lkrg-org / lkrg Goto Github PK

[  OK  ] Stopped Remount Root and Kernel File Systems.
[  OK  ] Reached target Shutdown.
[  OK  ] Reached target Final Step.
[  OK  ] Finished Power-Off.
[  OK  ] Reached target Power-Off.
[   41.384711] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[virtio_dma_buf] but can't find the same module in KOBJs list!
[   41.438382] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[virtio_dma_buf] but can't find the same module in KOBJs list!
[   41.462114] BUG: kernel NULL pointer dereference, address: 0000000000000000
[   41.465171] #PF: supervisor read access in kernel mode
[   41.465171] #PF: error_code(0x0000) - not-present page
[   41.465171] PGD 0 P4D 0 
[   41.465171] Oops: 0000 [#1] SMP NOPTI
[   41.465171] CPU: 0 PID: 404 Comm: systemd-udevd Tainted: G           OE     5.11.0-16-generic #17-Ubuntu
[   41.465171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014
[   41.465171] RIP: 0010:p_arch_static_call_transform_entry+0xed/0x180 [p_lkrg]
[   41.465171] Code: c1 48 85 c0 0f 84 83 00 00 00 8b 35 f5 34 02 00 85 f6 74 cc 48 8b 15 f2 34 02 00 31 c0 eb 0b 83 c0 01 48 83 c2 60 39 c6 74 b6 <48> 3b 0a 75 f0 89 05 80 34 02 00 eb a9 48 8b 05 67 f8 01 00 4c 89
[   41.465171] RSP: 0018:ffffb639803f7b98 EFLAGS: 00000246
[   41.465171] RAX: 0000000000000000 RBX: ffff9f373530e280 RCX: ffffffffc074c8c0
[   41.465171] RDX: 0000000000000000 RSI: 000000000000001e RDI: ffffffffc06cab4a
[   41.465171] RBP: ffffb639803f7ba8 R08: 0000000000000000 R09: 00000000000000b6
[   41.465171] R10: ffff9f3702cef680 R11: 0000000000000012 R12: ffffffffc06cab4a
[   41.465171] R13: 0000000000000000 R14: ffffffffc03f1a38 R15: ffff9f373ec18440
[   41.465171] FS:  00007feb241f68c0(0000) GS:ffff9f373ec00000(0000) knlGS:0000000000000000
[   41.465171] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   41.465171] CR2: 0000000000000000 CR3: 00000000058a8000 CR4: 00000000000006f0
[   41.465171] Call Trace:
[   41.465171]  pre_handler_kretprobe+0x97/0x170
[   41.465171]  ? arch_static_call_transform+0x1/0x90
[   41.465171]  kprobe_ftrace_handler+0x11e/0x1f0
[   41.465171]  ? arch_static_call_transform+0x5/0x90
[   41.465171]  ? kvm_dirty_ring_push+0x6a/0x80 [kvm]
[   41.465171]  0xffffffffc03bb0e3
[   41.465171] RIP: 0010:arch_static_call_transform+0x1/0x90
[   41.465171] Code: 55 48 89 fa 48 c7 c7 20 fd 99 83 c6 05 94 0b ed 01 01 48 89 e5 e8 5c b3 b9 00 0f 0b 5d c3 c3 66 2e 0f 1f 84 00 00 00 00 00 e8 <5b> b2 f7 3d 55 48 89 e5 41 56 49 89 fe 48 c7 c7 20 b4 06 84 41 55
[   41.465171] RSP: 0018:ffffb639803f7d08 EFLAGS: 00000292 ORIG_RAX: 0000000000000000
[   41.465171] RAX: ffff9f3702cef680 RBX: ffffffffc074c8c0 RCX: 0000000000000000
[   41.465171] RDX: ffffffffc06bc540 RSI: 0000000000000000 RDI: ffffffffc06cab4a
[   41.465171] RBP: ffffb639803f7d48 R08: 0000000000000020 R09: ffffffffc0737890
[   41.465171] R10: ffff9f3702cef680 R11: 0000000000000012 R12: ffffffffc06cab4a
[   41.465171] R13: ffffffffc0737890 R14: ffffffffc074c2c4 R15: ffffffffc074c2c0
[   41.465171]  ? kvm_dirty_ring_push+0x6a/0x80 [kvm]
