x80
> > > [17753.484195] optimized_callback+0xbc/0xe0
> > > [17753.484196] 0xffffffffc044f388
> > > [17753.484196] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484197] [p_lkrg] Stack trace:
> > > [17753.484199] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484201] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484202] opt_pre_handler+0x47/0x80
> > > [17753.484203] optimized_callback+0xbc/0xe0
> > > [17753.484203] 0xffffffffc044f30e
> > > [17753.484203] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484204] [p_lkrg] Stack trace:
> > > [17753.484207] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484208] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484209] opt_pre_handler+0x47/0x80
> > > [17753.484210] optimized_callback+0xbc/0xe0
> > > [17753.484210] 0xffffffffc044f388
> > > [17753.484211] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484211] [p_lkrg] Stack trace:
> > > [17753.484214] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484215] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484216] opt_pre_handler+0x47/0x80
> > > [17753.484217] optimized_callback+0xbc/0xe0
> > > [17753.484217] 0xffffffffc044f30e
> > > [17753.484218] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484218] [p_lkrg] Stack trace:
> > > [17753.484221] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484222] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484223] opt_pre_handler+0x47/0x80
> > > [17753.484224] optimized_callback+0xbc/0xe0
> > > [17753.484224] 0xffffffffc044f388
> > > [17753.484225] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484225] [p_lkrg] Stack trace:
> > > [17753.484228] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484229] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484230] opt_pre_handler+0x47/0x80
> > > [17753.484231] optimized_callback+0xbc/0xe0
> > > [17753.484231] 0xffffffffc044f30e
> > > [17753.484232] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484232] [p_lkrg] Stack trace:
> > > [17753.484235] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484236] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484237] opt_pre_handler+0x47/0x80
> > > [17753.484238] optimized_callback+0xbc/0xe0
> > > [17753.484239] 0xffffffffc044f388
> > > [17753.484239] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF]
> > > old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484240] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484240] [p_lkrg] => caller[p_seccomp_entry] action[OFF]
> > > old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484241] [p_lkrg] => caller[p_seccomp_ret] action[ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484241] [p_lkrg] => caller[p_seccomp_entry] action[OFF]
> > > old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484242] [p_lkrg] => caller[p_seccomp_ret] action[ON]
> > > old_off[0x3a3d5b3e3034f5b] debug_val[0]
> > > [17753.484243] [p_lkrg] <Exploit Detection> Trying to kill
> > > process[QtWebEngineProc | 4072]!
> > > [17753.484300] [p_lkrg] <Exploit Detection> ON process[4072 |
> > > QtWebEngineProc] has corrupted 'off' flag!
> > > [17753.484301] [p_lkrg] 'off' flag[0x0] (normalization via
> > > 0x3a3d5b3e3034f5b)
> > > [17753.484301] [p_lkrg] OFF debug: normalization[0x3a3d5b3e3034f5b]
> > > cookie[0x69470f9547639fd1]
> > > [17753.484302] [p_lkrg] Process[4072 | QtWebEngineProc] Parent[3992 |
> > > akregator] has [76] entries:
> > > [17753.484303] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF]
> > > old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484303] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484304] [p_lkrg] => caller[p_sys_execve_entry] action[OFF]
> > > old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484304] [p_lkrg] => caller[p_sys_execve_ret] action[RESET]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484305] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484305] [p_lkrg] Stack trace:
> > > [17753.484309] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484310] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484311] opt_pre_handler+0x47/0x80
> > > [17753.484312] optimized_callback+0xbc/0xe0
> > > [17753.484313] 0xffffffffc044f30e
> > > [17753.484313] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484313] [p_lkrg] Stack trace:
> > > [17753.484316] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484318] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484319] opt_pre_handler+0x47/0x80
> > > [17753.484320] optimized_callback+0xbc/0xe0
> > > [17753.484321] 0xffffffffc044f388
> > > [17753.484321] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF]
> > > old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484322] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484322] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484322] [p_lkrg] Stack trace:
> > > [17753.484325] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484327] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484328] opt_pre_handler+0x47/0x80
> > > [17753.484329] optimized_callback+0xbc/0xe0
> > > [17753.484329] 0xffffffffc044f30e
> > > [17753.484330] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484330] [p_lkrg] Stack trace:
> > > [17753.484333] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484334] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484336] opt_pre_handler+0x47/0x80
> > > [17753.484336] optimized_callback+0xbc/0xe0
> > > [17753.484337] 0xffffffffc044f388
> > > [17753.484337] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484338] [p_lkrg] Stack trace:
> > > [17753.484341] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484342] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484343] opt_pre_handler+0x47/0x80
> > > [17753.484344] optimized_callback+0xbc/0xe0
> > > [17753.484344] 0xffffffffc044f30e
> > > [17753.484345] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484345] [p_lkrg] Stack trace:
> > > [17753.484348] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484350] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484351] opt_pre_handler+0x47/0x80
> > > [17753.484352] optimized_callback+0xbc/0xe0
> > > [17753.484352] 0xffffffffc044f388
> > > [17753.484353] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484353] [p_lkrg] Stack trace:
> > > [17753.484356] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484357] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484358] opt_pre_handler+0x47/0x80
> > > [17753.484359] optimized_callback+0xbc/0xe0
> > > [17753.484360] 0xffffffffc044f30e
> > > [17753.484360] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484360] [p_lkrg] Stack trace:
> > > [17753.484363] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484365] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484366] opt_pre_handler+0x47/0x80
> > > [17753.484367] optimized_callback+0xbc/0xe0
> > > [17753.484367] 0xffffffffc044f388
> > > [17753.484368] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484368] [p_lkrg] Stack trace:
> > > [17753.484371] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484372] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484373] opt_pre_handler+0x47/0x80
> > > [17753.484374] optimized_callback+0xbc/0xe0
> > > [17753.484375] 0xffffffffc044f30e
> > > [17753.484375] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484375] [p_lkrg] Stack trace:
> > > [17753.484378] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484380] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484381] opt_pre_handler+0x47/0x80
> > > [17753.484382] optimized_callback+0xbc/0xe0
> > > [17753.484382] 0xffffffffc044f388
> > > [17753.484383] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484383] [p_lkrg] Stack trace:
> > > [17753.484386] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484387] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484389] opt_pre_handler+0x47/0x80
> > > [17753.484389] optimized_callback+0xbc/0xe0
> > > [17753.484390] 0xffffffffc044f30e
> > > [17753.484390] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484391] [p_lkrg] Stack trace:
> > > [17753.484394] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484395] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484396] opt_pre_handler+0x47/0x80
> > > [17753.484397] optimized_callback+0xbc/0xe0
> > > [17753.484397] 0xffffffffc044f388
> > > [17753.484398] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484398] [p_lkrg] Stack trace:
> > > [17753.484401] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484403] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484404] opt_pre_handler+0x47/0x80
> > > [17753.484405] optimized_callback+0xbc/0xe0
> > > [17753.484405] 0xffffffffc044f30e
> > > [17753.484406] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484406] [p_lkrg] Stack trace:
> > > [17753.484409] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484410] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484411] opt_pre_handler+0x47/0x80
> > > [17753.484412] optimized_callback+0xbc/0xe0
> > > [17753.484412] 0xffffffffc044f388
> > > [17753.484413] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484413] [p_lkrg] Stack trace:
> > > [17753.484416] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484418] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484419] opt_pre_handler+0x47/0x80
> > > [17753.484420] optimized_callback+0xbc/0xe0
> > > [17753.484420] 0xffffffffc044f30e
> > > [17753.484421] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484421] [p_lkrg] Stack trace:
> > > [17753.484424] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484425] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484426] opt_pre_handler+0x47/0x80
