Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e8792a89-37cf-15d9-834e-67d0daa3a6f1@gmail.com>
Date: Thu, 3 Dec 2020 08:43:59 +0100
From: Jacek <wampir990@...il.com>
To: lkrg-users@...ts.openwall.com
Subject: Re: p_lkrg] <Exploit Detection> Trying to kill
 process[ThreadPoolSingl | 2170]!

OK, LKRG

P_LKRG_TASK_OFF_DEBUG

log:


[17733.791399] [p_lkrg] Loading LKRG...
[17733.791408] [p_lkrg] System does NOT support SMAP. LKRG can't enforce 
SMAP validation :(
[17733.816444] Freezing user space processes ... (elapsed 0.033 seconds) 
done.
[17733.849497] OOM killer disabled.
[17737.475672] [p_lkrg] [kretprobe] register_kretprobe() for 
<ttwu_do_wakeup> failed! [err=-22]
[17737.475675] [p_lkrg] Trying to find ISRA / CONSTPROP name for 
<ttwu_do_wakeup>
[17737.482067] [p_lkrg] Found ISRA version of function 
<ttwu_do_wakeup.isra.0>
[17737.595461] [p_lkrg] ISRA / CONSTPROP version was found and hook was 
planted at <ttwu_do_wakeup.isra.0>
[17738.042763] [p_lkrg] LKRG initialized successfully!
[17738.042764] OOM killer enabled.
[17738.042764] Restarting tasks ... done.
[17753.483746] [p_lkrg] <Exploit Detection> ON process[4072 | 
QtWebEngineProc] has corrupted 'off' flag!
[17753.483747] [p_lkrg] 'off' flag[0x0] (normalization via 
0x3a3d5b3e3034f5b)
[17753.483748] [p_lkrg] OFF debug: normalization[0x3a3d5b3e3034f5b] 
cookie[0x69470f9547639fd1]
[17753.483749] [p_lkrg] Process[4072 | QtWebEngineProc] Parent[3992 | 
akregator] has [76] entries:
[17753.483749] [p_lkrg]  => caller[p_cap_task_prctl_entry] action[OFF] 
old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483750] [p_lkrg]  => caller[p_cap_task_prctl_ret] action[ON] 
old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483751] [p_lkrg]  => caller[p_sys_execve_entry] action[OFF] 
old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483751] [p_lkrg]  => caller[p_sys_execve_ret] action[RESET] 
old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483752] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483752] [p_lkrg] Stack trace:
[17753.483759]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483763]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483764]  opt_pre_handler+0x47/0x80
[17753.483766]  optimized_callback+0xbc/0xe0
[17753.483766]  0xffffffffc044f30e
[17753.483767] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483767] [p_lkrg] Stack trace:
[17753.483771]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.483772]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483773]  opt_pre_handler+0x47/0x80
[17753.483774]  optimized_callback+0xbc/0xe0
[17753.483774]  0xffffffffc044f388
[17753.483775] [p_lkrg]  => caller[p_cap_task_prctl_entry] action[OFF] 
old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483775] [p_lkrg]  => caller[p_cap_task_prctl_ret] action[ON] 
old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483776] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483776] [p_lkrg] Stack trace:
[17753.483779]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483781]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483782]  opt_pre_handler+0x47/0x80
[17753.483782]  optimized_callback+0xbc/0xe0
[17753.483783]  0xffffffffc044f30e
[17753.483783] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483784] [p_lkrg] Stack trace:
[17753.483787]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.483788]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483789]  opt_pre_handler+0x47/0x80
[17753.483790]  optimized_callback+0xbc/0xe0
[17753.483790]  0xffffffffc044f388
[17753.483791] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483791] [p_lkrg] Stack trace:
[17753.483794]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483795]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483796]  opt_pre_handler+0x47/0x80
[17753.483797]  optimized_callback+0xbc/0xe0
[17753.483798]  0xffffffffc044f30e
[17753.483798] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483798] [p_lkrg] Stack trace:
[17753.483801]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.483803]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483804]  opt_pre_handler+0x47/0x80
[17753.483804]  optimized_callback+0xbc/0xe0
[17753.483805]  0xffffffffc044f388
[17753.483805] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483806] [p_lkrg] Stack trace:
[17753.483809]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483810]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483811]  opt_pre_handler+0x47/0x80
[17753.483812]  optimized_callback+0xbc/0xe0
[17753.483812]  0xffffffffc044f30e
[17753.483813] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483813] [p_lkrg] Stack trace:
[17753.483816]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.483817]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483818]  opt_pre_handler+0x47/0x80
[17753.483819]  optimized_callback+0xbc/0xe0
[17753.483819]  0xffffffffc044f388
[17753.483820] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483820] [p_lkrg] Stack trace:
[17753.483823]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483824]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483825]  opt_pre_handler+0x47/0x80
[17753.483826]  optimized_callback+0xbc/0xe0
[17753.483826]  0xffffffffc044f30e
[17753.483827] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483827] [p_lkrg] Stack trace:
[17753.483830]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.483831]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483832]  opt_pre_handler+0x47/0x80
[17753.483833]  optimized_callback+0xbc/0xe0
[17753.483834]  0xffffffffc044f388
[17753.483834] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483834] [p_lkrg] Stack trace:
[17753.483837]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483838]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483840]  opt_pre_handler+0x47/0x80
[17753.483840]  optimized_callback+0xbc/0xe0
[17753.483841]  0xffffffffc044f30e
[17753.483841] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483841] [p_lkrg] Stack trace:
[17753.483844]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.483846]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483847]  opt_pre_handler+0x47/0x80