[   41.465171]  ? __traceiter_kvm_halt_poll_ns+0x60/0x60 [kvm]
[   41.465171]  ? kvm_dirty_ring_push+0x6a/0x80 [kvm]
[   41.465171]  ? arch_static_call_transform+0x5/0x90
[   41.465171]  ? __static_call_init.part.0+0x16c/0x220
[   41.465171]  ? arch_static_call_transform+0x5/0x90
[   41.465171]  ? __static_call_init.part.0+0x16c/0x220
[   41.465171]  static_call_add_module+0xea/0x110
[   41.465171]  static_call_module_notify+0x52/0xc0
[   41.465171]  blocking_notifier_call_chain_robust+0x6a/0xe0
[   41.465171]  ? klp_module_coming+0xe6/0x110
[   41.465171]  load_module+0x400/0x780
[   41.465171]  __do_sys_finit_module+0xc2/0x120
[   41.465171]  __x64_sys_finit_module+0x1a/0x20
[   41.465171]  do_syscall_64+0x38/0x90
[   41.465171]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   41.465171] RIP: 0033:0x7feb246aef6d
[   41.465171] Code: 28 0d 00 0f 05 eb a9 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d cb de 0c 00 f7 d8 64 89 01 48
[   41.465171] RSP: 002b:00007ffcd4e6b108 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[   41.465171] RAX: ffffffffffffffda RBX: 000056381a8947e0 RCX: 00007feb246aef6d
[   41.465171] RDX: 0000000000000000 RSI: 00007feb24854e2d RDI: 0000000000000006
[   41.465171] RBP: 0000000000020000 R08: 0000000000000000 R09: 000056381a8947e0
[   41.465171] R10: 0000000000000006 R11: 0000000000000246 R12: 00007feb24854e2d
[   41.465171] R13: 0000000000000000 R14: 000056381a897660 R15: 000056381a8947e0
[   41.465171] Modules linked in: kvm(+) virtio_gpu virtio_dma_buf drm_kms_helper input_leds i2c_i801 psmouse cec rc_core fb_sys_fops syscopyarea i2c_smbus sysfillrect sysimgblt mac_hid lpc_ich sch_fq_codel drm ip_tables x_tables ahci virtio_scsi libahci serio_raw qemu_fw_cfg p_lkrg(OE) dm_mirror dm_region_hash dm_log virtio_rng autofs4
[   41.465171] CR2: 0000000000000000
[   41.510307] ---[ end trace 585af7df4cccec66 ]---
[   41.510653] RIP: 0010:p_arch_static_call_transform_entry+0xed/0x180 [p_lkrg]
[   41.511146] Code: c1 48 85 c0 0f 84 83 00 00 00 8b 35 f5 34 02 00 85 f6 74 cc 48 8b 15 f2 34 02 00 31 c0 eb 0b 83 c0 01 48 83 c2 60 39 c6 74 b6 <48> 3b 0a 75 f0 89 05 80 34 02 00 eb a9 48 8b 05 67 f8 01 00 4c 89
[   41.512307] RSP: 0018:ffffb639803f7b98 EFLAGS: 00000246
[   41.512670] RAX: 0000000000000000 RBX: ffff9f373530e280 RCX: ffffffffc074c8c0
[   41.513071] RDX: 0000000000000000 RSI: 000000000000001e RDI: ffffffffc06cab4a
[   41.513767] RBP: ffffb639803f7ba8 R08: 0000000000000000 R09: 00000000000000b6
[   41.514247] R10: ffff9f3702cef680 R11: 0000000000000012 R12: ffffffffc06cab4a
[   41.515099] R13: 0000000000000000 R14: ffffffffc03f1a38 R15: ffff9f373ec18440
[   41.515896] FS:  00007feb241f68c0(0000) GS:ffff9f373ec00000(0000) knlGS:0000000000000000
[   41.516302] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   41.516595] CR2: 0000000000000000 CR3: 00000000058a8000 CR4: 00000000000006f0
[   41.517076] Kernel panic - not syncing: Fatal exception
[   41.517153] Kernel Offset: 0x1400000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   41.517153] ACPI MEMORY or I/O RESET_REG.

