|
Message-ID: <20201205170639.GA10440@pi3.com.pl> Date: Sat, 5 Dec 2020 18:06:39 +0100 From: Adam Zabrocki <pi3@....com.pl> To: lkrg-users@...ts.openwall.com Subject: Re: p_lkrg] <Exploit Detection> Trying to kill process[ThreadPoolSingl | 2170]! Hi, Thanks for the report. I've just pushed fix for it. Can you verify if it helps? Thanks, Adam On Fri, Dec 04, 2020 at 02:26:01AM +0100, Jacek wrote: > LKRG Commit: > > # root ~> git log |head -n20 > commit 47804120c371aa7673b47d9c34ecfe19026a3c52 > Author: Adam_pi3 <pi3@....com.pl> > Date: Thu Dec 3 15:07:40 2020 -0500 > > Fix a gentle bug when compiled with P_LKRG_TASK_OFF_DEBUG > > P_LKRG_TASK_OFF_DEBUG introduces extra lines of code which was not taken > into account for seccomp() and namespace API. This commit fixes it. > Additionally, we are adding extra information in case of corruption > (dump_stack()). > > commit d051bc28026729f50b2a38051d55e47e60db4e04 > Author: Adam_pi3 <pi3@....com.pl> > Date: Tue Dec 1 16:47:19 2020 -0500 > > Fix debug task logic for seccomp > > Track child in case of SECCOMP_FILTER_FLAG_TSYNC flag > > commit 24f4156516b839da1c025639ac4a9bae7bdf3747 > Author: Adam_pi3 <pi3@....com.pl> > Date: Sun Nov 29 20:47:47 2020 -0500 > > After this commit Firefox works fine. :0 > > Akregator (KDE Akregator uses chromium based Qtwebengine library): > > LKRG in dmesg: > > [75020.719634] [p_lkrg] <Exploit Detection> ON process[2578 | > Chrome_IOThread] has corrupted 'off' flag! > [75020.719636] [p_lkrg] 'off' flag[0x7cbc69aae8aa39a] (normalization via > 0x3e5e34d574551cd) > [75020.719637] [p_lkrg] OFF debug: normalization[0x3e5e34d574551cd] > cookie[0x3d5fe5bf6d05cd89] > [75020.719638] [p_lkrg] Process[2578 | Chrome_IOThread] Parent[1 | init] has > [7] entries: > [75020.719639] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF] > old_off[0x3e5e34d574551cd] debug_val[1] > [75020.719639] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON] > old_off[0x7cbc69aae8aa39a] debug_val[0] > [75020.719640] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > OFF] old_off[0x3e5e34d574551cd] debug_val[1] > [75020.719641] [p_lkrg] Stack trace: > [75020.719649] p_override_creds_entry+0x91/0xd0 [p_lkrg] > [75020.719653] pre_handler_kretprobe+0xaa/0x1b0 > [75020.719654] opt_pre_handler+0x47/0x80 > [75020.719656] optimized_callback+0xbc/0xe0 > [75020.719657] 0xffffffffc040130e > [75020.719657] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > old_off[0x7cbc69aae8aa39a] debug_val[0] > [75020.719658] [p_lkrg] Stack trace: > [75020.719661] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > [75020.719663] pre_handler_kretprobe+0xaa/0x1b0 > [75020.719664] opt_pre_handler+0x47/0x80 > [75020.719665] optimized_callback+0xbc/0xe0 > [75020.719666] 0xffffffffc0401388 > [75020.719666] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > OFF] old_off[0x3e5e34d574551cd] debug_val[1] > [75020.719667] [p_lkrg] Stack trace: > [75020.719670] p_override_creds_entry+0x91/0xd0 [p_lkrg] > [75020.719671] pre_handler_kretprobe+0xaa/0x1b0 > [75020.719673] opt_pre_handler+0x47/0x80 > [75020.719674] optimized_callback+0xbc/0xe0 > [75020.719674] 0xffffffffc040130e > [75020.719675] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > old_off[0x7cbc69aae8aa39a] debug_val[0] > [75020.719675] [p_lkrg] Stack trace: > [75020.719678] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > [75020.719680] pre_handler_kretprobe+0xaa/0x1b0 > [75020.719681] opt_pre_handler+0x47/0x80 > [75020.719682] optimized_callback+0xbc/0xe0 > [75020.719682] 0xffffffffc0401388 > [75020.719683] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > OFF] old_off[0x3e5e34d574551cd] debug_val[1] > [75020.719683] [p_lkrg] Stack trace: > [75020.719686] p_override_creds_entry+0x91/0xd0 [p_lkrg] > [75020.719688] pre_handler_kretprobe+0xaa/0x1b0 > [75020.719689] opt_pre_handler+0x47/0x80 > [75020.719690] optimized_callback+0xbc/0xe0 > [75020.719690] 0xffffffffc040130e > [75020.719692] CPU: 1 PID: 2578 Comm: ThreadPoolSingl Tainted: G C > O T 5.9.12-g1 #1 > [75020.719692] Hardware name: Gigabyte Technology Co., Ltd. > Z97-D3H/Z97-D3H-CF, BIOS F9 09/18/2015 > [75020.719693] Call Trace: > [75020.719696] dump_stack+0x57/0x6a > [75020.719701] p_ed_is_off_off.part.0+0x3e/0x53 [p_lkrg] > [75020.719705] p_security_ptrace_access_entry+0x5b/0x90 [p_lkrg] > [75020.719707] pre_handler_kretprobe+0xaa/0x1b0 > [75020.719708] opt_pre_handler+0x47/0x80 > [75020.719709] optimized_callback+0xbc/0xe0 > [75020.719710] 0xffffffffc0401758 > [75020.719714] ? security_ptrace_access_check+0x1/0x50 > [75020.719716] ? ptrace_may_access+0x25/0x40 > [75020.719719] ? proc_pid_permission+0x3f/0xb0 > [75020.719721] ? inode_permission+0xc7/0x160 > [75020.719723] ? link_path_walk+0x23b/0x3b0 > [75020.719724] ? path_lookupat.isra.0+0x72/0x140 > [75020.719726] ? filename_lookup+0xc1/0x1a0 > [75020.719729] ? do_faccessat+0x89/0x2a0 > [75020.719732] ? do_syscall_64+0x33/0x40 > [75020.719734] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 > [75020.719735] [p_lkrg] <Exploit Detection> Trying to kill > process[ThreadPoolSingl | 2578]! > > W dniu 03.12.2020 o 21:13, Adam Zabrocki pisze: > > Thanks! > > > > I've introduced a very gentle bug for namespace and seccomp() API when compiled > > wwith P_LKRG_TASK_OFF_DEBUG (it does not exist with normal compilation). That's > > why you started to see more bugs - very sorry about that ;/ > > > > I've just pushed fixes for that specific issue. Would you be able to update > > LKRG code-base and re-run it with P_LKRG_TASK_OFF_DEBUG again? If there is > > going to be next FP, it should be real ;p > > > > Thanks, > > Adam > > > > On Thu, Dec 03, 2020 at 08:43:59AM +0100, Jacek wrote: > > > OK, LKRG > > > > > > P_LKRG_TASK_OFF_DEBUG > > > > > > log: > > > > > > > > > [17733.791399] [p_lkrg] Loading LKRG... > > > [17733.791408] [p_lkrg] System does NOT support SMAP. LKRG can't enforce > > > SMAP validation :( > > > [17733.816444] Freezing user space processes ... (elapsed 0.033 seconds) > > > done. > > > [17733.849497] OOM killer disabled. > > > [17737.475672] [p_lkrg] [kretprobe] register_kretprobe() for > > > <ttwu_do_wakeup> failed! [err=-22] > > > [17737.475675] [p_lkrg] Trying to find ISRA / CONSTPROP name for > > > <ttwu_do_wakeup> > > > [17737.482067] [p_lkrg] Found ISRA version of function > > > <ttwu_do_wakeup.isra.0> > > > [17737.595461] [p_lkrg] ISRA / CONSTPROP version was found and hook was > > > planted at <ttwu_do_wakeup.isra.0> > > > [17738.042763] [p_lkrg] LKRG initialized successfully! > > > [17738.042764] OOM killer enabled. > > > [17738.042764] Restarting tasks ... done. > > > [17753.483746] [p_lkrg] <Exploit Detection> ON process[4072 | > > > QtWebEngineProc] has corrupted 'off' flag! > > > [17753.483747] [p_lkrg] 'off' flag[0x0] (normalization via > > > 0x3a3d5b3e3034f5b) > > > [17753.483748] [p_lkrg] OFF debug: normalization[0x3a3d5b3e3034f5b] > > > cookie[0x69470f9547639fd1] > > > [17753.483749] [p_lkrg] Process[4072 | QtWebEngineProc] Parent[3992 | > > > akregator] has [76] entries: > > > [17753.483749] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF] > > > old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483750] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483751] [p_lkrg] => caller[p_sys_execve_entry] action[OFF] > > > old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483751] [p_lkrg] => caller[p_sys_execve_ret] action[RESET] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483752] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483752] [p_lkrg] Stack trace: > > > [17753.483759] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483763] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483764] opt_pre_handler+0x47/0x80 > > > [17753.483766] optimized_callback+0xbc/0xe0 > > > [17753.483766] 0xffffffffc044f30e > > > [17753.483767] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483767] [p_lkrg] Stack trace: > > > [17753.483771] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.483772] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483773] opt_pre_handler+0x47/0x80 > > > [17753.483774] optimized_callback+0xbc/0xe0 > > > [17753.483774] 0xffffffffc044f388 > > > [17753.483775] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF] > > > old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483775] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483776] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483776] [p_lkrg] Stack trace: > > > [17753.483779] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483781] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483782] opt_pre_handler+0x47/0x80 > > > [17753.483782] optimized_callback+0xbc/0xe0 > > > [17753.483783] 0xffffffffc044f30e > > > [17753.483783] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483784] [p_lkrg] Stack trace: > > > [17753.483787] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.483788] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483789] opt_pre_handler+0x47/0x80 > > > [17753.483790] optimized_callback+0xbc/0xe0 > > > [17753.483790] 0xffffffffc044f388 > > > [17753.483791] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483791] [p_lkrg] Stack trace: > > > [17753.483794] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483795] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483796] opt_pre_handler+0x47/0x80 > > > [17753.483797] optimized_callback+0xbc/0xe0 > > > [17753.483798] 0xffffffffc044f30e > > > [17753.483798] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483798] [p_lkrg] Stack trace: > > > [17753.483801] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.483803] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483804] opt_pre_handler+0x47/0x80 > > > [17753.483804] optimized_callback+0xbc/0xe0 > > > [17753.483805] 0xffffffffc044f388 > > > [17753.483805] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483806] [p_lkrg] Stack trace: > > > [17753.483809] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483810] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483811] opt_pre_handler+0x47/0x80 > > > [17753.483812] optimized_callback+0xbc/0xe0 > > > [17753.483812] 0xffffffffc044f30e > > > [17753.483813] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483813] [p_lkrg] Stack trace: > > > [17753.483816] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.483817] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483818] opt_pre_handler+0x47/0x80 > > > [17753.483819] optimized_callback+0xbc/0xe0 > > > [17753.483819] 0xffffffffc044f388 > > > [17753.483820] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483820] [p_lkrg] Stack trace: > > > [17753.483823] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483824] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483825] opt_pre_handler+0x47/0x80 > > > [17753.483826] optimized_callback+0xbc/0xe0 > > > [17753.483826] 0xffffffffc044f30e > > > [17753.483827] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483827] [p_lkrg] Stack trace: > > > [17753.483830] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.483831] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483832] opt_pre_handler+0x47/0x80 > > > [17753.483833] optimized_callback+0xbc/0xe0 > > > [17753.483834] 0xffffffffc044f388 > > > [17753.483834] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483834] [p_lkrg] Stack trace: > > > [17753.483837] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483838] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483840] opt_pre_handler+0x47/0x80 > > > [17753.483840] optimized_callback+0xbc/0xe0 > > > [17753.483841] 0xffffffffc044f30e > > > [17753.483841] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483841] [p_lkrg] Stack trace: > > > [17753.483844] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.483846] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483847] opt_pre_handler+0x47/0x80 > > > [17753.483847] optimized_callback+0xbc/0xe0 > > > [17753.483848] 0xffffffffc044f388 > > > [17753.483848] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483849] [p_lkrg] Stack trace: > > > [17753.483851] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483853] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483854] opt_pre_handler+0x47/0x80 > > > [17753.483855] optimized_callback+0xbc/0xe0 > > > [17753.483855] 0xffffffffc044f30e > > > [17753.483855] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483856] [p_lkrg] Stack trace: > > > [17753.483859] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.483860] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483861] opt_pre_handler+0x47/0x80 > > > [17753.483862] optimized_callback+0xbc/0xe0 > > > [17753.483862] 0xffffffffc044f388 > > > [17753.483863] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483863] [p_lkrg] Stack trace: > > > [17753.483866] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483867] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483868] opt_pre_handler+0x47/0x80 > > > [17753.483869] optimized_callback+0xbc/0xe0 > > > [17753.483869] 0xffffffffc044f30e > > > [17753.483870] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483870] [p_lkrg] Stack trace: > > > [17753.483873] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.483874] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483875] opt_pre_handler+0x47/0x80 > > > [17753.483876] optimized_callback+0xbc/0xe0 > > > [17753.483877] 0xffffffffc044f388 > > > [17753.483877] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483877] [p_lkrg] Stack trace: > > > [17753.483880] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483881] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483882] opt_pre_handler+0x47/0x80 > > > [17753.483883] optimized_callback+0xbc/0xe0 > > > [17753.483884] 0xffffffffc044f30e > > > [17753.483884] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483884] [p_lkrg] Stack trace: > > > [17753.483887] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.483888] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483890] opt_pre_handler+0x47/0x80 > > > [17753.483890] optimized_callback+0xbc/0xe0 > > > [17753.483891] 0xffffffffc044f388 > > > [17753.483891] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483891] [p_lkrg] Stack trace: > > > [17753.483894] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483896] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483897] opt_pre_handler+0x47/0x80 > > > [17753.483897] optimized_callback+0xbc/0xe0 > > > [17753.483898] 0xffffffffc044f30e > > > [17753.483898] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483899] [p_lkrg] Stack trace: > > > [17753.483902] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.483903] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483904] opt_pre_handler+0x47/0x80 > > > [17753.483905] optimized_callback+0xbc/0xe0 > > > [17753.483905] 0xffffffffc044f388 > > > [17753.483906] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483906] [p_lkrg] Stack trace: > > > [17753.483909] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483910] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483911] opt_pre_handler+0x47/0x80 > > > [17753.483912] optimized_callback+0xbc/0xe0 > > > [17753.483912] 0xffffffffc044f30e > > > [17753.483913] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483913] [p_lkrg] Stack trace: > > > [17753.483916] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.483917] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483918] opt_pre_handler+0x47/0x80 > > > [17753.483919] optimized_callback+0xbc/0xe0 > > > [17753.483919] 0xffffffffc044f388 > > > [17753.483920] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483920] [p_lkrg] Stack trace: > > > [17753.483923] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483924] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483925] opt_pre_handler+0x47/0x80 > > > [17753.483926] optimized_callback+0xbc/0xe0 > > > [17753.483927] 0xffffffffc044f30e > > > [17753.483927] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483927] [p_lkrg] Stack trace: > > > [17753.483930] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.483932] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483933] opt_pre_handler+0x47/0x80 > > > [17753.483933] optimized_callback+0xbc/0xe0 > > > [17753.483934] 0xffffffffc044f388 > > > [17753.483934] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483935] [p_lkrg] Stack trace: > > > [17753.483937] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483939] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483940] opt_pre_handler+0x47/0x80 > > > [17753.483940] optimized_callback+0xbc/0xe0 > > > [17753.483941] 0xffffffffc044f30e > > > [17753.483941] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483942] [p_lkrg] Stack trace: > > > [17753.483945] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.483946] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483947] opt_pre_handler+0x47/0x80 > > > [17753.483948] optimized_callback+0xbc/0xe0 > > > [17753.483948] 0xffffffffc044f388 > > > [17753.483949] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483949] [p_lkrg] Stack trace: > > > [17753.483952] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483953] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483954] opt_pre_handler+0x47/0x80 > > > [17753.483955] optimized_callback+0xbc/0xe0 > > > [17753.483955] 0xffffffffc044f30e > > > [17753.483956] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483956] [p_lkrg] Stack trace: > > > [17753.483959] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.483960] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483961] opt_pre_handler+0x47/0x80 > > > [17753.483962] optimized_callback+0xbc/0xe0 > > > [17753.483962] 0xffffffffc044f388 > > > [17753.483963] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483963] [p_lkrg] Stack trace: > > > [17753.483966] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483967] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483968] opt_pre_handler+0x47/0x80 > > > [17753.483979] optimized_callback+0xbc/0xe0 > > > [17753.483980] 0xffffffffc044f30e > > > [17753.483980] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483980] [p_lkrg] Stack trace: > > > [17753.483983] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.483985] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483986] opt_pre_handler+0x47/0x80 > > > [17753.483987] optimized_callback+0xbc/0xe0 > > > [17753.483987] 0xffffffffc044f388 > > > [17753.483988] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.483988] [p_lkrg] Stack trace: > > > [17753.483991] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.483992] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.483994] opt_pre_handler+0x47/0x80 > > > [17753.483994] optimized_callback+0xbc/0xe0 > > > [17753.483995] 0xffffffffc044f30e > > > [17753.483995] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.483996] [p_lkrg] Stack trace: > > > [17753.483999] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484000] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484001] opt_pre_handler+0x47/0x80 > > > [17753.484002] optimized_callback+0xbc/0xe0 > > > [17753.484011] 0xffffffffc044f388 > > > [17753.484012] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484012] [p_lkrg] Stack trace: > > > [17753.484015] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484016] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484017] opt_pre_handler+0x47/0x80 > > > [17753.484018] optimized_callback+0xbc/0xe0 > > > [17753.484019] 0xffffffffc044f30e > > > [17753.484019] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484019] [p_lkrg] Stack trace: > > > [17753.484022] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484023] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484025] opt_pre_handler+0x47/0x80 > > > [17753.484025] optimized_callback+0xbc/0xe0 > > > [17753.484026] 0xffffffffc044f388 > > > [17753.484026] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484027] [p_lkrg] Stack trace: > > > [17753.484029] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484031] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484032] opt_pre_handler+0x47/0x80 > > > [17753.484033] optimized_callback+0xbc/0xe0 > > > [17753.484033] 0xffffffffc044f30e > > > [17753.484033] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484034] [p_lkrg] Stack trace: > > > [17753.484036] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484038] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484039] opt_pre_handler+0x47/0x80 > > > [17753.484040] optimized_callback+0xbc/0xe0 > > > [17753.484040] 0xffffffffc044f388 > > > [17753.484040] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484041] [p_lkrg] Stack trace: > > > [17753.484044] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484045] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484046] opt_pre_handler+0x47/0x80 > > > [17753.484047] optimized_callback+0xbc/0xe0 > > > [17753.484047] 0xffffffffc044f30e > > > [17753.484048] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484048] [p_lkrg] Stack trace: > > > [17753.484051] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484052] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484053] opt_pre_handler+0x47/0x80 > > > [17753.484054] optimized_callback+0xbc/0xe0 > > > [17753.484054] 0xffffffffc044f388 > > > [17753.484055] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484055] [p_lkrg] Stack trace: > > > [17753.484058] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484059] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484060] opt_pre_handler+0x47/0x80 > > > [17753.484061] optimized_callback+0xbc/0xe0 > > > [17753.484061] 0xffffffffc044f30e > > > [17753.484062] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484062] [p_lkrg] Stack trace: > > > [17753.484065] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484066] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484067] opt_pre_handler+0x47/0x80 > > > [17753.484068] optimized_callback+0xbc/0xe0 > > > [17753.484068] 0xffffffffc044f388 > > > [17753.484069] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484069] [p_lkrg] Stack trace: > > > [17753.484072] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484073] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484074] opt_pre_handler+0x47/0x80 > > > [17753.484075] optimized_callback+0xbc/0xe0 > > > [17753.484076] 0xffffffffc044f30e > > > [17753.484076] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484076] [p_lkrg] Stack trace: > > > [17753.484079] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484080] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484081] opt_pre_handler+0x47/0x80 > > > [17753.484082] optimized_callback+0xbc/0xe0 > > > [17753.484083] 0xffffffffc044f388 > > > [17753.484083] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484083] [p_lkrg] Stack trace: > > > [17753.484086] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484087] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484088] opt_pre_handler+0x47/0x80 > > > [17753.484089] optimized_callback+0xbc/0xe0 > > > [17753.484090] 0xffffffffc044f30e > > > [17753.484090] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484090] [p_lkrg] Stack trace: > > > [17753.484093] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484094] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484095] opt_pre_handler+0x47/0x80 > > > [17753.484096] optimized_callback+0xbc/0xe0 > > > [17753.484097] 0xffffffffc044f388 > > > [17753.484097] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484097] [p_lkrg] Stack trace: > > > [17753.484100] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484101] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484103] opt_pre_handler+0x47/0x80 > > > [17753.484103] optimized_callback+0xbc/0xe0 > > > [17753.484104] 0xffffffffc044f30e > > > [17753.484104] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484105] [p_lkrg] Stack trace: > > > [17753.484107] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484109] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484110] opt_pre_handler+0x47/0x80 > > > [17753.484110] optimized_callback+0xbc/0xe0 > > > [17753.484111] 0xffffffffc044f388 > > > [17753.484111] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484112] [p_lkrg] Stack trace: > > > [17753.484114] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484116] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484117] opt_pre_handler+0x47/0x80 > > > [17753.484117] optimized_callback+0xbc/0xe0 > > > [17753.484118] 0xffffffffc044f30e > > > [17753.484118] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484119] [p_lkrg] Stack trace: > > > [17753.484121] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484123] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484124] opt_pre_handler+0x47/0x80 > > > [17753.484125] optimized_callback+0xbc/0xe0 > > > [17753.484125] 0xffffffffc044f388 > > > [17753.484126] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484126] [p_lkrg] Stack trace: > > > [17753.484129] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484130] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484131] opt_pre_handler+0x47/0x80 > > > [17753.484132] optimized_callback+0xbc/0xe0 > > > [17753.484132] 0xffffffffc044f30e > > > [17753.484133] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484133] [p_lkrg] Stack trace: > > > [17753.484136] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484137] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484138] opt_pre_handler+0x47/0x80 > > > [17753.484139] optimized_callback+0xbc/0xe0 > > > [17753.484139] 0xffffffffc044f388 > > > [17753.484140] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484140] [p_lkrg] Stack trace: > > > [17753.484143] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484144] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484145] opt_pre_handler+0x47/0x80 > > > [17753.484146] optimized_callback+0xbc/0xe0 > > > [17753.484147] 0xffffffffc044f30e > > > [17753.484147] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484147] [p_lkrg] Stack trace: > > > [17753.484150] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484151] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484152] opt_pre_handler+0x47/0x80 > > > [17753.484153] optimized_callback+0xbc/0xe0 > > > [17753.484154] 0xffffffffc044f388 > > > [17753.484154] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484154] [p_lkrg] Stack trace: > > > [17753.484157] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484158] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484159] opt_pre_handler+0x47/0x80 > > > [17753.484160] optimized_callback+0xbc/0xe0 > > > [17753.484161] 0xffffffffc044f30e > > > [17753.484161] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484161] [p_lkrg] Stack trace: > > > [17753.484164] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484165] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484166] opt_pre_handler+0x47/0x80 > > > [17753.484167] optimized_callback+0xbc/0xe0 > > > [17753.484168] 0xffffffffc044f388 > > > [17753.484168] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484168] [p_lkrg] Stack trace: > > > [17753.484171] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484172] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484173] opt_pre_handler+0x47/0x80 > > > [17753.484174] optimized_callback+0xbc/0xe0 > > > [17753.484175] 0xffffffffc044f30e > > > [17753.484175] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484175] [p_lkrg] Stack trace: > > > [17753.484178] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484179] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484180] opt_pre_handler+0x47/0x80 > > > [17753.484181] optimized_callback+0xbc/0xe0 > > > [17753.484181] 0xffffffffc044f388 > > > [17753.484182] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484182] [p_lkrg] Stack trace: > > > [17753.484185] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484186] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484188] opt_pre_handler+0x47/0x80 > > > [17753.484188] optimized_callback+0xbc/0xe0 > > > [17753.484189] 0xffffffffc044f30e > > > [17753.484189] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484189] [p_lkrg] Stack trace: > > > [17753.484192] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484193] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484195] opt_pre_handler+0x47/0x80 > > > [17753.484195] optimized_callback+0xbc/0xe0 > > > [17753.484196] 0xffffffffc044f388 > > > [17753.484196] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484197] [p_lkrg] Stack trace: > > > [17753.484199] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484201] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484202] opt_pre_handler+0x47/0x80 > > > [17753.484203] optimized_callback+0xbc/0xe0 > > > [17753.484203] 0xffffffffc044f30e > > > [17753.484203] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484204] [p_lkrg] Stack trace: > > > [17753.484207] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484208] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484209] opt_pre_handler+0x47/0x80 > > > [17753.484210] optimized_callback+0xbc/0xe0 > > > [17753.484210] 0xffffffffc044f388 > > > [17753.484211] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484211] [p_lkrg] Stack trace: > > > [17753.484214] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484215] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484216] opt_pre_handler+0x47/0x80 > > > [17753.484217] optimized_callback+0xbc/0xe0 > > > [17753.484217] 0xffffffffc044f30e > > > [17753.484218] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484218] [p_lkrg] Stack trace: > > > [17753.484221] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484222] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484223] opt_pre_handler+0x47/0x80 > > > [17753.484224] optimized_callback+0xbc/0xe0 > > > [17753.484224] 0xffffffffc044f388 > > > [17753.484225] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484225] [p_lkrg] Stack trace: > > > [17753.484228] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484229] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484230] opt_pre_handler+0x47/0x80 > > > [17753.484231] optimized_callback+0xbc/0xe0 > > > [17753.484231] 