[17753.483847]  optimized_callback+0xbc/0xe0
[17753.483848]  0xffffffffc044f388
[17753.483848] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483849] [p_lkrg] Stack trace:
[17753.483851]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483853]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483854]  opt_pre_handler+0x47/0x80
[17753.483855]  optimized_callback+0xbc/0xe0
[17753.483855]  0xffffffffc044f30e
[17753.483855] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483856] [p_lkrg] Stack trace:
[17753.483859]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.483860]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483861]  opt_pre_handler+0x47/0x80
[17753.483862]  optimized_callback+0xbc/0xe0
[17753.483862]  0xffffffffc044f388
[17753.483863] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483863] [p_lkrg] Stack trace:
[17753.483866]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483867]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483868]  opt_pre_handler+0x47/0x80
[17753.483869]  optimized_callback+0xbc/0xe0
[17753.483869]  0xffffffffc044f30e
[17753.483870] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483870] [p_lkrg] Stack trace:
[17753.483873]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.483874]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483875]  opt_pre_handler+0x47/0x80
[17753.483876]  optimized_callback+0xbc/0xe0
[17753.483877]  0xffffffffc044f388
[17753.483877] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483877] [p_lkrg] Stack trace:
[17753.483880]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483881]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483882]  opt_pre_handler+0x47/0x80
[17753.483883]  optimized_callback+0xbc/0xe0
[17753.483884]  0xffffffffc044f30e
[17753.483884] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483884] [p_lkrg] Stack trace:
[17753.483887]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.483888]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483890]  opt_pre_handler+0x47/0x80
[17753.483890]  optimized_callback+0xbc/0xe0
[17753.483891]  0xffffffffc044f388
[17753.483891] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483891] [p_lkrg] Stack trace:
[17753.483894]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483896]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483897]  opt_pre_handler+0x47/0x80
[17753.483897]  optimized_callback+0xbc/0xe0
[17753.483898]  0xffffffffc044f30e
[17753.483898] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483899] [p_lkrg] Stack trace:
[17753.483902]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.483903]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483904]  opt_pre_handler+0x47/0x80
[17753.483905]  optimized_callback+0xbc/0xe0
[17753.483905]  0xffffffffc044f388
[17753.483906] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483906] [p_lkrg] Stack trace:
[17753.483909]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483910]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483911]  opt_pre_handler+0x47/0x80
[17753.483912]  optimized_callback+0xbc/0xe0
[17753.483912]  0xffffffffc044f30e
[17753.483913] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483913] [p_lkrg] Stack trace:
[17753.483916]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.483917]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483918]  opt_pre_handler+0x47/0x80
[17753.483919]  optimized_callback+0xbc/0xe0
[17753.483919]  0xffffffffc044f388
[17753.483920] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483920] [p_lkrg] Stack trace:
[17753.483923]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483924]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483925]  opt_pre_handler+0x47/0x80
[17753.483926]  optimized_callback+0xbc/0xe0
[17753.483927]  0xffffffffc044f30e
[17753.483927] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483927] [p_lkrg] Stack trace:
[17753.483930]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.483932]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483933]  opt_pre_handler+0x47/0x80
[17753.483933]  optimized_callback+0xbc/0xe0
[17753.483934]  0xffffffffc044f388
[17753.483934] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483935] [p_lkrg] Stack trace:
[17753.483937]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483939]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483940]  opt_pre_handler+0x47/0x80
[17753.483940]  optimized_callback+0xbc/0xe0
[17753.483941]  0xffffffffc044f30e
[17753.483941] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483942] [p_lkrg] Stack trace:
[17753.483945]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.483946]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483947]  opt_pre_handler+0x47/0x80
[17753.483948]  optimized_callback+0xbc/0xe0
[17753.483948]  0xffffffffc044f388
[17753.483949] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483949] [p_lkrg] Stack trace:
[17753.483952]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483953]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483954]  opt_pre_handler+0x47/0x80
[17753.483955]  optimized_callback+0xbc/0xe0
[17753.483955]  0xffffffffc044f30e
[17753.483956] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483956] [p_lkrg] Stack trace:
[17753.483959]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.483960]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483961]  opt_pre_handler+0x47/0x80
[17753.483962]  optimized_callback+0xbc/0xe0
[17753.483962]  0xffffffffc044f388
[17753.483963] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483963] [p_lkrg] Stack trace:
[17753.483966]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483967]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483968]  opt_pre_handler+0x47/0x80
[17753.483979]  optimized_callback+0xbc/0xe0
[17753.483980]  0xffffffffc044f30e
[17753.483980] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483980] [p_lkrg] Stack trace:
[17753.483983]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.483985]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483986]  opt_pre_handler+0x47/0x80
[17753.483987]  optimized_callback+0xbc/0xe0
[17753.483987]  0xffffffffc044f388