[   83.188679] [p_lkrg] Loading LKRG...                                                                   
[   84.769279] [p_lkrg] ERROR: Can't find 'native_write_cr4' function :( Exiting...                                                                                                                                 

./src/modules/exploit_detection/syscalls/pCFI/p_mark_inode_dirty/p_mark_inode_dirty.c:            p_print_log(P_LKRG_CRIT, "<Exploit Detection> Path's inode[%lu] mode[0x%x] will be isolated!\n",

# make
make -C /lib/modules/5.9.0-amd64/build M=/var/lib/dkms/lkrg/0.8.1+git20201011/build modules
make[1]: Entering directory '/usr/src/linux-headers-5.9.0-amd64'
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/ksyms/p_resolve_ksym.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/hashing/p_lkrg_fast_hash.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/comm_channel/p_comm_channel.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/integrity_timer/p_integrity_timer.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/kmod/p_kmod.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/database/CPU.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/database/arch/x86/p_x86_metadata.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/database/arch/x86/p_switch_idt/p_switch_idt.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/database/arch/arm64/p_arm64_metadata.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/database/arch/arm/p_arm_metadata.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/database/arch/p_arch_metadata.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/database/JUMP_LABEL/p_arch_jump_label_transform/p_arch_jump_label_transform.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/database/JUMP_LABEL/p_arch_jump_label_transform_apply/p_arch_jump_label_transform_apply.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/database/p_database.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/notifiers/p_notifiers.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/self-defense/hiding/p_hiding.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/exploit_detection/p_rb_ed_trees/p_rb_ed_pids/p_rb_ed_pids_tree.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/exploit_detection/syscalls/p_install.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/exploit_detection/syscalls/p_sys_execve/p_sys_execve.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/exploit_detection/syscalls/p_sys_execveat/p_sys_execveat.o
  CC [M]  /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.o
/var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.c: In function ‘p_call_usermodehelper_entry’:
/var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.c:169:55: error: ‘struct subprocess_info’ has no member named ‘file’
  169 |       if (!strcmp("none",p_subproc->path) && p_subproc->file) {
      |                                                       ^~
make[2]: *** [scripts/Makefile.build:288: /var/lib/dkms/lkrg/0.8.1+git20201011/build/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.o] Error 1
make[1]: *** [Makefile:1796: /var/lib/dkms/lkrg/0.8.1+git20201011/build] Error 2
make[1]: Leaving directory '/usr/src/linux-headers-5.9.0-amd64'
make: *** [Makefile:98: all] Error 2

# cat /proc/version
Linux version 5.9.0-amd64 (morfik@morfikownia) (gcc (Debian 10.2.0-13) 10.2.0, GNU ld (GNU Binutils for Debian) 2.35.1) #1 SMP PREEMPT Mon Oct 12 08:33:00 CEST 2020

$ git log -1
commit 47804120c371aa7673b47d9c34ecfe19026a3c52 (HEAD -> main, origin/main, origin/HEAD)
Author: Adam_pi3 <[email protected]>
Date:   Thu Dec 3 15:07:40 2020 -0500

    Fix a gentle bug when compiled with P_LKRG_TASK_OFF_DEBUG

    P_LKRG_TASK_OFF_DEBUG introduces extra lines of code which was not taken into account for seccomp() and namespace API. This commit fixes it. Additionally, we are adding extra information in case of corruption (dump_stack()).
(END)

kernel: [p_lkrg] <Exploit Detection> ON process[337418] | zsh] has corrupted 'off' flag!
kernel: [p_lkrg] <Exploit Detection> Trying to kill process[zsh] | 337418]!

$ cat /proc/version
Linux version 5.9.12-amd64 (morfik@morfikownia) (gcc (Debian 10.2.0-23) 10.2.0, GNU ld (GNU Binutils for Debian) 2.35.1) #5 SMP PREEMPT Sat Dec 5 17:54:45 CET 2020

# sysctl -a | grep lkrg
lkrg.block_modules = 1
lkrg.heartbeat = 0
lkrg.hide = 0
lkrg.interval = 15
lkrg.kint_enforce = 2
lkrg.kint_validate = 3
lkrg.log_level = 3
lkrg.msr_validate = 0
lkrg.pcfi_enforce = 1
lkrg.pcfi_validate = 2
lkrg.pint_enforce = 1
lkrg.pint_validate = 2
lkrg.profile_enforce = 2
lkrg.profile_validate = 9
lkrg.smap_enforce = 0
lkrg.smap_validate = 0
lkrg.smep_enforce = 2
lkrg.smep_validate = 1
lkrg.trigger = 0
lkrg.umh_enforce = 1
lkrg.umh_validate = 0