> > > [17753.484427] optimized_callback+0xbc/0xe0
> > > [17753.484428] 0xffffffffc044f388
> > > [17753.484428] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484428] [p_lkrg] Stack trace:
> > > [17753.484431] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484433] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484434] opt_pre_handler+0x47/0x80
> > > [17753.484435] optimized_callback+0xbc/0xe0
> > > [17753.484435] 0xffffffffc044f30e
> > > [17753.484436] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484436] [p_lkrg] Stack trace:
> > > [17753.484439] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484440] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484441] opt_pre_handler+0x47/0x80
> > > [17753.484442] optimized_callback+0xbc/0xe0
> > > [17753.484443] 0xffffffffc044f388
> > > [17753.484443] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484443] [p_lkrg] Stack trace:
> > > [17753.484446] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484448] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484449] opt_pre_handler+0x47/0x80
> > > [17753.484450] optimized_callback+0xbc/0xe0
> > > [17753.484450] 0xffffffffc044f30e
> > > [17753.484451] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484451] [p_lkrg] Stack trace:
> > > [17753.484454] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484455] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484456] opt_pre_handler+0x47/0x80
> > > [17753.484457] optimized_callback+0xbc/0xe0
> > > [17753.484458] 0xffffffffc044f388
> > > [17753.484458] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484458] [p_lkrg] Stack trace:
> > > [17753.484462] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484463] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484464] opt_pre_handler+0x47/0x80
> > > [17753.484465] optimized_callback+0xbc/0xe0
> > > [17753.484466] 0xffffffffc044f30e
> > > [17753.484466] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484466] [p_lkrg] Stack trace:
> > > [17753.484469] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484471] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484472] opt_pre_handler+0x47/0x80
> > > [17753.484473] optimized_callback+0xbc/0xe0
> > > [17753.484473] 0xffffffffc044f388
> > > [17753.484474] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484474] [p_lkrg] Stack trace:
> > > [17753.484477] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484478] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484479] opt_pre_handler+0x47/0x80
> > > [17753.484480] optimized_callback+0xbc/0xe0
> > > [17753.484481] 0xffffffffc044f30e
> > > [17753.484481] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484481] [p_lkrg] Stack trace:
> > > [17753.484484] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484486] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484487] opt_pre_handler+0x47/0x80
> > > [17753.484488] optimized_callback+0xbc/0xe0
> > > [17753.484488] 0xffffffffc044f388
> > > [17753.484489] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484489] [p_lkrg] Stack trace:
> > > [17753.484492] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484493] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484495] opt_pre_handler+0x47/0x80
> > > [17753.484495] optimized_callback+0xbc/0xe0
> > > [17753.484496] 0xffffffffc044f30e
> > > [17753.484496] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484497] [p_lkrg] Stack trace:
> > > [17753.484500] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484501] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484502] opt_pre_handler+0x47/0x80
> > > [17753.484503] optimized_callback+0xbc/0xe0
> > > [17753.484503] 0xffffffffc044f388
> > > [17753.484504] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484504] [p_lkrg] Stack trace:
> > > [17753.484507] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484508] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484510] opt_pre_handler+0x47/0x80
> > > [17753.484510] optimized_callback+0xbc/0xe0
> > > [17753.484511] 0xffffffffc044f30e
> > > [17753.484511] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484512] [p_lkrg] Stack trace:
> > > [17753.484515] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484516] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484517] opt_pre_handler+0x47/0x80
> > > [17753.484518] optimized_callback+0xbc/0xe0
> > > [17753.484518] 0xffffffffc044f388
> > > [17753.484519] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484519] [p_lkrg] Stack trace:
> > > [17753.484522] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484524] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484525] opt_pre_handler+0x47/0x80
> > > [17753.484526] optimized_callback+0xbc/0xe0
> > > [17753.484526] 0xffffffffc044f30e