0xffffffffc044f30e > > > [17753.484232] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484232] [p_lkrg] Stack trace: > > > [17753.484235] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484236] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484237] opt_pre_handler+0x47/0x80 > > > [17753.484238] optimized_callback+0xbc/0xe0 > > > [17753.484239] 0xffffffffc044f388 > > > [17753.484239] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF] > > > old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484240] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484240] [p_lkrg] => caller[p_seccomp_entry] action[OFF] > > > old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484241] [p_lkrg] => caller[p_seccomp_ret] action[ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484241] [p_lkrg] => caller[p_seccomp_entry] action[OFF] > > > old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484242] [p_lkrg] => caller[p_seccomp_ret] action[ON] > > > old_off[0x3a3d5b3e3034f5b] debug_val[0] > > > [17753.484243] [p_lkrg] <Exploit Detection> Trying to kill > > > process[QtWebEngineProc | 4072]! > > > [17753.484300] [p_lkrg] <Exploit Detection> ON process[4072 | > > > QtWebEngineProc] has corrupted 'off' flag! > > > [17753.484301] [p_lkrg] 'off' flag[0x0] (normalization via > > > 0x3a3d5b3e3034f5b) > > > [17753.484301] [p_lkrg] OFF debug: normalization[0x3a3d5b3e3034f5b] > > > cookie[0x69470f9547639fd1] > > > [17753.484302] [p_lkrg] Process[4072 | QtWebEngineProc] Parent[3992 | > > > akregator] has [76] entries: > > > [17753.484303] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF] > > > old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484303] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484304] [p_lkrg] => caller[p_sys_execve_entry] action[OFF] > > > old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484304] [p_lkrg] => caller[p_sys_execve_ret] action[RESET] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484305] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484305] [p_lkrg] Stack trace: > > > [17753.484309] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484310] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484311] opt_pre_handler+0x47/0x80 > > > [17753.484312] optimized_callback+0xbc/0xe0 > > > [17753.484313] 0xffffffffc044f30e > > > [17753.484313] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484313] [p_lkrg] Stack trace: > > > [17753.484316] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484318] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484319] opt_pre_handler+0x47/0x80 > > > [17753.484320] optimized_callback+0xbc/0xe0 > > > [17753.484321] 0xffffffffc044f388 > > > [17753.484321] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF] > > > old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484322] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484322] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484322] [p_lkrg] Stack trace: > > > [17753.484325] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484327] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484328] opt_pre_handler+0x47/0x80 > > > [17753.484329] optimized_callback+0xbc/0xe0 > > > [17753.484329] 0xffffffffc044f30e > > > [17753.484330] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484330] [p_lkrg] Stack trace: > > > [17753.484333] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484334] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484336] opt_pre_handler+0x47/0x80 > > > [17753.484336] optimized_callback+0xbc/0xe0 > > > [17753.484337] 0xffffffffc044f388 > > > [17753.484337] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484338] [p_lkrg] Stack trace: > > > [17753.484341] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484342] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484343] opt_pre_handler+0x47/0x80 > > > [17753.484344] optimized_callback+0xbc/0xe0 > > > [17753.484344] 0xffffffffc044f30e > > > [17753.484345] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484345] [p_lkrg] Stack trace: > > > [17753.484348] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484350] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484351] opt_pre_handler+0x47/0x80 > > > [17753.484352] optimized_callback+0xbc/0xe0 > > > [17753.484352] 0xffffffffc044f388 > > > [17753.484353] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484353] [p_lkrg] Stack trace: > > > [17753.484356] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484357] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484358] opt_pre_handler+0x47/0x80 > > > [17753.484359] optimized_callback+0xbc/0xe0 > > > [17753.484360] 0xffffffffc044f30e > > > [17753.484360] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484360] [p_lkrg] Stack trace: > > > [17753.484363] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484365] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484366] opt_pre_handler+0x47/0x80 > > > [17753.484367] optimized_callback+0xbc/0xe0 > > > [17753.484367] 0xffffffffc044f388 > > > [17753.484368] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484368] [p_lkrg] Stack trace: > > > [17753.484371] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484372] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484373] opt_pre_handler+0x47/0x80 > > > [17753.484374] optimized_callback+0xbc/0xe0 > > > [17753.484375] 0xffffffffc044f30e > > > [17753.484375] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484375] [p_lkrg] Stack trace: > > > [17753.484378] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484380] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484381] opt_pre_handler+0x47/0x80 > > > [17753.484382] optimized_callback+0xbc/0xe0 > > > [17753.484382] 0xffffffffc044f388 > > > [17753.484383] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484383] [p_lkrg] Stack trace: > > > [17753.484386] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484387] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484389] opt_pre_handler+0x47/0x80 > > > [17753.484389] optimized_callback+0xbc/0xe0 > > > [17753.484390] 0xffffffffc044f30e > > > [17753.484390] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484391] [p_lkrg] Stack trace: > > > [17753.484394] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484395] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484396] opt_pre_handler+0x47/0x80 > > > [17753.484397] optimized_callback+0xbc/0xe0 > > > [17753.484397] 0xffffffffc044f388 > > > [17753.484398] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484398] [p_lkrg] Stack trace: > > > [17753.484401] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484403] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484404] opt_pre_handler+0x47/0x80 > > > [17753.484405] optimized_callback+0xbc/0xe0 > > > [17753.484405] 0xffffffffc044f30e > > > [17753.484406] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484406] [p_lkrg] Stack trace: > > > [17753.484409] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484410] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484411] opt_pre_handler+0x47/0x80 > > > [17753.484412] optimized_callback+0xbc/0xe0 > > > [17753.484412] 0xffffffffc044f388 > > > [17753.484413] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484413] [p_lkrg] Stack trace: > > > [17753.484416] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484418] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484419] opt_pre_handler+0x47/0x80 > > > [17753.484420] optimized_callback+0xbc/0xe0 > > > [17753.484420] 0xffffffffc044f30e > > > [17753.484421] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484421] [p_lkrg] Stack trace: > > > [17753.484424] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484425] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484426] opt_pre_handler+0x47/0x80 > > > [17753.484427] optimized_callback+0xbc/0xe0 > > > [17753.484428] 0xffffffffc044f388 > > > [17753.484428] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484428] [p_lkrg] Stack trace: > > > [17753.484431] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484433] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484434] opt_pre_handler+0x47/0x80 > > > [17753.484435] optimized_callback+0xbc/0xe0 > > > [17753.484435] 0xffffffffc044f30e > > > [17753.484436] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484436] [p_lkrg] Stack trace: > > > [17753.484439] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484440] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484441] opt_pre_handler+0x47/0x80 > > > [17753.484442] optimized_callback+0xbc/0xe0 > > > [17753.484443] 0xffffffffc044f388 > > > [17753.484443] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484443] [p_lkrg] Stack trace: > > > [17753.484446] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484448] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484449] opt_pre_handler+0x47/0x80 > > > [17753.484450] optimized_callback+0xbc/0xe0 > > > [17753.484450] 0xffffffffc044f30e > > > [17753.484451] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484451] [p_lkrg] Stack trace: > > > [17753.484454] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484455] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484456] opt_pre_handler+0x47/0x80 > > > [17753.484457] optimized_callback+0xbc/0xe0 > > > [17753.484458] 0xffffffffc044f388 > > > [17753.484458] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484458] [p_lkrg] Stack trace: > > > [17753.484462] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484463] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484464] opt_pre_handler+0x47/0x80 > > > [17753.484465] optimized_callback+0xbc/0xe0 > > > [17753.484466] 0xffffffffc044f30e > > > [17753.484466] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484466] [p_lkrg] Stack trace: > > > [17753.484469] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484471] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484472] opt_pre_handler+0x47/0x80 > > > [17753.484473] optimized_callback+0xbc/0xe0 > > > [17753.484473] 0xffffffffc044f388 > > > [17753.484474] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484474] [p_lkrg] Stack trace: > > > [17753.484477] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484478] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484479] opt_pre_handler+0x47/0x80 > > > [17753.484480] optimized_callback+0xbc/0xe0 > > > [17753.484481] 0xffffffffc044f30e > > > [17753.484481] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484481] [p_lkrg] Stack trace: > > > [17753.484484] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484486] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484487] opt_pre_handler+0x47/0x80 > > > [17753.484488] optimized_callback+0xbc/0xe0 > > > [17753.484488] 0xffffffffc044f388 > > > [17753.484489] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484489] [p_lkrg] Stack trace: > > > [17753.484492] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484493] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484495] opt_pre_handler+0x47/0x80 > > > [17753.484495] optimized_callback+0xbc/0xe0 > > > [17753.484496] 0xffffffffc044f30e > > > [17753.484496] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484497] [p_lkrg] Stack trace: > > > [17753.484500] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484501] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484502] opt_pre_handler+0x47/0x80 > > > [17753.484503] optimized_callback+0xbc/0xe0 > > > [17753.484503] 0xffffffffc044f388 > > > [17753.484504] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484504] [p_lkrg] Stack trace: > > > [17753.484507] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484508] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484510] opt_pre_handler+0x47/0x80 > > > [17753.484510] optimized_callback+0xbc/0xe0 > > > [17753.484511] 0xffffffffc044f30e > > > [17753.484511] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484512] [p_lkrg] Stack trace: > > > [17753.484515] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484516] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484517] opt_pre_handler+0x47/0x80 > > > [17753.484518] optimized_callback+0xbc/0xe0 > > > [17753.484518] 0xffffffffc044f388 > > > [17753.484519] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484519] [p_lkrg] Stack trace: > > > [17753.484522] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484524] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484525] opt_pre_handler+0x47/0x80 > > > [17753.484526] optimized_callback+0xbc/0xe0 > > > [17753.484526] 0xffffffffc044f30e > > > [17753.484526] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484527] [p_lkrg] Stack trace: > > > [17753.484530] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484531] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484532] opt_pre_handler+0x47/0x80 > > > [17753.484533] optimized_callback+0xbc/0xe0 > > > [17753.484533] 0xffffffffc044f388 > > > [17753.484534] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484534] [p_lkrg] Stack trace: > > > [17753.484537] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484538] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484540] opt_pre_handler+0x47/0x80 > > > [17753.484540] optimized_callback+0xbc/0xe0 > > > [17753.484541] 0xffffffffc044f30e > > > [17753.484541] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484542] [p_lkrg] Stack trace: > > > [17753.484545] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484546] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484547] opt_pre_handler+0x47/0x80 > > > [17753.484548] optimized_callback+0xbc/0xe0 > > > [17753.484548] 0xffffffffc044f388 > > > [17753.484549] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484549] [p_lkrg] Stack trace: > > > [17753.484552] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484553] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484555] opt_pre_handler+0x47/0x80 > > > [17753.484555] optimized_callback+0xbc/0xe0 > > > [17753.484556] 0xffffffffc044f30e > > > [17753.484556] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484557] [p_lkrg] Stack trace: > > > [17753.484560] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484561] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484562] opt_pre_handler+0x47/0x80 > > > [17753.484563] optimized_callback+0xbc/0xe0 > > > [17753.484563] 0xffffffffc044f388 > > > [17753.484564] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484564] [p_lkrg] Stack trace: > > > [17753.484567] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484568] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484570] opt_pre_handler+0x47/0x80 > > > [17753.484570] optimized_callback+0xbc/0xe0 > > > [17753.484571] 0xffffffffc044f30e > > > [17753.484571] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484572] [p_lkrg] Stack trace: > > > [17753.484575] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484576] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484577] opt_pre_handler+0x47/0x80 > > > [17753.484578] optimized_callback+0xbc/0xe0 > > > [17753.484578] 0xffffffffc044f388 > > > [17753.484579] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484579] [p_lkrg] Stack