  CC [M]  /home/travis/build/openwall/lkrg/src/p_lkrg_main.o
  LD [M]  /home/travis/build/openwall/lkrg/p_lkrg.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /home/travis/build/openwall/lkrg/p_lkrg.mod.o
  LD [M]  /home/travis/build/openwall/lkrg/p_lkrg.ko
make[1]: Leaving directory '/usr/src/linux-headers-4.15.0-1077-gcp'
mkdir -p output
cp /home/travis/build/openwall/lkrg/p_lkrg.ko output
++sudo make install
make -C /lib/modules/4.15.0-1077-gcp/build M=/home/travis/build/openwall/lkrg modules_install
make[1]: Entering directory '/usr/src/linux-headers-4.15.0-1077-gcp'
  INSTALL /home/travis/build/openwall/lkrg/p_lkrg.ko
At main.c:160:
- SSL error:02001002:system library:fopen:No such file or directory: bss_file.c:175
- SSL error:2006D080:BIO routines:BIO_new_file:no such file: bss_file.c:178
sign-file: certs/signing_key.pem: No such file or directory
  DEPMOD  4.15.0-1077-gcp
make[1]: Leaving directory '/usr/src/linux-headers-4.15.0-1077-gcp'
depmod -a
/home/travis/build/openwall/lkrg/scripts/bootup/lkrg-bootup.sh install
 [*] Executing LKRG's bootup installation script
  [+] Systemd detected
       Installing lkrg.service file under /usr/local/lib/systemd/system folder
cp: cannot create regular file '/usr/local/lib/systemd/system/lkrg.service': No such file or directory
       Enabling lkrg.service on bootup
Failed to execute operation: No such file or directory
       To start lkrg.service please use: systemctl start lkrg
  [+] Done!
+result=0

quiet kaslr apparmor=1 security=apparmor ipv6.disable=1 kernel.kptr_restrict=2 kernel.kexec_load_disabled=1
slab_nomerge slub_debug=FZP mce=0 page_poison=1 mitigations=auto,nosmt audit=0 efi=disable_early_pci_dma
init_on_alloc=1 init_on_free=1 pti=on module.sig_enforce=1 vsyscall=none extra_latent_entropy intel_iommu=on
fsck.mode=force fsck.repair=preen

kern  :warn  : [  +0.009410] p_lkrg: loading out-of-tree module taints kernel.
kern  :crit  : [  +0.051397] [p_lkrg] Loading LKRG...
kern  :err   : [  +0.000003] [p_lkrg] System does NOT support SMAP. LKRG can't enforce SMAP validation :(
kern  :info  : [  +0.002052] Freezing user space processes ... (elapsed 0.077 seconds) done.
kern  :info  : [  +0.077095] OOM killer disabled.
kern  :warn  : [  +0.001255] [p_lkrg] 6/23 UMH paths are allowed...
kern  :notice: [  +0.047055] Lockdown: Use of kprobes is restricted; see https://wiki.debian.org/SecureBoot
kern  :err   : [  +0.000004] [p_lkrg] [kretprobe] register_kretprobe() for <__x64_sys_execve> failed! [err=-1]
kern  :err   : [  +0.000412] [p_lkrg] ERROR: Can't hook sys_execve :(
kern  :crit  : [  +0.015075] [p_lkrg] Can't initialize exploit detection features! Exiting...
kern  :info  : [  +0.044015] OOM killer enabled.
kern  :info  : [  +0.000003] Restarting tasks ... done.

- lkrg.umh_enforce (1)
  How to act on UMH usage violations.  Allowed values are 0 (log only), 1
  (prevent execution), and 2 (panic the kernel).

./src/p_lkrg_main.c:MODULE_PARM_DESC(umh_enforce, "umh_enforce [1 (prevent execution) is default]");
./src/modules/comm_channel/p_comm_channel.c:      "PREVENT EXECUTION",
./src/modules/comm_channel/p_comm_channel.c:                  P_CTRL(p_umh_enforce) = 0x1;   // Prevent execution
./src/modules/comm_channel/p_comm_channel.c:                  P_CTRL(p_umh_enforce) = 0x1;   // Prevent execution
./src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.c:            /* Prevent execution */