[17753.483988] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.483988] [p_lkrg] Stack trace:
[17753.483991]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.483992]  pre_handler_kretprobe+0xaa/0x1b0
[17753.483994]  opt_pre_handler+0x47/0x80
[17753.483994]  optimized_callback+0xbc/0xe0
[17753.483995]  0xffffffffc044f30e
[17753.483995] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.483996] [p_lkrg] Stack trace:
[17753.483999]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484000]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484001]  opt_pre_handler+0x47/0x80
[17753.484002]  optimized_callback+0xbc/0xe0
[17753.484011]  0xffffffffc044f388
[17753.484012] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484012] [p_lkrg] Stack trace:
[17753.484015]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484016]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484017]  opt_pre_handler+0x47/0x80
[17753.484018]  optimized_callback+0xbc/0xe0
[17753.484019]  0xffffffffc044f30e
[17753.484019] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484019] [p_lkrg] Stack trace:
[17753.484022]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484023]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484025]  opt_pre_handler+0x47/0x80
[17753.484025]  optimized_callback+0xbc/0xe0
[17753.484026]  0xffffffffc044f388
[17753.484026] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484027] [p_lkrg] Stack trace:
[17753.484029]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484031]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484032]  opt_pre_handler+0x47/0x80
[17753.484033]  optimized_callback+0xbc/0xe0
[17753.484033]  0xffffffffc044f30e
[17753.484033] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484034] [p_lkrg] Stack trace:
[17753.484036]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484038]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484039]  opt_pre_handler+0x47/0x80
[17753.484040]  optimized_callback+0xbc/0xe0
[17753.484040]  0xffffffffc044f388
[17753.484040] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484041] [p_lkrg] Stack trace:
[17753.484044]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484045]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484046]  opt_pre_handler+0x47/0x80
[17753.484047]  optimized_callback+0xbc/0xe0
[17753.484047]  0xffffffffc044f30e
[17753.484048] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484048] [p_lkrg] Stack trace:
[17753.484051]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484052]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484053]  opt_pre_handler+0x47/0x80
[17753.484054]  optimized_callback+0xbc/0xe0
[17753.484054]  0xffffffffc044f388
[17753.484055] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484055] [p_lkrg] Stack trace:
[17753.484058]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484059]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484060]  opt_pre_handler+0x47/0x80
[17753.484061]  optimized_callback+0xbc/0xe0
[17753.484061]  0xffffffffc044f30e
[17753.484062] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484062] [p_lkrg] Stack trace:
[17753.484065]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484066]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484067]  opt_pre_handler+0x47/0x80
[17753.484068]  optimized_callback+0xbc/0xe0
[17753.484068]  0xffffffffc044f388
[17753.484069] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484069] [p_lkrg] Stack trace:
[17753.484072]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484073]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484074]  opt_pre_handler+0x47/0x80
[17753.484075]  optimized_callback+0xbc/0xe0
[17753.484076]  0xffffffffc044f30e
[17753.484076] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484076] [p_lkrg] Stack trace:
[17753.484079]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484080]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484081]  opt_pre_handler+0x47/0x80
[17753.484082]  optimized_callback+0xbc/0xe0
[17753.484083]  0xffffffffc044f388
[17753.484083] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484083] [p_lkrg] Stack trace:
[17753.484086]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484087]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484088]  opt_pre_handler+0x47/0x80
[17753.484089]  optimized_callback+0xbc/0xe0
[17753.484090]  0xffffffffc044f30e
[17753.484090] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484090] [p_lkrg] Stack trace:
[17753.484093]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484094]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484095]  opt_pre_handler+0x47/0x80
[17753.484096]  optimized_callback+0xbc/0xe0
[17753.484097]  0xffffffffc044f388
[17753.484097] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484097] [p_lkrg] Stack trace:
[17753.484100]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484101]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484103]  opt_pre_handler+0x47/0x80
[17753.484103]  optimized_callback+0xbc/0xe0
[17753.484104]  0xffffffffc044f30e
[17753.484104] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484105] [p_lkrg] Stack trace:
[17753.484107]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484109]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484110]  opt_pre_handler+0x47/0x80
[17753.484110]  optimized_callback+0xbc/0xe0
[17753.484111]  0xffffffffc044f388
[17753.484111] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484112] [p_lkrg] Stack trace:
[17753.484114]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484116]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484117]  opt_pre_handler+0x47/0x80
[17753.484117]  optimized_callback+0xbc/0xe0
[17753.484118]  0xffffffffc044f30e
[17753.484118] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484119] [p_lkrg] Stack trace:
[17753.484121]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484123]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484124]  opt_pre_handler+0x47/0x80
[17753.484125]  optimized_callback+0xbc/0xe0
[17753.484125]  0xffffffffc044f388
[17753.484126] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484126] [p_lkrg] Stack trace:
[17753.484129]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484130]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484131]  opt_pre_handler+0x47/0x80
[17753.484132]  optimized_callback+0xbc/0xe0
[17753.484132]  0xffffffffc044f30e
[17753.484133] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484133] [p_lkrg] Stack trace:
[17753.484136]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484137]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484138]  opt_pre_handler+0x47/0x80
[17753.484139]  optimized_callback+0xbc/0xe0
[17753.484139]  0xffffffffc044f388
[17753.484140] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484140] [p_lkrg] Stack trace:
[17753.484143]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484144]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484145]  opt_pre_handler+0x47/0x80
[17753.484146]  optimized_callback+0xbc/0xe0
[17753.484147]  0xffffffffc044f30e
[17753.484147] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484147] [p_lkrg] Stack trace:
[17753.484150]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484151]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484152]  opt_pre_handler+0x47/0x80
[17753.484153]  optimized_callback+0xbc/0xe0
[17753.484154]  0xffffffffc044f388
[17753.484154] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484154] [p_lkrg] Stack trace:
[17753.484157]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484158]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484159]  opt_pre_handler+0x47/0x80
[17753.484160]  optimized_callback+0xbc/0xe0
[17753.484161]  0xffffffffc044f30e
[17753.484161] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484161] [p_lkrg] Stack trace:
[17753.484164]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484165]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484166]  opt_pre_handler+0x47/0x80
[17753.484167]  optimized_callback+0xbc/0xe0
[17753.484168]  0xffffffffc044f388
[17753.484168] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484168] [p_lkrg] Stack trace:
[17753.484171]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484172]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484173]  opt_pre_handler+0x47/0x80
[17753.484174]  optimized_callback+0xbc/0xe0
[17753.484175]  0xffffffffc044f30e
[17753.484175] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484175] [p_lkrg] Stack trace:
[17753.484178]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484179]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484180]  opt_pre_handler+0x47/0x80
[17753.484181]  optimized_callback+0xbc/0xe0
[17753.484181]  0xffffffffc044f388
[17753.484182] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484182] [p_lkrg] Stack trace:
[17753.484185]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484186]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484188]  opt_pre_handler+0x47/0x80
[17753.484188]  optimized_callback+0xbc/0xe0
[17753.484189]  0xffffffffc044f30e
[17753.484189] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484189] [p_lkrg] Stack trace:
[17753.484192]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484193]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484195]  opt_pre_handler+0x47/0x80
[17753.484195]  optimized_callback+0xbc/0xe0
[17753.484196]  0xffffffffc044f388
[17753.484196] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484197] [p_lkrg] Stack trace:
[17753.484199]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484201]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484202]  opt_pre_handler+0x47/0x80
[17753.484203]  optimized_callback+0xbc/0xe0
[17753.484203]  0xffffffffc044f30e
[17753.484203] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484204] [p_lkrg] Stack trace:
[17753.484207]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484208]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484209]  opt_pre_handler+0x47/0x80
[17753.484210]  optimized_callback+0xbc/0xe0
[17753.484210]  0xffffffffc044f388
[17753.484211] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484211] [p_lkrg] Stack trace:
[17753.484214]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484215]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484216]  opt_pre_handler+0x47/0x80
[17753.484217]  optimized_callback+0xbc/0xe0
[17753.484217]  0xffffffffc044f30e
[17753.484218] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484218] [p_lkrg] Stack trace:
[17753.484221]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484222]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484223]  opt_pre_handler+0x47/0x80
[17753.484224]  optimized_callback+0xbc/0xe0
[17753.484224]  0xffffffffc044f388
[17753.484225] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484225] [p_lkrg] Stack trace:
[17753.484228]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484229]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484230]  opt_pre_handler+0x47/0x80
[17753.484231]  optimized_callback+0xbc/0xe0
[17753.484231]  0xffffffffc044f30e
[17753.484232] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484232] [p_lkrg] Stack trace:
[17753.484235]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484236]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484237]  opt_pre_handler+0x47/0x80
[17753.484238]  optimized_callback+0xbc/0xe0
[17753.484239]  0xffffffffc044f388
[17753.484239] [p_lkrg]  => caller[p_cap_task_prctl_entry] action[OFF] 
old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484240] [p_lkrg]  => caller[p_cap_task_prctl_ret] action[ON] 
old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484240] [p_lkrg]  => caller[p_seccomp_entry] action[OFF] 
old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484241] [p_lkrg]  => caller[p_seccomp_ret] action[ON] 
old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484241] [p_lkrg]  => caller[p_seccomp_entry] action[OFF] 
old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484242] [p_lkrg]  => caller[p_seccomp_ret] action[ON] 
old_off[0x3a3d5b3e3034f5b] debug_val[0]
[17753.484243] [p_lkrg] <Exploit Detection> Trying to kill 
process[QtWebEngineProc | 4072]!
[17753.484300] [p_lkrg] <Exploit Detection> ON process[4072 | 
QtWebEngineProc] has corrupted 'off' flag!
