|
Message-ID: <b1b737bd-c39c-7986-a4f6-d4e4a8365aa5@gmail.com> Date: Fri, 4 Dec 2020 02:26:01 +0100 From: Jacek <wampir990@...il.com> To: lkrg-users@...ts.openwall.com Subject: Re: p_lkrg] <Exploit Detection> Trying to kill process[ThreadPoolSingl | 2170]! LKRG Commit: # root ~> git log |head -n20 commit 47804120c371aa7673b47d9c34ecfe19026a3c52 Author: Adam_pi3 <pi3@....com.pl> Date: Thu Dec 3 15:07:40 2020 -0500 Fix a gentle bug when compiled with P_LKRG_TASK_OFF_DEBUG P_LKRG_TASK_OFF_DEBUG introduces extra lines of code which was not taken into account for seccomp() and namespace API. This commit fixes it. Additionally, we are adding extra information in case of corruption (dump_stack()). commit d051bc28026729f50b2a38051d55e47e60db4e04 Author: Adam_pi3 <pi3@....com.pl> Date: Tue Dec 1 16:47:19 2020 -0500 Fix debug task logic for seccomp Track child in case of SECCOMP_FILTER_FLAG_TSYNC flag commit 24f4156516b839da1c025639ac4a9bae7bdf3747 Author: Adam_pi3 <pi3@....com.pl> Date: Sun Nov 29 20:47:47 2020 -0500 After this commit Firefox works fine. :0 Akregator (KDE Akregator uses chromium based Qtwebengine library): LKRG in dmesg: [75020.719634] [p_lkrg] <Exploit Detection> ON process[2578 | Chrome_IOThread] has corrupted 'off' flag! [75020.719636] [p_lkrg] 'off' flag[0x7cbc69aae8aa39a] (normalization via 0x3e5e34d574551cd) [75020.719637] [p_lkrg] OFF debug: normalization[0x3e5e34d574551cd] cookie[0x3d5fe5bf6d05cd89] [75020.719638] [p_lkrg] Process[2578 | Chrome_IOThread] Parent[1 | init] has [7] entries: [75020.719639] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF] old_off[0x3e5e34d574551cd] debug_val[1] [75020.719639] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON] old_off[0x7cbc69aae8aa39a] debug_val[0] [75020.719640] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE OFF] old_off[0x3e5e34d574551cd] debug_val[1] [75020.719641] [p_lkrg] Stack trace: [75020.719649] p_override_creds_entry+0x91/0xd0 [p_lkrg] [75020.719653] pre_handler_kretprobe+0xaa/0x1b0 [75020.719654] opt_pre_handler+0x47/0x80 [75020.719656] optimized_callback+0xbc/0xe0 [75020.719657] 0xffffffffc040130e [75020.719657] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] old_off[0x7cbc69aae8aa39a] debug_val[0] [75020.719658] [p_lkrg] Stack trace: [75020.719661] p_revert_creds_entry+0x87/0xc0 [p_lkrg] [75020.719663] pre_handler_kretprobe+0xaa/0x1b0 [75020.719664] opt_pre_handler+0x47/0x80 [75020.719665] optimized_callback+0xbc/0xe0 [75020.719666] 0xffffffffc0401388 [75020.719666] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE OFF] old_off[0x3e5e34d574551cd] debug_val[1] [75020.719667] [p_lkrg] Stack trace: [75020.719670] p_override_creds_entry+0x91/0xd0 [p_lkrg] [75020.719671] pre_handler_kretprobe+0xaa/0x1b0 [75020.719673] opt_pre_handler+0x47/0x80 [75020.719674] optimized_callback+0xbc/0xe0 [75020.719674] 0xffffffffc040130e [75020.719675] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] old_off[0x7cbc69aae8aa39a] debug_val[0] [75020.719675] [p_lkrg] Stack trace: [75020.719678] p_revert_creds_entry+0x87/0xc0 [p_lkrg] [75020.719680] pre_handler_kretprobe+0xaa/0x1b0 [75020.719681] opt_pre_handler+0x47/0x80 [75020.719682] optimized_callback+0xbc/0xe0 [75020.719682] 0xffffffffc0401388 [75020.719683] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE OFF] old_off[0x3e5e34d574551cd] debug_val[1] [75020.719683] [p_lkrg] Stack trace: [75020.719686] p_override_creds_entry+0x91/0xd0 [p_lkrg] [75020.719688] pre_handler_kretprobe+0xaa/0x1b0 [75020.719689] opt_pre_handler+0x47/0x80 [75020.719690] optimized_callback+0xbc/0xe0 [75020.719690] 0xffffffffc040130e [75020.719692] CPU: 1 PID: 2578 Comm: ThreadPoolSingl Tainted: G C O T 5.9.12-g1 #1 [75020.719692] Hardware name: Gigabyte Technology Co., Ltd. Z97-D3H/Z97-D3H-CF, BIOS F9 09/18/2015 [75020.719693] Call Trace: [75020.719696] dump_stack+0x57/0x6a [75020.719701] p_ed_is_off_off.part.0+0x3e/0x53 [p_lkrg] [75020.719705] p_security_ptrace_access_entry+0x5b/0x90 [p_lkrg] [75020.719707] pre_handler_kretprobe+0xaa/0x1b0 [75020.719708] opt_pre_handler+0x47/0x80 [75020.719709] optimized_callback+0xbc/0xe0 [75020.719710] 0xffffffffc0401758 [75020.719714] ? security_ptrace_access_check+0x1/0x50 [75020.719716] ? ptrace_may_access+0x25/0x40 [75020.719719] ? proc_pid_permission+0x3f/0xb0 [75020.719721] ? inode_permission+0xc7/0x160 [75020.719723] ? link_path_walk+0x23b/0x3b0 [75020.719724] ? path_lookupat.isra.0+0x72/0x140 [75020.719726] ? filename_lookup+0xc1/0x1a0 [75020.719729] ? do_faccessat+0x89/0x2a0 [75020.719732] ? do_syscall_64+0x33/0x40 [75020.719734] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [75020.719735] [p_lkrg] <Exploit Detection> Trying to kill process[ThreadPoolSingl | 2578]! W dniu 03.12.2020 o 21:13, Adam Zabrocki pisze: > Thanks! > > I've introduced a very gentle bug for namespace and seccomp() API when compiled > wwith P_LKRG_TASK_OFF_DEBUG (it does not exist with normal compilation). That's > why you started to see more bugs - very sorry about that ;/ > > I've just pushed fixes for that specific issue. Would you be able to update > LKRG code-base and re-run it with P_LKRG_TASK_OFF_DEBUG again? If there is > going to be next FP, it should be real ;p > > Thanks, > Adam > > On Thu, Dec 03, 2020 at 08:43:59AM +0100, Jacek wrote: >> OK, LKRG >> >> P_LKRG_TASK_OFF_DEBUG >> >> log: >> >> >> [17733.791399] [p_lkrg] Loading LKRG... >> [17733.791408] [p_lkrg] System does NOT support SMAP. LKRG can't enforce >> SMAP validation :( >> [17733.816444] Freezing user space processes ... (elapsed 0.033 seconds) >> done. >> [17733.849497] OOM killer disabled. >> [17737.475672] [p_lkrg] [kretprobe] register_kretprobe() for >> <ttwu_do_wakeup> failed! [err=-22] >> [17737.475675] [p_lkrg] Trying to find ISRA / CONSTPROP name for >> <ttwu_do_wakeup> >> [17737.482067] [p_lkrg] Found ISRA version of function >> <ttwu_do_wakeup.isra.0> >> [17737.595461] [p_lkrg] ISRA / CONSTPROP version was found and hook was >> planted at <ttwu_do_wakeup.isra.0> >> [17738.042763] [p_lkrg] LKRG initialized successfully! >> [17738.042764] OOM killer enabled. >> [17738.042764] Restarting tasks ... done. >> [17753.483746] [p_lkrg] <Exploit Detection> ON process[4072 | >> QtWebEngineProc] has corrupted 'off' flag! >> [17753.483747] [p_lkrg] 'off' flag[0x0] (normalization via >> 0x3a3d5b3e3034f5b) >> [17753.483748] [p_lkrg] OFF debug: normalization[0x3a3d5b3e3034f5b] >> cookie[0x69470f9547639fd1] >> [17753.483749] [p_lkrg] Process[4072 | QtWebEngineProc] Parent[3992 | >> akregator] has [76] entries: >> [17753.483749] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF] >> old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483750] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483751] [p_lkrg] => caller[p_sys_execve_entry] action[OFF] >> old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483751] [p_lkrg] => caller[p_sys_execve_ret] action[RESET] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483752] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483752] [p_lkrg] Stack trace: >> [17753.483759] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483763] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483764] opt_pre_handler+0x47/0x80 >> [17753.483766] optimized_callback+0xbc/0xe0 >> [17753.483766] 0xffffffffc044f30e >> [17753.483767] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483767] [p_lkrg] Stack trace: >> [17753.483771] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.483772] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483773] opt_pre_handler+0x47/0x80 >> [17753.483774] optimized_callback+0xbc/0xe0 >> [17753.483774] 0xffffffffc044f388 >> [17753.483775] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF] >> old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483775] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483776] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483776] [p_lkrg] Stack trace: >> [17753.483779] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483781] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483782] opt_pre_handler+0x47/0x80 >> [17753.483782] optimized_callback+0xbc/0xe0 >> [17753.483783] 0xffffffffc044f30e >> [17753.483783] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483784] [p_lkrg] Stack trace: >> [17753.483787] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.483788] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483789] opt_pre_handler+0x47/0x80 >> [17753.483790] optimized_callback+0xbc/0xe0 >> [17753.483790] 0xffffffffc044f388 >> [17753.483791] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483791] [p_lkrg] Stack trace: >> [17753.483794] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483795] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483796] opt_pre_handler+0x47/0x80 >> [17753.483797] optimized_callback+0xbc/0xe0 >> [17753.483798] 0xffffffffc044f30e >> [17753.483798] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483798] [p_lkrg] Stack trace: >> [17753.483801] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.483803] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483804] opt_pre_handler+0x47/0x80 >> [17753.483804] optimized_callback+0xbc/0xe0 >> [17753.483805] 0xffffffffc044f388 >> [17753.483805] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483806] [p_lkrg] Stack trace: >> [17753.483809] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483810] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483811] opt_pre_handler+0x47/0x80 >> [17753.483812] optimized_callback+0xbc/0xe0 >> [17753.483812] 0xffffffffc044f30e >> [17753.483813] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483813] [p_lkrg] Stack trace: >> [17753.483816] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.483817] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483818] opt_pre_handler+0x47/0x80 >> [17753.483819] optimized_callback+0xbc/0xe0 >> [17753.483819] 0xffffffffc044f388 >> [17753.483820] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483820] [p_lkrg] Stack trace: >> [17753.483823] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483824] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483825] opt_pre_handler+0x47/0x80 >> [17753.483826] optimized_callback+0xbc/0xe0 >> [17753.483826] 0xffffffffc044f30e >> [17753.483827] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483827] [p_lkrg] Stack trace: >> [17753.483830] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.483831] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483832] opt_pre_handler+0x47/0x80 >> [17753.483833] optimized_callback+0xbc/0xe0 >> [17753.483834] 0xffffffffc044f388 >> [17753.483834] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483834] [p_lkrg] Stack trace: >> [17753.483837] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483838] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483840] opt_pre_handler+0x47/0x80 >> [17753.483840] optimized_callback+0xbc/0xe0 >> [17753.483841] 0xffffffffc044f30e >> [17753.483841] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483841] [p_lkrg] Stack trace: >> [17753.483844] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.483846] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483847] opt_pre_handler+0x47/0x80 >> [17753.483847] optimized_callback+0xbc/0xe0 >> [17753.483848] 0xffffffffc044f388 >> [17753.483848] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483849] [p_lkrg] Stack trace: >> [17753.483851] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483853] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483854] opt_pre_handler+0x47/0x80 >> [17753.483855] optimized_callback+0xbc/0xe0 >> [17753.483855] 0xffffffffc044f30e >> [17753.483855] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483856] [p_lkrg] Stack trace: >> [17753.483859] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.483860] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483861] opt_pre_handler+0x47/0x80 >> [17753.483862] optimized_callback+0xbc/0xe0 >> [17753.483862] 0xffffffffc044f388 >> [17753.483863] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483863] [p_lkrg] Stack trace: >> [17753.483866] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483867] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483868] opt_pre_handler+0x47/0x80 >> [17753.483869] optimized_callback+0xbc/0xe0 >> [17753.483869] 0xffffffffc044f30e >> [17753.483870] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483870] [p_lkrg] Stack trace: >> [17753.483873] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.483874] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483875] opt_pre_handler+0x47/0x80 >> [17753.483876] optimized_callback+0xbc/0xe0 >> [17753.483877] 0xffffffffc044f388 >> [17753.483877] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483877] [p_lkrg] Stack trace: >> [17753.483880] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483881] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483882] opt_pre_handler+0x47/0x80 >> [17753.483883] optimized_callback+0xbc/0xe0 >> [17753.483884] 0xffffffffc044f30e >> [17753.483884] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483884] [p_lkrg] Stack trace: >> [17753.483887] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.483888] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483890] opt_pre_handler+0x47/0x80 >> [17753.483890] optimized_callback+0xbc/0xe0 >> [17753.483891] 0xffffffffc044f388 >> [17753.483891] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483891] [p_lkrg] Stack trace: >> [17753.483894] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483896] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483897] opt_pre_handler+0x47/0x80 >> [17753.483897] optimized_callback+0xbc/0xe0 >> [17753.483898] 0xffffffffc044f30e >> [17753.483898] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483899] [p_lkrg] Stack trace: >> [17753.483902] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.483903] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483904] opt_pre_handler+0x47/0x80 >> [17753.483905] optimized_callback+0xbc/0xe0 >> [17753.483905] 0xffffffffc044f388 >> [17753.483906] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483906] [p_lkrg] Stack trace: >> [17753.483909] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483910] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483911] opt_pre_handler+0x47/0x80 >> [17753.483912] optimized_callback+0xbc/0xe0 >> [17753.483912] 0xffffffffc044f30e >> [17753.483913] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483913] [p_lkrg] Stack trace: >> [17753.483916] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.483917] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483918] opt_pre_handler+0x47/0x80 >> [17753.483919] optimized_callback+0xbc/0xe0 >> [17753.483919] 0xffffffffc044f388 >> [17753.483920] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483920] [p_lkrg] Stack trace: >> [17753.483923] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483924] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483925] opt_pre_handler+0x47/0x80 >> [17753.483926] optimized_callback+0xbc/0xe0 >> [17753.483927] 0xffffffffc044f30e >> [17753.483927] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483927] [p_lkrg] Stack trace: >> [17753.483930] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.483932] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483933] opt_pre_handler+0x47/0x80 >> [17753.483933] optimized_callback+0xbc/0xe0 >> [17753.483934] 0xffffffffc044f388 >> [17753.483934] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483935] [p_lkrg] Stack trace: >> [17753.483937] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483939] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483940] opt_pre_handler+0x47/0x80 >> [17753.483940] optimized_callback+0xbc/0xe0 >> [17753.483941] 0xffffffffc044f30e >> [17753.483941] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483942] [p_lkrg] Stack trace: >> [17753.483945] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.483946] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483947] opt_pre_handler+0x47/0x80 >> [17753.483948] optimized_callback+0xbc/0xe0 >> [17753.483948] 0xffffffffc044f388 >> [17753.483949] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483949] [p_lkrg] Stack trace: >> [17753.483952] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483953] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483954] opt_pre_handler+0x47/0x80 >> [17753.483955] optimized_callback+0xbc/0xe0 >> [17753.483955] 0xffffffffc044f30e >> [17753.483956] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483956] [p_lkrg] Stack trace: >> [17753.483959] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.483960] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483961] opt_pre_handler+0x47/0x80 >> [17753.483962] optimized_callback+0xbc/0xe0 >> [17753.483962] 0xffffffffc044f388 >> [17753.483963] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483963] [p_lkrg] Stack trace: >> [17753.483966] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483967] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483968] opt_pre_handler+0x47/0x80 >> [17753.483979] optimized_callback+0xbc/0xe0 >> [17753.483980] 0xffffffffc044f30e >> [17753.483980] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483980] [p_lkrg] Stack trace: >> [17753.483983] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.483985] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483986] opt_pre_handler+0x47/0x80 >> [17753.483987] optimized_callback+0xbc/0xe0 >> [17753.483987] 0xffffffffc044f388 >> [17753.483988] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.483988] [p_lkrg] Stack trace: >> [17753.483991] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.483992] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.483994] opt_pre_handler+0x47/0x80 >> [17753.483994] optimized_callback+0xbc/0xe0 >> [17753.483995] 0xffffffffc044f30e >> [17753.483995] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.483996] [p_lkrg] Stack trace: >> [17753.483999] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484000] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484001] opt_pre_handler+0x47/0x80 >> [17753.484002] optimized_callback+0xbc/0xe0 >> [17753.484011] 0xffffffffc044f388 >> [17753.484012] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484012] [p_lkrg] Stack trace: >> [17753.484015] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484016] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484017] opt_pre_handler+0x47/0x80 >> [17753.484018] optimized_callback+0xbc/0xe0 >> [17753.484019] 0xffffffffc044f30e >> [17753.484019] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484019] [p_lkrg] Stack trace: >> [17753.484022] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484023] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484025] opt_pre_handler+0x47/0x80 >> [17753.484025] optimized_callback+0xbc/0xe0 >> [17753.484026] 0xffffffffc044f388 >> [17753.484026] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484027] [p_lkrg] Stack trace: >> [17753.484029] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484031] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484032] opt_pre_handler+0x47/0x80 >> [17753.484033] optimized_callback+0xbc/0xe0 >> [17753.484033] 0xffffffffc044f30e >> [17753.484033] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484034] [p_lkrg] Stack trace: >> [17753.484036] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484038] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484039] opt_pre_handler+0x47/0x80 >> [17753.484040] optimized_callback+0xbc/0xe0 >> [17753.484040] 0xffffffffc044f388 >> [17753.484040] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484041] [p_lkrg] Stack trace: >> [17753.484044] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484045] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484046] opt_pre_handler+0x47/0x80 >> [17753.484047] optimized_callback+0xbc/0xe0 >> [17753.484047] 0xffffffffc044f30e >> [17753.484048] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484048] [p_lkrg] Stack trace: >> [17753.484051] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484052] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484053] opt_pre_handler+0x47/0x80 >> [17753.484054] optimized_callback+0xbc/0xe0 >> [17753.484054] 0xffffffffc044f388 >> [17753.484055] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484055] [p_lkrg] Stack trace: >> [17753.484058] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484059] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484060] opt_pre_handler+0x47/0x80 >> [17753.484061] optimized_callback+0xbc/0xe0 >> [17753.484061] 0xffffffffc044f30e >> [17753.484062] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484062] [p_lkrg] Stack trace: >> [17753.484065] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484066] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484067] opt_pre_handler+0x47/0x80 >> [17753.484068] optimized_callback+0xbc/0xe0 >> [17753.484068] 0xffffffffc044f388 >> [17753.484069] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484069] [p_lkrg] Stack trace: >> [17753.484072] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484073] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484074] opt_pre_handler+0x47/0x80 >> [17753.484075] optimized_callback+0xbc/0xe0 >> [17753.484076] 0xffffffffc044f30e >> [17753.484076] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484076] [p_lkrg] Stack trace: >> [17753.484079] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484080] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484081] opt_pre_handler+0x47/0x80 >> [17753.484082] optimized_callback+0xbc/0xe0 >> [17753.484083] 0xffffffffc044f388 >> [17753.484083] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484083] [p_lkrg] Stack trace: >> [17753.484086] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484087] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484088] opt_pre_handler+0x47/0x80 >> [17753.484089] optimized_callback+0xbc/0xe0 >> [17753.484090] 0xffffffffc044f30e >> [17753.484090] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484090] [p_lkrg] Stack trace: >> [17753.484093] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484094] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484095] opt_pre_handler+0x47/0x80 >> [17753.484096] optimized_callback+0xbc/0xe0 >> [17753.484097] 0xffffffffc044f388 >> [17753.484097] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484097] [p_lkrg] Stack trace: >> [17753.484100] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484101] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484103] opt_pre_handler+0x47/0x80 >> [17753.484103] optimized_callback+0xbc/0xe0 >> [17753.484104] 0xffffffffc044f30e >> [17753.484104] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484105] [p_lkrg] Stack trace: >> [17753.484107] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484109] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484110] opt_pre_handler+0x47/0x80 >> [17753.484110] optimized_callback+0xbc/0xe0 >> [17753.484111] 0xffffffffc044f388 >> [17753.484111] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484112] [p_lkrg] Stack trace: >> [17753.484114] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484116] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484117] opt_pre_handler+0x47/0x80 >> [17753.484117] optimized_callback+0xbc/0xe0 >> [17753.484118] 0xffffffffc044f30e >> [17753.484118] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484119] [p_lkrg] Stack trace: >> [17753.484121] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484123] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484124] opt_pre_handler+0x47/0x80 >> [17753.484125] optimized_callback+0xbc/0xe0 >> [17753.484125] 0xffffffffc044f388 >> [17753.484126] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484126] [p_lkrg] Stack trace: >> [17753.484129] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484130] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484131] opt_pre_handler+0x47/0x80 >> [17753.484132] optimized_callback+0xbc/0xe0 >> [17753.484132] 0xffffffffc044f30e >> [17753.484133] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484133] [p_lkrg] Stack trace: >> [17753.484136] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484137] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484138] opt_pre_handler+0x47/0x80 >> [17753.484139] optimized_callback+0xbc/0xe0 >> [17753.484139] 0xffffffffc044f388 >> [17753.484140] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484140] [p_lkrg] Stack trace: >> [17753.484143] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484144] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484145] opt_pre_handler+0x47/0x80 >> [17753.484146] optimized_callback+0xbc/0xe0 >> [17753.484147] 0xffffffffc044f30e >> [17753.484147] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484147] [p_lkrg] Stack trace: >> [17753.484150] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484151] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484152] opt_pre_handler+0x47/0x80 >> [17753.484153] optimized_callback+0xbc/0xe0 >> [17753.484154] 0xffffffffc044f388 >> [17753.484154] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484154] [p_lkrg] Stack trace: >> [17753.484157] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484158] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484159] opt_pre_handler+0x47/0x80 >> [17753.484160] optimized_callback+0xbc/0xe0 >> [17753.484161] 0xffffffffc044f30e >> [17753.484161] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484161] [p_lkrg] Stack trace: >> [17753.484164] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484165] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484166] opt_pre_handler+0x47/0x80 >> [17753.484167] optimized_callback+0xbc/0xe0 >> [17753.484168] 0xffffffffc044f388 >> [17753.484168] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484168] [p_lkrg] Stack trace: >> [17753.484171] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484172] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484173] opt_pre_handler+0x47/0x80 >> [17753.484174] optimized_callback+0xbc/0xe0 >> [17753.484175] 0xffffffffc044f30e >> [17753.484175] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484175] [p_lkrg] Stack trace: >> [17753.484178] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484179] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484180] opt_pre_handler+0x47/0x80 >> [17753.484181] optimized_callback+0xbc/0xe0 >> [17753.484181] 0xffffffffc044f388 >> [17753.484182] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484182] [p_lkrg] Stack trace: >> [17753.484185] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484186] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484188] opt_pre_handler+0x47/0x80 >> [17753.484188] optimized_callback+0xbc/0xe0 >> [17753.484189] 0xffffffffc044f30e >> [17753.484189] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484189] [p_lkrg] Stack trace: >> [17753.484192] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484193] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484195] opt_pre_handler+0x47/0x80 >> [17753.484195] optimized_callback+0xbc/0xe0 >> [17753.484196] 0xffffffffc044f388 >> [17753.484196] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484197] [p_lkrg] Stack trace: >> [17753.484199] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484201] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484202] opt_pre_handler+0x47/0x80 >> [17753.484203] optimized_callback+0xbc/0xe0 >> [17753.484203] 0xffffffffc044f30e >> [17753.484203] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484204] [p_lkrg] Stack trace: >> [17753.484207] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484208] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484209] opt_pre_handler+0x47/0x80 >> [17753.484210] optimized_callback+0xbc/0xe0 >> [17753.484210] 0xffffffffc044f388 >> [17753.484211] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484211] [p_lkrg] Stack trace: >> [17753.484214] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484215] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484216] opt_pre_handler+0x47/0x80 >> [17753.484217] optimized_callback+0xbc/0xe0 >> [17753.484217] 0xffffffffc044f30e >> [17753.484218] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484218] [p_lkrg] Stack trace: >> [17753.484221] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484222] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484223] opt_pre_handler+0x47/0x80 >> [17753.484224] optimized_callback+0xbc/0xe0 >> [17753.484224] 0xffffffffc044f388 >> [17753.484225] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484225] [p_lkrg] Stack trace: >> [17753.484228] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484229] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484230] opt_pre_handler+0x47/0x80 >> [17753.484231] optimized_callback+0xbc/0xe0 >> [17753.484231] 0xffffffffc044f30e >> [17753.484232] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484232] [p_lkrg] Stack trace: >> [17753.484235] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484236] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484237] opt_pre_handler+0x47/0x80 >> [17753.484238] optimized_callback+0xbc/0xe0 >> [17753.484239] 0xffffffffc044f388 >> [17753.484239] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF] >> old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484240] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484240] [p_lkrg] => caller[p_seccomp_entry] action[OFF] >> old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484241] [p_lkrg] => caller[p_seccomp_ret] action[ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484241] [p_lkrg] => caller[p_seccomp_entry] action[OFF] >> old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484242] [p_lkrg] => caller[p_seccomp_ret] action[ON] >> old_off[0x3a3d5b3e3034f5b] debug_val[0] >> [17753.484243] [p_lkrg] <Exploit Detection> Trying to kill >> process[QtWebEngineProc | 4072]! >> [17753.484300] [p_lkrg] <Exploit Detection> ON process[4072 | >> QtWebEngineProc] has corrupted 'off' flag! >> [17753.484301] [p_lkrg] 'off' flag[0x0] (normalization via >> 0x3a3d5b3e3034f5b) >> [17753.484301] [p_lkrg] OFF debug: normalization[0x3a3d5b3e3034f5b] >> cookie[0x69470f9547639fd1] >> [17753.484302] [p_lkrg] Process[4072 | QtWebEngineProc] Parent[3992 | >> akregator] has [76] entries: >> [17753.484303] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF] >> old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484303] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484304] [p_lkrg] => caller[p_sys_execve_entry] action[OFF] >> old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484304] [p_lkrg] => caller[p_sys_execve_ret] action[RESET] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484305] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484305] [p_lkrg] Stack trace: >> [17753.484309] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484310] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484311] opt_pre_handler+0x47/0x80 >> [17753.484312] optimized_callback+0xbc/0xe0 >> [17753.484313] 0xffffffffc044f30e >> [17753.484313] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484313] [p_lkrg] Stack trace: >> [17753.484316] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484318] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484319] opt_pre_handler+0x47/0x80 >> [17753.484320] optimized_callback+0xbc/0xe0 >> [17753.484321] 0xffffffffc044f388 >> [17753.484321] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF] >> old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484322] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484322] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484322] [p_lkrg] Stack trace: >> [17753.484325] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484327] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484328] opt_pre_handler+0x47/0x80 >> [17753.484329] optimized_callback+0xbc/0xe0 >> [17753.484329] 0xffffffffc044f30e >> [17753.484330] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484330] [p_lkrg] Stack trace: >> [17753.484333] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484334] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484336] opt_pre_handler+0x47/0x80 >> [17753.484336] optimized_callback+0xbc/0xe0 >> [17753.484337] 0xffffffffc044f388 >> [17753.484337] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484338] [p_lkrg] Stack trace: >> [17753.484341] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484342] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484343] opt_pre_handler+0x47/0x80 >> [17753.484344] optimized_callback+0xbc/0xe0 >> [17753.484344] 0xffffffffc044f30e >> [17753.484345] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484345] [p_lkrg] Stack trace: >> [17753.484348] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484350] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484351] opt_pre_handler+0x47/0x80 >> [17753.484352] optimized_callback+0xbc/0xe0 >> [17753.484352] 0xffffffffc044f388 >> [17753.484353] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484353] [p_lkrg] Stack trace: >> [17753.484356] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484357] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484358] opt_pre_handler+0x47/0x80 >> [17753.484359] optimized_callback+0xbc/0xe0 >> [17753.484360] 0xffffffffc044f30e >> [17753.484360] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484360] [p_lkrg] Stack trace: >> [17753.484363] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484365] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484366] opt_pre_handler+0x47/0x80 >> [17753.484367] optimized_callback+0xbc/0xe0 >> [17753.484367] 0xffffffffc044f388 >> [17753.484368] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484368] [p_lkrg] Stack trace: >> [17753.484371] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484372] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484373] opt_pre_handler+0x47/0x80 >> [17753.484374] optimized_callback+0xbc/0xe0 >> [17753.484375] 0xffffffffc044f30e >> [17753.484375] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484375] [p_lkrg] Stack trace: >> [17753.484378] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484380] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484381] opt_pre_handler+0x47/0x80 >> [17753.484382] optimized_callback+0xbc/0xe0 >> [17753.484382] 0xffffffffc044f388 >> [17753.484383] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484383] [p_lkrg] Stack trace: >> [17753.484386] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484387] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484389] opt_pre_handler+0x47/0x80 >> [17753.484389] optimized_callback+0xbc/0xe0 >> [17753.484390] 0xffffffffc044f30e >> [17753.484390] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484391] [p_lkrg] Stack trace: >> [17753.484394] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484395] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484396] opt_pre_handler+0x47/0x80 >> [17753.484397] optimized_callback+0xbc/0xe0 >> [17753.484397] 0xffffffffc044f388 >> [17753.484398] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484398] [p_lkrg] Stack trace: >> [17753.484401] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484403] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484404] opt_pre_handler+0x47/0x80 >> [17753.484405] optimized_callback+0xbc/0xe0 >> [17753.484405] 0xffffffffc044f30e >> [17753.484406] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484406] [p_lkrg] Stack trace: >> [17753.484409] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484410] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484411] opt_pre_handler+0x47/0x80 >> [17753.484412] optimized_callback+0xbc/0xe0 >> [17753.484412] 0xffffffffc044f388 >> [17753.484413] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484413] [p_lkrg] Stack trace: >> [17753.484416] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484418] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484419] opt_pre_handler+0x47/0x80 >> [17753.484420] optimized_callback+0xbc/0xe0 >> [17753.484420] 0xffffffffc044f30e >> [17753.484421] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484421] [p_lkrg] Stack trace: >> [17753.484424] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484425] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484426] opt_pre_handler+0x47/0x80 >> [17753.484427] optimized_callback+0xbc/0xe0 >> [17753.484428] 0xffffffffc044f388 >> [17753.484428] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484428] [p_lkrg] Stack trace: >> [17753.484431] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484433] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484434] opt_pre_handler+0x47/0x80 >> [17753.484435] optimized_callback+0xbc/0xe0 >> [17753.484435] 0xffffffffc044f30e >> [17753.484436] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484436] [p_lkrg] Stack trace: >> [17753.484439] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484440] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484441] opt_pre_handler+0x47/0x80 >> [17753.484442] optimized_callback+0xbc/0xe0 >> [17753.484443] 0xffffffffc044f388 >> [17753.484443] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484443] [p_lkrg] Stack trace: >> [17753.484446] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484448] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484449] opt_pre_handler+0x47/0x80 >> [17753.484450] optimized_callback+0xbc/0xe0 >> [17753.484450] 0xffffffffc044f30e >> [17753.484451] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484451] [p_lkrg] Stack trace: >> [17753.484454] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484455] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484456] opt_pre_handler+0x47/0x80 >> [17753.484457] optimized_callback+0xbc/0xe0 >> [17753.484458] 0xffffffffc044f388 >> [17753.484458] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484458] [p_lkrg] Stack trace: >> [17753.484462] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484463] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484464] opt_pre_handler+0x47/0x80 >> [17753.484465] optimized_callback+0xbc/0xe0 >> [17753.484466] 0xffffffffc044f30e >> [17753.484466] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484466] [p_lkrg] Stack trace: >> [17753.484469] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484471] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484472] opt_pre_handler+0x47/0x80 >> [17753.484473] optimized_callback+0xbc/0xe0 >> [17753.484473] 0xffffffffc044f388 >> [17753.484474] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484474] [p_lkrg] Stack trace: >> [17753.484477] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484478] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484479] opt_pre_handler+0x47/0x80 >> [17753.484480] optimized_callback+0xbc/0xe0 >> [17753.484481] 0xffffffffc044f30e >> [17753.484481] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484481] [p_lkrg] Stack trace: >> [17753.484484] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484486] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484487] opt_pre_handler+0x47/0x80 >> [17753.484488] optimized_callback+0xbc/0xe0 >> [17753.484488] 0xffffffffc044f388 >> [17753.484489] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484489] [p_lkrg] Stack trace: >> [17753.484492] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484493] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484495] opt_pre_handler+0x47/0x80 >> [17753.484495] optimized_callback+0xbc/0xe0 >> [17753.484496] 0xffffffffc044f30e >> [17753.484496] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484497] [p_lkrg] Stack trace: >> [17753.484500] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484501] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484502] opt_pre_handler+0x47/0x80 >> [17753.484503] optimized_callback+0xbc/0xe0 >> [17753.484503] 0xffffffffc044f388 >> [17753.484504] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484504] [p_lkrg] Stack trace: >> [17753.484507] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484508] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484510] opt_pre_handler+0x47/0x80 >> [17753.484510] optimized_callback+0xbc/0xe0 >> [17753.484511] 0xffffffffc044f30e >> [17753.484511] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484512] [p_lkrg] Stack trace: >> [17753.484515] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484516] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484517] opt_pre_handler+0x47/0x80 >> [17753.484518] optimized_callback+0xbc/0xe0 >> [17753.484518] 0xffffffffc044f388 >> [17753.484519] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484519] [p_lkrg] Stack trace: >> [17753.484522] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484524] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484525] opt_pre_handler+0x47/0x80 >> [17753.484526] optimized_callback+0xbc/0xe0 >> [17753.484526] 0xffffffffc044f30e >> [17753.484526] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484527] [p_lkrg] Stack trace: >> [17753.484530] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484531] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484532] opt_pre_handler+0x47/0x80 >> [17753.484533] optimized_callback+0xbc/0xe0 >> [17753.484533] 0xffffffffc044f388 >> [17753.484534] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484534] [p_lkrg] Stack trace: >> [17753.484537] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484538] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484540] opt_pre_handler+0x47/0x80 >> [17753.484540] optimized_callback+0xbc/0xe0 >> [17753.484541] 0xffffffffc044f30e >> [17753.484541] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484542] [p_lkrg] Stack trace: >> [17753.484545] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484546] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484547] opt_pre_handler+0x47/0x80 >> [17753.484548] optimized_callback+0xbc/0xe0 >> [17753.484548] 0xffffffffc044f388 >> [17753.484549] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484549] [p_lkrg] Stack trace: >> [17753.484552] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484553] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484555] opt_pre_handler+0x47/0x80 >> [17753.484555] optimized_callback+0xbc/0xe0 >> [17753.484556] 0xffffffffc044f30e >> [17753.484556] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484557] [p_lkrg] Stack trace: >> [17753.484560] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484561] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484562] opt_pre_handler+0x47/0x80 >> [17753.484563] optimized_callback+0xbc/0xe0 >> [17753.484563] 0xffffffffc044f388 >> [17753.484564] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484564] [p_lkrg] Stack trace: >> [17753.484567] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484568] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484570] opt_pre_handler+0x47/0x80 >> [17753.484570] optimized_callback+0xbc/0xe0 >> [17753.484571] 0xffffffffc044f30e >> [17753.484571] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484572] [p_lkrg] Stack