trace: > > > [17753.484582] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484583] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484585] opt_pre_handler+0x47/0x80 > > > [17753.484585] optimized_callback+0xbc/0xe0 > > > [17753.484586] 0xffffffffc044f30e > > > [17753.484586] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484587] [p_lkrg] Stack trace: > > > [17753.484590] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484591] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484592] opt_pre_handler+0x47/0x80 > > > [17753.484593] optimized_callback+0xbc/0xe0 > > > [17753.484593] 0xffffffffc044f388 > > > [17753.484594] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484594] [p_lkrg] Stack trace: > > > [17753.484597] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484598] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484599] opt_pre_handler+0x47/0x80 > > > [17753.484600] optimized_callback+0xbc/0xe0 > > > [17753.484601] 0xffffffffc044f30e > > > [17753.484601] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484601] [p_lkrg] Stack trace: > > > [17753.484604] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484606] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484607] opt_pre_handler+0x47/0x80 > > > [17753.484608] optimized_callback+0xbc/0xe0 > > > [17753.484608] 0xffffffffc044f388 > > > [17753.484609] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484609] [p_lkrg] Stack trace: > > > [17753.484612] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484613] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484615] opt_pre_handler+0x47/0x80 > > > [17753.484615] optimized_callback+0xbc/0xe0 > > > [17753.484616] 0xffffffffc044f30e > > > [17753.484616] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484617] [p_lkrg] Stack trace: > > > [17753.484620] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484621] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484622] opt_pre_handler+0x47/0x80 > > > [17753.484623] optimized_callback+0xbc/0xe0 > > > [17753.484623] 0xffffffffc044f388 > > > [17753.484624] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484624] [p_lkrg] Stack trace: > > > [17753.484627] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484629] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484630] opt_pre_handler+0x47/0x80 > > > [17753.484631] optimized_callback+0xbc/0xe0 > > > [17753.484631] 0xffffffffc044f30e > > > [17753.484632] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484632] [p_lkrg] Stack trace: > > > [17753.484635] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484636] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484637] opt_pre_handler+0x47/0x80 > > > [17753.484638] optimized_callback+0xbc/0xe0 > > > [17753.484639] 0xffffffffc044f388 > > > [17753.484639] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484640] [p_lkrg] Stack trace: > > > [17753.484642] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484644] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484645] opt_pre_handler+0x47/0x80 > > > [17753.484646] optimized_callback+0xbc/0xe0 > > > [17753.484646] 0xffffffffc044f30e > > > [17753.484647] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484647] [p_lkrg] Stack trace: > > > [17753.484650] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484651] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484652] opt_pre_handler+0x47/0x80 > > > [17753.484663] optimized_callback+0xbc/0xe0 > > > [17753.484664] 0xffffffffc044f388 > > > [17753.484664] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484665] [p_lkrg] Stack trace: > > > [17753.484668] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484669] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484670] opt_pre_handler+0x47/0x80 > > > [17753.484671] optimized_callback+0xbc/0xe0 > > > [17753.484672] 0xffffffffc044f30e > > > [17753.484672] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484673] [p_lkrg] Stack trace: > > > [17753.484676] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484677] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484678] opt_pre_handler+0x47/0x80 > > > [17753.484679] optimized_callback+0xbc/0xe0 > > > [17753.484680] 0xffffffffc044f388 > > > [17753.484680] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484681] [p_lkrg] Stack trace: > > > [17753.484684] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484685] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484686] opt_pre_handler+0x47/0x80 > > > [17753.484687] optimized_callback+0xbc/0xe0 > > > [17753.484687] 0xffffffffc044f30e > > > [17753.484688] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484688] [p_lkrg] Stack trace: > > > [17753.484691] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484693] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484703] opt_pre_handler+0x47/0x80 > > > [17753.484704] optimized_callback+0xbc/0xe0 > > > [17753.484704] 0xffffffffc044f388 > > > [17753.484705] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484705] [p_lkrg] Stack trace: > > > [17753.484708] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484710] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484711] opt_pre_handler+0x47/0x80 > > > [17753.484711] optimized_callback+0xbc/0xe0 > > > [17753.484712] 0xffffffffc044f30e > > > [17753.484712] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484713] [p_lkrg] Stack trace: > > > [17753.484716] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484717] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484718] opt_pre_handler+0x47/0x80 > > > [17753.484719] optimized_callback+0xbc/0xe0 > > > [17753.484720] 0xffffffffc044f388 > > > [17753.484720] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484720] [p_lkrg] Stack trace: > > > [17753.484723] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484725] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484726] opt_pre_handler+0x47/0x80 > > > [17753.484727] optimized_callback+0xbc/0xe0 > > > [17753.484727] 0xffffffffc044f30e > > > [17753.484738] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484738] [p_lkrg] Stack trace: > > > [17753.484741] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484743] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484744] opt_pre_handler+0x47/0x80 > > > [17753.484745] optimized_callback+0xbc/0xe0 > > > [17753.484745] 0xffffffffc044f388 > > > [17753.484746] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484746] [p_lkrg] Stack trace: > > > [17753.484749] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484750] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484752] opt_pre_handler+0x47/0x80 > > > [17753.484753] optimized_callback+0xbc/0xe0 > > > [17753.484753] 0xffffffffc044f30e > > > [17753.484754] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484754] [p_lkrg] Stack trace: > > > [17753.484757] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484758] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484760] opt_pre_handler+0x47/0x80 > > > [17753.484760] optimized_callback+0xbc/0xe0 > > > [17753.484761] 0xffffffffc044f388 > > > [17753.484761] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484762] [p_lkrg] Stack trace: > > > [17753.484774] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484775] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484776] opt_pre_handler+0x47/0x80 > > > [17753.484777] optimized_callback+0xbc/0xe0 > > > [17753.484778] 0xffffffffc044f30e > > > [17753.484778] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484778] [p_lkrg] Stack