> > > [17753.484526] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484527] [p_lkrg] Stack trace:
> > > [17753.484530] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484531] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484532] opt_pre_handler+0x47/0x80
> > > [17753.484533] optimized_callback+0xbc/0xe0
> > > [17753.484533] 0xffffffffc044f388
> > > [17753.484534] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484534] [p_lkrg] Stack trace:
> > > [17753.484537] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484538] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484540] opt_pre_handler+0x47/0x80
> > > [17753.484540] optimized_callback+0xbc/0xe0
> > > [17753.484541] 0xffffffffc044f30e
> > > [17753.484541] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484542] [p_lkrg] Stack trace:
> > > [17753.484545] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484546] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484547] opt_pre_handler+0x47/0x80
> > > [17753.484548] optimized_callback+0xbc/0xe0
> > > [17753.484548] 0xffffffffc044f388
> > > [17753.484549] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484549] [p_lkrg] Stack trace:
> > > [17753.484552] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484553] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484555] opt_pre_handler+0x47/0x80
> > > [17753.484555] optimized_callback+0xbc/0xe0
> > > [17753.484556] 0xffffffffc044f30e
> > > [17753.484556] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484557] [p_lkrg] Stack trace:
> > > [17753.484560] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484561] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484562] opt_pre_handler+0x47/0x80
> > > [17753.484563] optimized_callback+0xbc/0xe0
> > > [17753.484563] 0xffffffffc044f388
> > > [17753.484564] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484564] [p_lkrg] Stack trace:
> > > [17753.484567] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484568] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484570] opt_pre_handler+0x47/0x80
> > > [17753.484570] optimized_callback+0xbc/0xe0
> > > [17753.484571] 0xffffffffc044f30e
> > > [17753.484571] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484572] [p_lkrg] Stack trace:
> > > [17753.484575] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484576] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484577] opt_pre_handler+0x47/0x80
> > > [17753.484578] optimized_callback+0xbc/0xe0
> > > [17753.484578] 0xffffffffc044f388
> > > [17753.484579] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484579] [p_lkrg] Stack trace:
> > > [17753.484582] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484583] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484585] opt_pre_handler+0x47/0x80
> > > [17753.484585] optimized_callback+0xbc/0xe0
> > > [17753.484586] 0xffffffffc044f30e
> > > [17753.484586] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484587] [p_lkrg] Stack trace:
> > > [17753.484590] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484591] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484592] opt_pre_handler+0x47/0x80
> > > [17753.484593] optimized_callback+0xbc/0xe0
> > > [17753.484593] 0xffffffffc044f388
> > > [17753.484594] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484594] [p_lkrg] Stack trace:
> > > [17753.484597] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484598] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484599] opt_pre_handler+0x47/0x80
> > > [17753.484600] optimized_callback+0xbc/0xe0
> > > [17753.484601] 0xffffffffc044f30e
> > > [17753.484601] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484601] [p_lkrg] Stack trace:
> > > [17753.484604] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484606] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484607] opt_pre_handler+0x47/0x80
> > > [17753.484608] optimized_callback+0xbc/0xe0
> > > [17753.484608] 0xffffffffc044f388
> > > [17753.484609] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484609] [p_lkrg] Stack trace:
> > > [17753.484612] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484613] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484615] opt_pre_handler+0x47/0x80
> > > [17753.484615] optimized_callback+0xbc/0xe0
> > > [17753.484616] 0xffffffffc044f30e
> > > [17753.484616] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484617] [p_lkrg] Stack trace:
> > > [17753.484620] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484621] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484622] opt_pre_handler+0x47/0x80
> > > [17753.484623] optimized_callback+0xbc/0xe0
> > > [17753.484623] 0xffffffffc044f388
> > > [17753.484624] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484624] [p_lkrg] Stack trace:
> > > [17753.484627] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484629] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484630] opt_pre_handler+0x47/0x80