[17753.484301] [p_lkrg] 'off' flag[0x0] (normalization via 
0x3a3d5b3e3034f5b)
[17753.484301] [p_lkrg] OFF debug: normalization[0x3a3d5b3e3034f5b] 
cookie[0x69470f9547639fd1]
[17753.484302] [p_lkrg] Process[4072 | QtWebEngineProc] Parent[3992 | 
akregator] has [76] entries:
[17753.484303] [p_lkrg]  => caller[p_cap_task_prctl_entry] action[OFF] 
old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484303] [p_lkrg]  => caller[p_cap_task_prctl_ret] action[ON] 
old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484304] [p_lkrg]  => caller[p_sys_execve_entry] action[OFF] 
old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484304] [p_lkrg]  => caller[p_sys_execve_ret] action[RESET] 
old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484305] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484305] [p_lkrg] Stack trace:
[17753.484309]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484310]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484311]  opt_pre_handler+0x47/0x80
[17753.484312]  optimized_callback+0xbc/0xe0
[17753.484313]  0xffffffffc044f30e
[17753.484313] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484313] [p_lkrg] Stack trace:
[17753.484316]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484318]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484319]  opt_pre_handler+0x47/0x80
[17753.484320]  optimized_callback+0xbc/0xe0
[17753.484321]  0xffffffffc044f388
[17753.484321] [p_lkrg]  => caller[p_cap_task_prctl_entry] action[OFF] 
old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484322] [p_lkrg]  => caller[p_cap_task_prctl_ret] action[ON] 
old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484322] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484322] [p_lkrg] Stack trace:
[17753.484325]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484327]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484328]  opt_pre_handler+0x47/0x80
[17753.484329]  optimized_callback+0xbc/0xe0
[17753.484329]  0xffffffffc044f30e
[17753.484330] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484330] [p_lkrg] Stack trace:
[17753.484333]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484334]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484336]  opt_pre_handler+0x47/0x80
[17753.484336]  optimized_callback+0xbc/0xe0
[17753.484337]  0xffffffffc044f388
[17753.484337] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484338] [p_lkrg] Stack trace:
[17753.484341]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484342]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484343]  opt_pre_handler+0x47/0x80
[17753.484344]  optimized_callback+0xbc/0xe0
[17753.484344]  0xffffffffc044f30e
[17753.484345] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484345] [p_lkrg] Stack trace:
[17753.484348]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484350]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484351]  opt_pre_handler+0x47/0x80
[17753.484352]  optimized_callback+0xbc/0xe0
[17753.484352]  0xffffffffc044f388
[17753.484353] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484353] [p_lkrg] Stack trace:
[17753.484356]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484357]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484358]  opt_pre_handler+0x47/0x80
[17753.484359]  optimized_callback+0xbc/0xe0
[17753.484360]  0xffffffffc044f30e
[17753.484360] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484360] [p_lkrg] Stack trace:
[17753.484363]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484365]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484366]  opt_pre_handler+0x47/0x80
[17753.484367]  optimized_callback+0xbc/0xe0
[17753.484367]  0xffffffffc044f388
[17753.484368] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484368] [p_lkrg] Stack trace:
[17753.484371]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484372]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484373]  opt_pre_handler+0x47/0x80
[17753.484374]  optimized_callback+0xbc/0xe0
[17753.484375]  0xffffffffc044f30e
[17753.484375] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484375] [p_lkrg] Stack trace:
[17753.484378]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484380]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484381]  opt_pre_handler+0x47/0x80
[17753.484382]  optimized_callback+0xbc/0xe0
[17753.484382]  0xffffffffc044f388
[17753.484383] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484383] [p_lkrg] Stack trace:
[17753.484386]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484387]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484389]  opt_pre_handler+0x47/0x80
[17753.484389]  optimized_callback+0xbc/0xe0
[17753.484390]  0xffffffffc044f30e
[17753.484390] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484391] [p_lkrg] Stack trace:
[17753.484394]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484395]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484396]  opt_pre_handler+0x47/0x80
[17753.484397]  optimized_callback+0xbc/0xe0
[17753.484397]  0xffffffffc044f388
[17753.484398] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484398] [p_lkrg] Stack trace:
[17753.484401]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484403]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484404]  opt_pre_handler+0x47/0x80
[17753.484405]  optimized_callback+0xbc/0xe0
[17753.484405]  0xffffffffc044f30e
[17753.484406] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484406] [p_lkrg] Stack trace:
[17753.484409]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484410]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484411]  opt_pre_handler+0x47/0x80
[17753.484412]  optimized_callback+0xbc/0xe0
[17753.484412]  0xffffffffc044f388
[17753.484413] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484413] [p_lkrg] Stack trace:
[17753.484416]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484418]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484419]  opt_pre_handler+0x47/0x80
[17753.484420]  optimized_callback+0xbc/0xe0
[17753.484420]  0xffffffffc044f30e
[17753.484421] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484421] [p_lkrg] Stack trace:
[17753.484424]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484425]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484426]  opt_pre_handler+0x47/0x80
[17753.484427]  optimized_callback+0xbc/0xe0
[17753.484428]  0xffffffffc044f388
[17753.484428] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484428] [p_lkrg] Stack trace:
[17753.484431]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484433]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484434]  opt_pre_handler+0x47/0x80
[17753.484435]  optimized_callback+0xbc/0xe0
[17753.484435]  0xffffffffc044f30e
[17753.484436] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484436] [p_lkrg] Stack trace:
[17753.484439]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484440]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484441]  opt_pre_handler+0x47/0x80
[17753.484442]  optimized_callback+0xbc/0xe0
[17753.484443]  0xffffffffc044f388
[17753.484443] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484443] [p_lkrg] Stack trace:
[17753.484446]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484448]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484449]  opt_pre_handler+0x47/0x80
[17753.484450]  optimized_callback+0xbc/0xe0
[17753.484450]  0xffffffffc044f30e
[17753.484451] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484451] [p_lkrg] Stack trace:
[17753.484454]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484455]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484456]  opt_pre_handler+0x47/0x80
[17753.484457]  optimized_callback+0xbc/0xe0
[17753.484458]  0xffffffffc044f388
[17753.484458] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484458] [p_lkrg] Stack trace:
[17753.484462]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484463]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484464]  opt_pre_handler+0x47/0x80
[17753.484465]  optimized_callback+0xbc/0xe0
[17753.484466]  0xffffffffc044f30e
[17753.484466] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484466] [p_lkrg] Stack trace:
[17753.484469]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484471]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484472]  opt_pre_handler+0x47/0x80
[17753.484473]  optimized_callback+0xbc/0xe0
[17753.484473]  0xffffffffc044f388
[17753.484474] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484474] [p_lkrg] Stack trace:
[17753.484477]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484478]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484479]  opt_pre_handler+0x47/0x80
[17753.484480]  optimized_callback+0xbc/0xe0
[17753.484481]  0xffffffffc044f30e
[17753.484481] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484481] [p_lkrg] Stack trace:
[17753.484484]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484486]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484487]  opt_pre_handler+0x47/0x80
[17753.484488]  optimized_callback+0xbc/0xe0
[17753.484488]  0xffffffffc044f388
[17753.484489] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484489] [p_lkrg] Stack trace:
[17753.484492]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484493]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484495]  opt_pre_handler+0x47/0x80
[17753.484495]  optimized_callback+0xbc/0xe0
[17753.484496]  0xffffffffc044f30e
[17753.484496] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484497] [p_lkrg] Stack trace:
[17753.484500]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484501]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484502]  opt_pre_handler+0x47/0x80
[17753.484503]  optimized_callback+0xbc/0xe0
[17753.484503]  0xffffffffc044f388
[17753.484504] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484504] [p_lkrg] Stack trace:
[17753.484507]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484508]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484510]  opt_pre_handler+0x47/0x80
[17753.484510]  optimized_callback+0xbc/0xe0
[17753.484511]  0xffffffffc044f30e
[17753.484511] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484512] [p_lkrg] Stack trace:
[17753.484515]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484516]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484517]  opt_pre_handler+0x47/0x80
[17753.484518]  optimized_callback+0xbc/0xe0
[17753.484518]  0xffffffffc044f388
[17753.484519] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484519] [p_lkrg] Stack trace:
[17753.484522]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484524]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484525]  opt_pre_handler+0x47/0x80
[17753.484526]  optimized_callback+0xbc/0xe0
[17753.484526]  0xffffffffc044f30e
[17753.484526] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484527] [p_lkrg] Stack trace:
[17753.484530]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484531]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484532]  opt_pre_handler+0x47/0x80
[17753.484533]  optimized_callback+0xbc/0xe0
[17753.484533]  0xffffffffc044f388
[17753.484534] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484534] [p_lkrg] Stack trace:
[17753.484537]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484538]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484540]  opt_pre_handler+0x47/0x80
[17753.484540]  optimized_callback+0xbc/0xe0
[17753.484541]  0xffffffffc044f30e
[17753.484541] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484542] [p_lkrg] Stack trace:
[17753.484545]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484546]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484547]  opt_pre_handler+0x47/0x80
[17753.484548]  optimized_callback+0xbc/0xe0
[17753.484548]  0xffffffffc044f388
[17753.484549] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484549] [p_lkrg] Stack trace:
[17753.484552]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484553]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484555]  opt_pre_handler+0x47/0x80
[17753.484555]  optimized_callback+0xbc/0xe0
[17753.484556]  0xffffffffc044f30e
[17753.484556] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484557] [p_lkrg] Stack trace:
[17753.484560]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484561]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484562]  opt_pre_handler+0x47/0x80
[17753.484563]  optimized_callback+0xbc/0xe0
[17753.484563]  0xffffffffc044f388
[17753.484564] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484564] [p_lkrg] Stack trace:
[17753.484567]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484568]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484570]  opt_pre_handler+0x47/0x80
[17753.484570]  optimized_callback+0xbc/0xe0
[17753.484571]  0xffffffffc044f30e
[17753.484571] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484572] [p_lkrg] Stack trace:
[17753.484575]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484576]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484577]  opt_pre_handler+0x47/0x80
[17753.484578]  optimized_callback+0xbc/0xe0
[17753.484578]  0xffffffffc044f388
[17753.484579] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484579] [p_lkrg] Stack trace:
[17753.484582]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484583]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484585]  opt_pre_handler+0x47/0x80
[17753.484585]  optimized_callback+0xbc/0xe0
[17753.484586]  0xffffffffc044f30e
[17753.484586] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484587] [p_lkrg] Stack trace:
[17753.484590]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484591]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484592]  opt_pre_handler+0x47/0x80
[17753.484593]  optimized_callback+0xbc/0xe0
[17753.484593]  0xffffffffc044f388
[17753.484594] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484594] [p_lkrg] Stack trace:
[17753.484597]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484598]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484599]  opt_pre_handler+0x47/0x80
[17753.484600]  optimized_callback+0xbc/0xe0
[17753.484601]  0xffffffffc044f30e
[17753.484601] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484601] [p_lkrg] Stack trace:
[17753.484604]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484606]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484607]  opt_pre_handler+0x47/0x80
[17753.484608]  optimized_callback+0xbc/0xe0
[17753.484608]  0xffffffffc044f388
[17753.484609] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484609] [p_lkrg] Stack trace:
[17753.484612]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484613]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484615]  opt_pre_handler+0x47/0x80
[17753.484615]  optimized_callback+0xbc/0xe0
[17753.484616]  0xffffffffc044f30e
[17753.484616] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484617] [p_lkrg] Stack trace:
[17753.484620]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484621]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484622]  opt_pre_handler+0x47/0x80
[17753.484623]  optimized_callback+0xbc/0xe0
[17753.484623]  0xffffffffc044f388
[17753.484624] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484624] [p_lkrg] Stack trace:
[17753.484627]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484629]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484630]  opt_pre_handler+0x47/0x80
[17753.484631]  optimized_callback+0xbc/0xe0
[17753.484631]  0xffffffffc044f30e
[17753.484632] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484632] [p_lkrg] Stack trace:
[17753.484635]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484636]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484637]  opt_pre_handler+0x47/0x80
[17753.484638]  optimized_callback+0xbc/0xe0
[17753.484639]  0xffffffffc044f388
[17753.484639] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484640] [p_lkrg] Stack trace:
[17753.484642]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484644]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484645]  opt_pre_handler+0x47/0x80
[17753.484646]  optimized_callback+0xbc/0xe0
[17753.484646]  0xffffffffc044f30e
[17753.484647] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484647] [p_lkrg] Stack trace:
[17753.484650]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484651]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484652]  opt_pre_handler+0x47/0x80
[17753.484663]  optimized_callback+0xbc/0xe0
[17753.484664]  0xffffffffc044f388
[17753.484664] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484665] [p_lkrg] Stack trace:
[17753.484668]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484669]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484670]  opt_pre_handler+0x47/0x80
[17753.484671]  optimized_callback+0xbc/0xe0
[17753.484672]  0xffffffffc044f30e
[17753.484672] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484673] [p_lkrg] Stack trace:
[17753.484676]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484677]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484678]  opt_pre_handler+0x47/0x80
[17753.484679]  optimized_callback+0xbc/0xe0
[17753.484680]  0xffffffffc044f388
[17753.484680] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484681] [p_lkrg] Stack trace:
[17753.484684]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484685]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484686]  opt_pre_handler+0x47/0x80
[17753.484687]  optimized_callback+0xbc/0xe0
[17753.484687]  0xffffffffc044f30e
[17753.484688] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484688] [p_lkrg] Stack trace:
[17753.484691]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484693]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484703]  opt_pre_handler+0x47/0x80
[17753.484704]  optimized_callback+0xbc/0xe0
[17753.484704]  0xffffffffc044f388
[17753.484705] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484705] [p_lkrg] Stack trace:
[17753.484708]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484710]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484711]  opt_pre_handler+0x47/0x80
[17753.484711]  optimized_callback+0xbc/0xe0
[17753.484712]  0xffffffffc044f30e
[17753.484712] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484713] [p_lkrg] Stack trace:
[17753.484716]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484717]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484718]  opt_pre_handler+0x47/0x80
[17753.484719]  optimized_callback+0xbc/0xe0
[17753.484720]  0xffffffffc044f388
[17753.484720] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484720] [p_lkrg] Stack trace:
[17753.484723]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484725]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484726]  opt_pre_handler+0x47/0x80
[17753.484727]  optimized_callback+0xbc/0xe0
[17753.484727]  0xffffffffc044f30e
[17753.484738] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484738] [p_lkrg] Stack trace:
[17753.484741]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484743]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484744]  opt_pre_handler+0x47/0x80
[17753.484745]  optimized_callback+0xbc/0xe0
[17753.484745]  0xffffffffc044f388
[17753.484746] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484746] [p_lkrg] Stack trace:
[17753.484749]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484750]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484752]  opt_pre_handler+0x47/0x80
[17753.484753]  optimized_callback+0xbc/0xe0
[17753.484753]  0xffffffffc044f30e
[17753.484754] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484754] [p_lkrg] Stack trace:
[17753.484757]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484758]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484760]  opt_pre_handler+0x47/0x80
[17753.484760]  optimized_callback+0xbc/0xe0
[17753.484761]  0xffffffffc044f388
[17753.484761] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484762] [p_lkrg] Stack trace:
[17753.484774]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484775]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484776]  opt_pre_handler+0x47/0x80
[17753.484777]  optimized_callback+0xbc/0xe0
[17753.484778]  0xffffffffc044f30e
[17753.484778] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484778] [p_lkrg] Stack trace:
[17753.484781]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484783]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484784]  opt_pre_handler+0x47/0x80
[17753.484785]  optimized_callback+0xbc/0xe0
[17753.484785]  0xffffffffc044f388
[17753.484786] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484786] [p_lkrg] Stack trace:
[17753.484789]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484790]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484791]  opt_pre_handler+0x47/0x80
[17753.484792]  optimized_callback+0xbc/0xe0
[17753.484793]  0xffffffffc044f30e
[17753.484793] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484794] [p_lkrg] Stack trace:
[17753.484797]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484798]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484799]  opt_pre_handler+0x47/0x80
[17753.484800]  optimized_callback+0xbc/0xe0
[17753.484800]  0xffffffffc044f388
[17753.484801] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484801] [p_lkrg] Stack trace:
[17753.484804]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484806]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484807]  opt_pre_handler+0x47/0x80
[17753.484808]  optimized_callback+0xbc/0xe0
[17753.484808]  0xffffffffc044f30e
[17753.484809] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484809] [p_lkrg] Stack trace:
[17753.484812]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484813]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484814]  opt_pre_handler+0x47/0x80
[17753.484815]  optimized_callback+0xbc/0xe0
[17753.484816]  0xffffffffc044f388
[17753.484816] [p_lkrg]  => caller[p_override_creds_entry] 
action[OVERRIDE OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484817] [p_lkrg] Stack trace:
[17753.484820]  p_override_creds_entry+0x91/0xd0 [p_lkrg]
[17753.484821]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484822]  opt_pre_handler+0x47/0x80
[17753.484823]  optimized_callback+0xbc/0xe0
[17753.484823]  0xffffffffc044f30e
[17753.484824] [p_lkrg]  => caller[p_revert_creds_ret] action[OVERRIDE 
ON] old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484824] [p_lkrg] Stack trace:
[17753.484827]  p_revert_creds_entry+0x87/0xc0 [p_lkrg]
[17753.484828]  pre_handler_kretprobe+0xaa/0x1b0
[17753.484830]  opt_pre_handler+0x47/0x80
[17753.484830]  optimized_callback+0xbc/0xe0
[17753.484831]  0xffffffffc044f388
[17753.484831] [p_lkrg]  => caller[p_cap_task_prctl_entry] action[OFF] 
old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484832] [p_lkrg]  => caller[p_cap_task_prctl_ret] action[ON] 
old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484832] [p_lkrg]  => caller[p_seccomp_entry] action[OFF] 
old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484833] [p_lkrg]  => caller[p_seccomp_ret] action[ON] 
old_off[0x747ab67c6069eb6] debug_val[0]
[17753.484833] [p_lkrg]  => caller[p_seccomp_entry] action[OFF] 
old_off[0x3a3d5b3e3034f5b] debug_val[1]
[17753.484834] [p_lkrg]  => caller[p_seccomp_ret] action[ON] 
old_off[0x3a3d5b3e3034f5b] debug_val[0]
[17753.484834] [p_lkrg] <Exploit Detection> Trying to kill 
process[QtWebEngineProc | 4072]!