trace: > > > [17753.484781] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484783] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484784] opt_pre_handler+0x47/0x80 > > > [17753.484785] optimized_callback+0xbc/0xe0 > > > [17753.484785] 0xffffffffc044f388 > > > [17753.484786] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484786] [p_lkrg] Stack trace: > > > [17753.484789] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484790] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484791] opt_pre_handler+0x47/0x80 > > > [17753.484792] optimized_callback+0xbc/0xe0 > > > [17753.484793] 0xffffffffc044f30e > > > [17753.484793] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484794] [p_lkrg] Stack trace: > > > [17753.484797] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484798] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484799] opt_pre_handler+0x47/0x80 > > > [17753.484800] optimized_callback+0xbc/0xe0 > > > [17753.484800] 0xffffffffc044f388 > > > [17753.484801] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484801] [p_lkrg] Stack trace: > > > [17753.484804] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484806] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484807] opt_pre_handler+0x47/0x80 > > > [17753.484808] optimized_callback+0xbc/0xe0 > > > [17753.484808] 0xffffffffc044f30e > > > [17753.484809] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484809] [p_lkrg] Stack trace: > > > [17753.484812] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484813] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484814] opt_pre_handler+0x47/0x80 > > > [17753.484815] optimized_callback+0xbc/0xe0 > > > [17753.484816] 0xffffffffc044f388 > > > [17753.484816] [p_lkrg] => caller[p_override_creds_entry] action[OVERRIDE > > > OFF] old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484817] [p_lkrg] Stack trace: > > > [17753.484820] p_override_creds_entry+0x91/0xd0 [p_lkrg] > > > [17753.484821] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484822] opt_pre_handler+0x47/0x80 > > > [17753.484823] optimized_callback+0xbc/0xe0 > > > [17753.484823] 0xffffffffc044f30e > > > [17753.484824] [p_lkrg] => caller[p_revert_creds_ret] action[OVERRIDE ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484824] [p_lkrg] Stack trace: > > > [17753.484827] p_revert_creds_entry+0x87/0xc0 [p_lkrg] > > > [17753.484828] pre_handler_kretprobe+0xaa/0x1b0 > > > [17753.484830] opt_pre_handler+0x47/0x80 > > > [17753.484830] optimized_callback+0xbc/0xe0 > > > [17753.484831] 0xffffffffc044f388 > > > [17753.484831] [p_lkrg] => caller[p_cap_task_prctl_entry] action[OFF] > > > old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484832] [p_lkrg] => caller[p_cap_task_prctl_ret] action[ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484832] [p_lkrg] => caller[p_seccomp_entry] action[OFF] > > > old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484833] [p_lkrg] => caller[p_seccomp_ret] action[ON] > > > old_off[0x747ab67c6069eb6] debug_val[0] > > > [17753.484833] [p_lkrg] => caller[p_seccomp_entry] action[OFF] > > > old_off[0x3a3d5b3e3034f5b] debug_val[1] > > > [17753.484834] [p_lkrg] => caller[p_seccomp_ret] action[ON] > > > old_off[0x3a3d5b3e3034f5b] debug_val[0] > > > [17753.484834] [p_lkrg] <Exploit Detection> Trying to kill > > > process[QtWebEngineProc | 4072]! > > > [17753.487222] traps: akregator[3992] trap int3 ip:7c16547727d1 > > > sp:7ffe868eae20 error:0 in > > > libQt5WebEngineCore.so.5.15.1[7c165160a000+630c000] > > > > > > Pozdro > > > > > > > > > W dniu 03.12.2020 o 07:58, Adam Zabrocki pisze: > > > > Hi > > > > > > > > Sorry for late reply. However, I've been working on adding a new debugging > > > > logic to the LKRG code. > > > > I have a few questions: > > > > - Do you have any ftrace* related tools which might run in the background? > > > > Especially, around the time when you see that problem? It could be any perf* > > > > tool as well since they are using tracing infrastructure under the hood > > > > - New LKRG's debugging infrastructure can independently track state for each > > > > process. However, it requires a lot more memory. If you are willing to enable > > > > it, it will produce much more useful information which I can use. To be able > > > > to do it, please uncomment the following definition in the file: > > > > "src/modules/print_log/p_lkrg_log_level_shared.h" > > > > /* Do we want to precisely track changes of 'off' flag per each process? > > > > * If yes, uncomment it here */ > > > > #define P_LKRG_TASK_OFF_DEBUG > > > > > > > > - If you have anough resource and sucessfully load such build of LKRG, you > > > > should see more debug information in the logs when such problem appears. > > > > > > > > The newest Linux kernel changed the behavior of KPROBES and FTRACE and I'm > > > > actively researching these changes. It is worth to note that if FTRACE is > > > > being disabled e.g. via /proc/sys/kernel/ftrace_enabled it can affect KPROBES > > > > as well. Some tools heavily using such interface. > > > > > > > > Thanks, > > > > Adam > > > > > > > > On Mon, Nov 16, 2020 at > > > > 09:25:10PM +0100, Jacek wrote: > > > > > Hi > > > > > > > > > > OS Gentoo: > > > > > > > > > > Linux version 5.9.8-g1 (root@...ek) (gcc (Gentoo Hardened 9.3.0-r1 p3) > > > > > 9.3.0, GNU ld (Gentoo 2.34 p6) 2.34.0) #2 SMP PREEMPT Thu Nov 12 07:29:29 > > > > > CET 2020 > > > > > > > > > > LKRG: > > > > > > > > > > filename: /lib/modules/5.9.8-g1/extra/p_lkrg.ko > > > > > license: GPL v2 > > > > > description: pi3's Linux kernel Runtime Guard > > > > > author: Adam 'pi3' Zabrocki (http://pi3.com.pl) > > > > > srcversion: 40A527C8D5D5D19B610FE2F > > > > > depends: > > > > > retpoline: Y > > > > > name: p_lkrg > > > > > vermagic: 5.9.8-g1 SMP preempt mod_unload modversions RANDSTRUCT_PLUGIN_7c046b7d45f5b82e76f627aadaefa3bc69fdd9ae1cd91b61e72d98512ef164aa > > > > > > > > > > Git log: > > > > > > > > > > # root ~> git log |head -n 20 > > > > > commit 4cfb2b3474b813b0f2c424bbbcd7c1c456fb8f6e > > > > > Author: disrupttheflow<68149206+disrupttheflow@...rs.noreply.github.com> > > > > > Date: Mon Nov 16 12:28:23 2020 +0000 > > > > > > > > > > Add correct repository to clone from in README (#25) > > > > > > > > > > commit 645983fbf687c4bddb3c62c19a37d7db380bf927 > > > > > Author: Mariusz Zaborski<oshogbo@...illium.org> > > > > > Date: Fri Nov 6 19:29:40 2020 +0100 > > > > > > > > > > ptrace: replace ptrace kprobes with security_ptrace_access_check > > > > > > > > > > commit ca8237ed2251a6f4ae03fe8e549662465f26d347 > > > > > Merge: 37d5520 5db3f98 > > > > > Author: Adam 'pi3' Zabrocki<65244445+Adam-pi3@...rs.noreply.github.com> > > > > > Date: Sat Nov 7 08:52:18 2020 -0800 > > > > > > > > > > Merge pull request #23 from oshogbo/kill > > > > > > > > > > umh: Kill process using the proper SIGKILL signal. > > > > > > > > > > > > > > > Akreator (RSS client from KDE) > > > > > > > > > > # user ~> akregator > > > > > [506:1:0100/000000.026569:ERROR:broker_posix.cc(43)] Invalid node channel > > > > > message > > > > > Unicestwiony > > > > > > > > > > LKRG error (from dmesg): > > > > > > > > > > [ 806.873553] [p_lkrg] <Exploit Detection> ON process[2170 | > > > > > Chrome_IOThread] has corrupted 'off' flag! > > > > > [ 806.873555] [p_lkrg] <Exploit Detection> Trying to kill > > > > > process[ThreadPoolSingl | 2170]! > > > > > > > > > > Cheers > > > > > > > > > > > > > > > > > > > > > > > > > -- pi3 (pi3ki31ny) - pi3 (at) itsec pl http://pi3.com.pl
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.