> > > [17753.484631] optimized_callback+0xbc/0xe0
> > > [17753.484631] 0xffffffffc044f30e
> > > [17753.484632] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484632] [p_lkrg] Stack trace:
> > > [17753.484635] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484636] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484637] opt_pre_handler+0x47/0x80
> > > [17753.484638] optimized_callback+0xbc/0xe0
> > > [17753.484639] 0xffffffffc044f388
> > > [17753.484639] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484640] [p_lkrg] Stack trace:
> > > [17753.484642] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484644] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484645] opt_pre_handler+0x47/0x80
> > > [17753.484646] optimized_callback+0xbc/0xe0
> > > [17753.484646] 0xffffffffc044f30e
> > > [17753.484647] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484647] [p_lkrg] Stack trace:
> > > [17753.484650] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484651] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484652] opt_pre_handler+0x47/0x80
> > > [17753.484663] optimized_callback+0xbc/0xe0
> > > [17753.484664] 0xffffffffc044f388
> > > [17753.484664] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484665] [p_lkrg] Stack trace:
> > > [17753.484668] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484669] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484670] opt_pre_handler+0x47/0x80
> > > [17753.484671] optimized_callback+0xbc/0xe0
> > > [17753.484672] 0xffffffffc044f30e
> > > [17753.484672] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484673] [p_lkrg] Stack trace:
> > > [17753.484676] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484677] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484678] opt_pre_handler+0x47/0x80
> > > [17753.484679] optimized_callback+0xbc/0xe0
> > > [17753.484680] 0xffffffffc044f388
> > > [17753.484680] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484681] [p_lkrg] Stack trace:
> > > [17753.484684] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484685] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484686] opt_pre_handler+0x47/0x80
> > > [17753.484687] optimized_callback+0xbc/0xe0
> > > [17753.484687] 0xffffffffc044f30e
> > > [17753.484688] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484688] [p_lkrg] Stack trace:
> > > [17753.484691] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484693] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484703] opt_pre_handler+0x47/0x80
> > > [17753.484704] optimized_callback+0xbc/0xe0
> > > [17753.484704] 0xffffffffc044f388
> > > [17753.484705] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484705] [p_lkrg] Stack trace:
> > > [17753.484708] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484710] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484711] opt_pre_handler+0x47/0x80
> > > [17753.484711] optimized_callback+0xbc/0xe0
> > > [17753.484712] 0xffffffffc044f30e
> > > [17753.484712] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484713] [p_lkrg] Stack trace:
> > > [17753.484716] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484717] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484718] opt_pre_handler+0x47/0x80
> > > [17753.484719] optimized_callback+0xbc/0xe0
> > > [17753.484720] 0xffffffffc044f388
> > > [17753.484720] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484720] [p_lkrg] Stack trace:
> > > [17753.484723] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484725] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484726] opt_pre_handler+0x47/0x80
> > > [17753.484727] optimized_callback+0xbc/0xe0
> > > [17753.484727] 0xffffffffc044f30e
> > > [17753.484738] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484738] [p_lkrg] Stack trace:
> > > [17753.484741] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484743] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484744] opt_pre_handler+0x47/0x80
> > > [17753.484745] optimized_callback+0xbc/0xe0
> > > [17753.484745] 0xffffffffc044f388
> > > [17753.484746] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484746] [p_lkrg] Stack trace:
> > > [17753.484749] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484750] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484752] opt_pre_handler+0x47/0x80
> > > [17753.484753] optimized_callback+0xbc/0xe0
> > > [17753.484753] 0xffffffffc044f30e
> > > [17753.484754] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484754] [p_lkrg] Stack trace:
> > > [17753.484757] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484758] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484760] opt_pre_handler+0x47/0x80
> > > [17753.484760] optimized_callback+0xbc/0xe0