[17753.487222] traps: akregator[3992] trap int3 ip:7c16547727d1 
sp:7ffe868eae20 error:0 in 
libQt5WebEngineCore.so.5.15.1[7c165160a000+630c000]

Pozdro


W dniu 03.12.2020 o 07:58, Adam Zabrocki pisze:
> Hi
>
> Sorry for late reply. However, I've been working on adding a new debugging
> logic to the LKRG code.
> I have a few questions:
>   - Do you have any ftrace* related tools which might run in the background?
> Especially, around the time when you see that problem? It could be any perf*
> tool as well since they are using tracing infrastructure under the hood
>   - New LKRG's debugging infrastructure can independently track state for each
> process. However, it requires a lot more memory. If you are willing to enable
> it, it will produce much more useful information which I can use. To be able
> to do it, please uncomment the following definition in the file:
>   
>    "src/modules/print_log/p_lkrg_log_level_shared.h"
>    /* Do we want to precisely track changes of 'off' flag per each process?
>     * If yes, uncomment it here */
>    #define P_LKRG_TASK_OFF_DEBUG
>
>   - If you have anough resource and sucessfully load such build of LKRG, you
> should see more debug information in the logs when such problem appears.
>
> The newest Linux kernel changed the behavior of KPROBES and FTRACE and I'm
> actively researching these changes. It is worth to note that if FTRACE is
> being disabled e.g. via /proc/sys/kernel/ftrace_enabled it can affect KPROBES
> as well. Some tools heavily using such interface.
>
> Thanks,
> Adam
>
> On Mon, Nov 16, 2020 at
> 09:25:10PM +0100, Jacek wrote:
>> Hi
>>
>> OS Gentoo:
>>
>> Linux version 5.9.8-g1 (root@...ek) (gcc (Gentoo Hardened 9.3.0-r1 p3)
>> 9.3.0, GNU ld (Gentoo 2.34 p6) 2.34.0) #2 SMP PREEMPT Thu Nov 12 07:29:29
>> CET 2020
>>
>> LKRG:
>>
>> filename:       /lib/modules/5.9.8-g1/extra/p_lkrg.ko
>> license:        GPL v2
>> description:    pi3's Linux kernel Runtime Guard
>> author:         Adam 'pi3' Zabrocki (http://pi3.com.pl)
>> srcversion:     40A527C8D5D5D19B610FE2F
>> depends:
>> retpoline:      Y
>> name:           p_lkrg
>> vermagic:       5.9.8-g1 SMP preempt mod_unload modversions RANDSTRUCT_PLUGIN_7c046b7d45f5b82e76f627aadaefa3bc69fdd9ae1cd91b61e72d98512ef164aa
>>
>> Git log:
>>
>> # root ~> git log |head -n 20
>> commit 4cfb2b3474b813b0f2c424bbbcd7c1c456fb8f6e
>> Author: disrupttheflow <68149206+disrupttheflow@...rs.noreply.github.com>
>> Date:   Mon Nov 16 12:28:23 2020 +0000
>>
>>      Add correct repository to clone from in README (#25)
>>
>> commit 645983fbf687c4bddb3c62c19a37d7db380bf927
>> Author: Mariusz Zaborski <oshogbo@...illium.org>
>> Date:   Fri Nov 6 19:29:40 2020 +0100
>>
>>      ptrace: replace ptrace kprobes with security_ptrace_access_check
>>
>> commit ca8237ed2251a6f4ae03fe8e549662465f26d347
>> Merge: 37d5520 5db3f98
>> Author: Adam 'pi3' Zabrocki <65244445+Adam-pi3@...rs.noreply.github.com>
>> Date:   Sat Nov 7 08:52:18 2020 -0800
>>
>>      Merge pull request #23 from oshogbo/kill
>>
>>      umh: Kill process using the proper SIGKILL signal.
>>
>>
>> Akreator (RSS client from KDE)
>>
>> # user ~> akregator
>> [506:1:0100/000000.026569:ERROR:broker_posix.cc(43)] Invalid node channel
>> message
>> Unicestwiony
>>
>> LKRG error (from dmesg):
>>
>> [  806.873553] [p_lkrg] <Exploit Detection> ON process[2170 |
>> Chrome_IOThread] has corrupted 'off' flag!
>> [  806.873555] [p_lkrg] <Exploit Detection> Trying to kill
>> process[ThreadPoolSingl | 2170]!
>>
>> Cheers
>>
>>
>>
>>
>>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.