trace: >> [17753.484575] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484576] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484577] opt_pre_handler+0x47/0x80 >> [17753.484578] optimized_callback+0xbc/0xe0 >> [17753.484578] 0xffffffffc044f388 >> [17753.484579] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484579] [p_lkrg] Stack trace: >> [17753.484582] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484583] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484585] opt_pre_handler+0x47/0x80 >> [17753.484585] optimized_callback+0xbc/0xe0 >> [17753.484586] 0xffffffffc044f30e >> [17753.484586] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484587] [p_lkrg] Stack trace: >> [17753.484590] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484591] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484592] opt_pre_handler+0x47/0x80 >> [17753.484593] optimized_callback+0xbc/0xe0 >> [17753.484593] 0xffffffffc044f388 >> [17753.484594] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484594] [p_lkrg] Stack trace: >> [17753.484597] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484598] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484599] opt_pre_handler+0x47/0x80 >> [17753.484600] optimized_callback+0xbc/0xe0 >> [17753.484601] 0xffffffffc044f30e >> [17753.484601] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484601] [p_lkrg] Stack trace: >> [17753.484604] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484606] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484607] opt_pre_handler+0x47/0x80 >> [17753.484608] optimized_callback+0xbc/0xe0 >> [17753.484608] 0xffffffffc044f388 >> [17753.484609] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484609] [p_lkrg] Stack trace: >> [17753.484612] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484613] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484615] opt_pre_handler+0x47/0x80 >> [17753.484615] optimized_callback+0xbc/0xe0 >> [17753.484616] 0xffffffffc044f30e >> [17753.484616] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484617] [p_lkrg] Stack trace: >> [17753.484620] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484621] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484622] opt_pre_handler+0x47/0x80 >> [17753.484623] optimized_callback+0xbc/0xe0 >> [17753.484623] 0xffffffffc044f388 >> [17753.484624] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484624] [p_lkrg] Stack trace: >> [17753.484627] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484629] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484630] opt_pre_handler+0x47/0x80 >> [17753.484631] optimized_callback+0xbc/0xe0 >> [17753.484631] 0xffffffffc044f30e >> [17753.484632] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484632] [p_lkrg] Stack trace: >> [17753.484635] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484636] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484637] opt_pre_handler+0x47/0x80 >> [17753.484638] optimized_callback+0xbc/0xe0 >> [17753.484639] 0xffffffffc044f388 >> [17753.484639] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484640] [p_lkrg] Stack trace: >> [17753.484642] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484644] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484645] opt_pre_handler+0x47/0x80 >> [17753.484646] optimized_callback+0xbc/0xe0 >> [17753.484646] 0xffffffffc044f30e >> [17753.484647] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484647] [p_lkrg] Stack trace: >> [17753.484650] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484651] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484652] opt_pre_handler+0x47/0x80 >> [17753.484663] optimized_callback+0xbc/0xe0 >> [17753.484664] 0xffffffffc044f388 >> [17753.484664] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484665] [p_lkrg] Stack trace: >> [17753.484668] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484669] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484670] opt_pre_handler+0x47/0x80 >> [17753.484671] optimized_callback+0xbc/0xe0 >> [17753.484672] 0xffffffffc044f30e >> [17753.484672] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484673] [p_lkrg] Stack trace: >> [17753.484676] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484677] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484678] opt_pre_handler+0x47/0x80 >> [17753.484679] optimized_callback+0xbc/0xe0 >> [17753.484680] 0xffffffffc044f388 >> [17753.484680] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484681] [p_lkrg] Stack trace: >> [17753.484684] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484685] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484686] opt_pre_handler+0x47/0x80 >> [17753.484687] optimized_callback+0xbc/0xe0 >> [17753.484687] 0xffffffffc044f30e >> [17753.484688] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484688] [p_lkrg] Stack trace: >> [17753.484691] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484693] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484703] opt_pre_handler+0x47/0x80 >> [17753.484704] optimized_callback+0xbc/0xe0 >> [17753.484704] 0xffffffffc044f388 >> [17753.484705] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484705] [p_lkrg] Stack trace: >> [17753.484708] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484710] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484711] opt_pre_handler+0x47/0x80 >> [17753.484711] optimized_callback+0xbc/0xe0 >> [17753.484712] 0xffffffffc044f30e >> [17753.484712] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484713] [p_lkrg] Stack trace: >> [17753.484716] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484717] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484718] opt_pre_handler+0x47/0x80 >> [17753.484719] optimized_callback+0xbc/0xe0 >> [17753.484720] 0xffffffffc044f388 >> [17753.484720] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484720] [p_lkrg] Stack trace: >> [17753.484723] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484725] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484726] opt_pre_handler+0x47/0x80 >> [17753.484727] optimized_callback+0xbc/0xe0 >> [17753.484727] 0xffffffffc044f30e >> [17753.484738] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484738] [p_lkrg] Stack trace: >> [17753.484741] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484743] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484744] opt_pre_handler+0x47/0x80 >> [17753.484745] optimized_callback+0xbc/0xe0 >> [17753.484745] 0xffffffffc044f388 >> [17753.484746] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484746] [p_lkrg] Stack trace: >> [17753.484749] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484750] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484752] opt_pre_handler+0x47/0x80 >> [17753.484753] optimized_callback+0xbc/0xe0 >> [17753.484753] 0xffffffffc044f30e >> [17753.484754] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484754] [p_lkrg] Stack trace: >> [17753.484757] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484758] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484760] opt_pre_handler+0x47/0x80 >> [17753.484760] optimized_callback+0xbc/0xe0 >> [17753.484761] 0xffffffffc044f388 >> [17753.484761] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484762] [p_lkrg] Stack trace: >> [17753.484774] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484775] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484776] opt_pre_handler+0x47/0x80 >> [17753.484777] optimized_callback+0xbc/0xe0 >> [17753.484778] 0xffffffffc044f30e >> [17753.484778] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484778] [p_lkrg] Stack trace: >> [17753.484781] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484783] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484784] opt_pre_handler+0x47/0x80 >> [17753.484785] optimized_callback+0xbc/0xe0 >> [17753.484785] 0xffffffffc044f388 >> [17753.484786] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484786] [p_lkrg] Stack trace: >> [17753.484789] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484790] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484791] opt_pre_handler+0x47/0x80 >> [17753.484792] optimized_callback+0xbc/0xe0 >> [17753.484793] 0xffffffffc044f30e >> [17753.484793] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484794] [p_lkrg] Stack trace: >> [17753.484797] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484798] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484799] opt_pre_handler+0x47/0x80 >> [17753.484800] optimized_callback+0xbc/0xe0 >> [17753.484800] 0xffffffffc044f388 >> [17753.484801] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484801] [p_lkrg] Stack trace: >> [17753.484804] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484806] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484807] opt_pre_handler+0x47/0x80 >> [17753.484808] optimized_callback+0xbc/0xe0 >> [17753.484808] 0xffffffffc044f30e >> [17753.484809] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484809] [p_lkrg] Stack trace: >> [17753.484812] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484813] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484814] opt_pre_handler+0x47/0x80 >> [17753.484815] optimized_callback+0xbc/0xe0 >> [17753.484816] 0xffffffffc044f388 >> [17753.484816] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE >> OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484817] [p_lkrg] Stack trace: >> [17753.484820] p_override_creds_entry+0x91/0xd0 [p_lkrg] >> [17753.484821] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484822] opt_pre_handler+0x47/0x80 >> [17753.484823] optimized_callback+0xbc/0xe0 >> [17753.484823] 0xffffffffc044f30e >> [17753.484824] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484824] [p_lkrg] Stack trace: >> [17753.484827] p_revert_creds_entry+0x87/0xc0 [p_lkrg] >> [17753.484828] pre_handler_kretprobe+0xaa/0x1b0 >> [17753.484830] opt_pre_handler+0x47/0x80 >> [17753.484830] optimized_callback+0xbc/0xe0 >> [17753.484831] 0xffffffffc044f388 >> [17753.484831] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF] >> old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484832] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484832] [p_lkrg] => caller[p_seccomp_entry] action[OFF] >> old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484833] [p_lkrg] => caller[p_seccomp_ret] action[ON] >> old_off[0x747ab67c6069eb6] debug_val[0] >> [17753.484833] [p_lkrg] => caller[p_seccomp_entry] action[OFF] >> old_off[0x3a3d5b3e3034f5b] debug_val[1] >> [17753.484834] [p_lkrg] => caller[p_seccomp_ret] action[ON] >> old_off[0x3a3d5b3e3034f5b] debug_val[0] >> [17753.484834] [p_lkrg] <Exploit Detection> Trying to kill >> process[QtWebEngineProc | 4072]! >> [17753.487222] traps: akregator[3992] trap int3 ip:7c16547727d1 >> sp:7ffe868eae20 error:0 in >> libQt5WebEngineCore.so.5.15.1[7c165160a000+630c000] >> >> Pozdro >> >> >> W dniu 03.12.2020 o 07:58, Adam Zabrocki pisze: >>> Hi >>> >>> Sorry for late reply. However, I've been working on adding a new debugging >>> logic to the LKRG code. >>> I have a few questions: >>> - Do you have any ftrace* related tools which might run in the background? >>> Especially, around the time when you see that problem? It could be any perf* >>> tool as well since they are using tracing infrastructure under the hood >>> - New LKRG's debugging infrastructure can independently track state for each >>> process. However, it requires a lot more memory. If you are willing to enable >>> it, it will produce much more useful information which I can use. To be able >>> to do it, please uncomment the following definition in the file: >>> "src/modules/print_log/p_lkrg_log_level_shared.h" >>> /* Do we want to precisely track changes of 'off' flag per each process? >>> * If yes, uncomment it here */ >>> #define P_LKRG_TASK_OFF_DEBUG >>> >>> - If you have anough resource and sucessfully load such build of LKRG, you >>> should see more debug information in the logs when such problem appears. >>> >>> The newest Linux kernel changed the behavior of KPROBES and FTRACE and I'm >>> actively researching these changes. It is worth to note that if FTRACE is >>> being disabled e.g. via /proc/sys/kernel/ftrace_enabled it can affect KPROBES >>> as well. Some tools heavily using such interface. >>> >>> Thanks, >>> Adam >>> >>> On Mon, Nov 16, 2020 at >>> 09:25:10PM +0100, Jacek wrote: >>>> Hi >>>> >>>> OS Gentoo: >>>> >>>> Linux version 5.9.8-g1 (root@...ek) (gcc (Gentoo Hardened 9.3.0-r1 p3) >>>> 9.3.0, GNU ld (Gentoo 2.34 p6) 2.34.0) #2 SMP PREEMPT Thu Nov 12 07:29:29 >>>> CET 2020 >>>> >>>> LKRG: >>>> >>>> filename: /lib/modules/5.9.8-g1/extra/p_lkrg.ko >>>> license: GPL v2 >>>> description: pi3's Linux kernel Runtime Guard >>>> author: Adam 'pi3' Zabrocki (http://pi3.com.pl) >>>> srcversion: 40A527C8D5D5D19B610FE2F >>>> depends: >>>> retpoline: Y >>>> name: p_lkrg >>>> vermagic: 5.9.8-g1 SMP preempt mod_unload modversions RANDSTRUCT_PLUGIN_7c046b7d45f5b82e76f627aadaefa3bc69fdd9ae1cd91b61e72d98512ef164aa >>>> >>>> Git log: >>>> >>>> # root ~> git log |head -n 20 >>>> commit 4cfb2b3474b813b0f2c424bbbcd7c1c456fb8f6e >>>> Author: disrupttheflow<68149206+disrupttheflow@...rs.noreply.github.com> >>>> Date: Mon Nov 16 12:28:23 2020 +0000 >>>> >>>> Add correct repository to clone from in README (#25) >>>> >>>> commit 645983fbf687c4bddb3c62c19a37d7db380bf927 >>>> Author: Mariusz Zaborski<oshogbo@...illium.org> >>>> Date: Fri Nov 6 19:29:40 2020 +0100 >>>> >>>> ptrace: replace ptrace kprobes with security_ptrace_access_check >>>> >>>> commit ca8237ed2251a6f4ae03fe8e549662465f26d347 >>>> Merge: 37d5520 5db3f98 >>>> Author: Adam 'pi3' Zabrocki<65244445+Adam-pi3@...rs.noreply.github.com> >>>> Date: Sat Nov 7 08:52:18 2020 -0800 >>>> >>>> Merge pull request #23 from oshogbo/kill >>>> >>>> umh: Kill process using the proper SIGKILL signal. >>>> >>>> >>>> Akreator (RSS client from KDE) >>>> >>>> # user ~> akregator >>>> [506:1:0100/000000.026569:ERROR:broker_posix.cc(43)] Invalid node channel >>>> message >>>> Unicestwiony >>>> >>>> LKRG error (from dmesg): >>>> >>>> [ 806.873553] [p_lkrg] <Exploit Detection> ON process[2170 | >>>> Chrome_IOThread] has corrupted 'off' flag! >>>> [ 806.873555] [p_lkrg] <Exploit Detection> Trying to kill >>>> process[ThreadPoolSingl | 2170]! >>>> >>>> Cheers >>>> >>>> >>>> >>>> >>>>
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.