> > > [17753.484761] 0xffffffffc044f388
> > > [17753.484761] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484762] [p_lkrg] Stack trace:
> > > [17753.484774] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484775] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484776] opt_pre_handler+0x47/0x80
> > > [17753.484777] optimized_callback+0xbc/0xe0
> > > [17753.484778] 0xffffffffc044f30e
> > > [17753.484778] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484778] [p_lkrg] Stack trace:
> > > [17753.484781] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484783] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484784] opt_pre_handler+0x47/0x80
> > > [17753.484785] optimized_callback+0xbc/0xe0
> > > [17753.484785] 0xffffffffc044f388
> > > [17753.484786] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484786] [p_lkrg] Stack trace:
> > > [17753.484789] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484790] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484791] opt_pre_handler+0x47/0x80
> > > [17753.484792] optimized_callback+0xbc/0xe0
> > > [17753.484793] 0xffffffffc044f30e
> > > [17753.484793] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484794] [p_lkrg] Stack trace:
> > > [17753.484797] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484798] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484799] opt_pre_handler+0x47/0x80
> > > [17753.484800] optimized_callback+0xbc/0xe0
> > > [17753.484800] 0xffffffffc044f388
> > > [17753.484801] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484801] [p_lkrg] Stack trace:
> > > [17753.484804] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484806] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484807] opt_pre_handler+0x47/0x80
> > > [17753.484808] optimized_callback+0xbc/0xe0
> > > [17753.484808] 0xffffffffc044f30e
> > > [17753.484809] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484809] [p_lkrg] Stack trace:
> > > [17753.484812] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484813] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484814] opt_pre_handler+0x47/0x80
> > > [17753.484815] optimized_callback+0xbc/0xe0
> > > [17753.484816] 0xffffffffc044f388
> > > [17753.484816] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE
> > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484817] [p_lkrg] Stack trace:
> > > [17753.484820] p_override_creds_entry+0x91/0xd0 [p_lkrg]
> > > [17753.484821] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484822] opt_pre_handler+0x47/0x80
> > > [17753.484823] optimized_callback+0xbc/0xe0
> > > [17753.484823] 0xffffffffc044f30e
> > > [17753.484824] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484824] [p_lkrg] Stack trace:
> > > [17753.484827] p_revert_creds_entry+0x87/0xc0 [p_lkrg]
> > > [17753.484828] pre_handler_kretprobe+0xaa/0x1b0
> > > [17753.484830] opt_pre_handler+0x47/0x80
> > > [17753.484830] optimized_callback+0xbc/0xe0
> > > [17753.484831] 0xffffffffc044f388
> > > [17753.484831] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF]
> > > old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484832] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484832] [p_lkrg] => caller[p_seccomp_entry] action[OFF]
> > > old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484833] [p_lkrg] => caller[p_seccomp_ret] action[ON]
> > > old_off[0x747ab67c6069eb6] debug_val[0]
> > > [17753.484833] [p_lkrg] => caller[p_seccomp_entry] action[OFF]
> > > old_off[0x3a3d5b3e3034f5b] debug_val[1]
> > > [17753.484834] [p_lkrg] => caller[p_seccomp_ret] action[ON]
> > > old_off[0x3a3d5b3e3034f5b] debug_val[0]
> > > [17753.484834] [p_lkrg] <Exploit Detection> Trying to kill
> > > process[QtWebEngineProc | 4072]!
> > > [17753.487222] traps: akregator[3992] trap int3 ip:7c16547727d1
> > > sp:7ffe868eae20 error:0 in
> > > libQt5WebEngineCore.so.5.15.1[7c165160a000+630c000]
> > >
> > > Pozdro
> > >
> > >
> > > W dniu 03.12.2020 o 07:58, Adam Zabrocki pisze:
> > > > Hi
> > > >
> > > > Sorry for late reply. However, I've been working on adding a new debugging
> > > > logic to the LKRG code.
> > > > I have a few questions:
> > > > - Do you have any ftrace* related tools which might run in the background?
> > > > Especially, around the time when you see that problem? It could be any perf*
> > > > tool as well since they are using tracing infrastructure under the hood
> > > > - New LKRG's debugging infrastructure can independently track state for each
> > > > process. However, it requires a lot more memory. If you are willing to enable
> > > > it, it will produce much more useful information which I can use. To be able
> > > > to do it, please uncomment the following definition in the file:
> > > > "src/modules/print_log/p_lkrg_log_level_shared.h"
> > > > /* Do we want to precisely track changes of 'off' flag per each process?
> > > > * If yes, uncomment it here */
> > > > #define P_LKRG_TASK_OFF_DEBUG
> > > >
> > > > - If you have anough resource and sucessfully load such build of LKRG, you
> > > > should see more debug information in the logs when such problem appears.
> > > >
> > > > The newest Linux kernel changed the behavior of KPROBES and FTRACE and I'm
> > > > actively researching these changes. It is worth to note that if FTRACE is
> > > > being disabled e.g. via /proc/sys/kernel/ftrace_enabled it can affect KPROBES
> > > > as well. Some tools heavily using such interface.
> > > >
> > > > Thanks,
> > > > Adam
> > > >
> > > > On Mon, Nov 16, 2020 at
> > > > 09:25:10PM +0100, Jacek wrote:
> > > > > Hi
> > > > >
> > > > > OS Gentoo:
> > > > >
> > > > > Linux version 5.9.8-g1 (root@...ek) (gcc (Gentoo Hardened 9.3.0-r1 p3)
> > > > > 9.3.0, GNU ld (Gentoo 2.34 p6) 2.34.0) #2 SMP PREEMPT Thu Nov 12 07:29:29
> > > > > CET 2020
> > > > >
> > > > > LKRG:
> > > > >
> > > > > filename: /lib/modules/5.9.8-g1/extra/p_lkrg.ko
> > > > > license: GPL v2
> > > > > description: pi3's Linux kernel Runtime Guard
> > > > > author: Adam 'pi3' Zabrocki (http://pi3.com.pl)
> > > > > srcversion: 40A527C8D5D5D19B610FE2F
> > > > > depends:
> > > > > retpoline: Y
> > > > > name: p_lkrg
> > > > > vermagic: 5.9.8-g1 SMP preempt mod_unload modversions RANDSTRUCT_PLUGIN_7c046b7d45f5b82e76f627aadaefa3bc69fdd9ae1cd91b61e72d98512ef164aa
> > > > >
> > > > > Git log:
> > > > >
> > > > > # root ~> git log |head -n 20
> > > > > commit 4cfb2b3474b813b0f2c424bbbcd7c1c456fb8f6e
> > > > > Author: disrupttheflow<68149206+disrupttheflow@...rs.noreply.github.com>
> > > > > Date: Mon Nov 16 12:28:23 2020 +0000
> > > > >
> > > > > Add correct repository to clone from in README (#25)
> > > > >
> > > > > commit 645983fbf687c4bddb3c62c19a37d7db380bf927
> > > > > Author: Mariusz Zaborski<oshogbo@...illium.org>
> > > > > Date: Fri Nov 6 19:29:40 2020 +0100
> > > > >
> > > > > ptrace: replace ptrace kprobes with security_ptrace_access_check
> > > > >
> > > > > commit ca8237ed2251a6f4ae03fe8e549662465f26d347
> > > > > Merge: 37d5520 5db3f98
> > > > > Author: Adam 'pi3' Zabrocki<65244445+Adam-pi3@...rs.noreply.github.com>
> > > > > Date: Sat Nov 7 08:52:18 2020 -0800
> > > > >
> > > > > Merge pull request #23 from oshogbo/kill
> > > > >
> > > > > umh: Kill process using the proper SIGKILL signal.
> > > > >
> > > > >
> > > > > Akreator (RSS client from KDE)
> > > > >
> > > > > # user ~> akregator
> > > > > [506:1:0100/000000.026569:ERROR:broker_posix.cc(43)] Invalid node channel
> > > > > message
> > > > > Unicestwiony
> > > > >
> > > > > LKRG error (from dmesg):
> > > > >
> > > > > [ 806.873553] [p_lkrg] <Exploit Detection> ON process[2170 |
> > > > > Chrome_IOThread] has corrupted 'off' flag!
> > > > > [ 806.873555] [p_lkrg] <Exploit Detection> Trying to kill
> > > > > process[ThreadPoolSingl | 2170]!
> > > > >
> > > > > Cheers
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
--
pi3 (pi3ki31ny) - pi3 (at) itsec pl
http://pi3.com.pl
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