if command -v vboxmanage &>/dev/null ; then
   ## https://forums.whonix.org/t/linux-kernel-runtime-guard-lkrg-linux-kernel-runtime-integrity-checking-and-exploit-detection/8477/32
   ## https://www.openwall.com/lists/lkrg-users/2020/01/24/2
   ## https://www.openwall.com/lists/lkrg-users/2020/01/25/2
   lkrg_opts="msr_validate=0 pcfi_validate=1 $lkrg_opts"
elif command -v kvm &>/dev/null ; then
   ## Adam:
   ## For other hypervisors like KVM/qemu you can keep pcfi_validate=2 and only set
   ## msr_validate=0 (This hypervisor don't do such nasty calls like VirtualBox).
   lkrg_opts="msr_validate=0 $lkrg_opts"
   ## check if there is any binary in /usr/bin matching 'qemu*'
elif dpkg-query --show "qemu-system" &>/dev/null ; then
   lkrg_opts="msr_validate=0 $lkrg_opts"
fi

[  OK  ] Stopped target System Time Set.
[  OK  ] Closed Load/Save RF Kill Switch Status /dev/rfkill Watch.
         Stopping Restore /run/initramfs on shutdown...
         Stopping Getty on tty1...
         Stopping LSB: Record successful boot for GRUB...
         Stopping Serial Getty on ttyS0...
         Stopping Load/Save Random Seed...
         Stopping Network Name Resolution...
[  OK  ] Stopped Getty on tty1.
[   42.207953] [p_lkrg] ALERT !!! MODULE'S <kvm> HASH IS DIFFERENT it is [0x6d55c1581d4e3a64] and should be [0xa13d10c478536c69] !!!
[   42.207953] [p_lkrg] ALERT !!! MODULE LIST HASH IS DIFFERENT !!! - it is [0xf3bade2b341e0f89] and should be [0x118d967123c274b8] !!!
[   42.207953] [p_lkrg] ALERT !!! MODULE KOBJ HASH IS DIFFERENT !!! - it is [0x49d7ecbc81dd621a] and should be [0x93e07ae69866ebae] !!!
[   42.207953] [p_lkrg] [KOBJ] ALERT !!! MODULE'S <kvm> HASH IS DIFFERENT it is [0x6d55c1581d4e3a64] and should be [0xa13d10c478536c69] !!!
[   42.207953] [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 4 CHECKSUMS !!!
[   42.207953] Kernel panic - not syncing: [p_lkrg] Kernel Integrity verification failed! Killing the kernel...
[   42.207953] CPU: 0 PID: 156 Comm: kworker/u4:2 Tainted: G           OE     5.12.0-051200rc7daily20210416-generic #202104152206
[   42.207953] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014
[   42.207953] Workqueue: events_unbound p_check_integrity [p_lkrg]
[   42.207953] Call Trace:
[   42.207953]  show_stack+0x52/0x58
[   42.207953]  dump_stack+0x7d/0x9c
[   42.207953]  panic+0x101/0x2e3
[   42.207953]  p_check_integrity.cold+0xb3d/0x1d9e [p_lkrg]
[   42.207953]  process_one_work+0x220/0x3c0
[   42.207953]  worker_thread+0x50/0x370
[   42.207953]  kthread+0x12f/0x150
[   42.207953]  ? process_one_work+0x3c0/0x3c0
[   42.207953]  ? __kthread_bind_mask+0x70/0x70
[   42.207953]  ret_from_fork+0x22/0x30
[   42.207953] Kernel Offset: 0x2c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   42.207953] ACPI MEMORY or I/O RESET_REG.
7lSeaBIOS (version 1.13.0-1ubuntu1.1)
Booting from Hard Disk...

[  OK  ] Started Getty on tty1.
[  OK  ] Started Serial Getty on ttyS0.
[  OK  ] Reached target Login Prompts.
[  OK  ] Finished Remove Stale Onli…ext4 Metadata Check Snapshots.
[  OK  ] Started LSB: Record successful boot for GRUB.
[  OK  ] Started User Login Management.
[  OK  ] Reached target Multi-User System.
[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[  OK  ] Finished Update UTMP about System Runlevel Changes.

Ubuntu 20.10 localhost ttyS0

localhost login: root (automatic login)

Welcome to Ubuntu 20.10 (GNU/Linux 5.12.0-051200rc7daily20210416-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
Last login: Fri Apr 16 10:15:23 UTC 2021 on tty1
root@localhost:~# [   42.567193] [p_lkrg] ALERT !!! MODULE'S <kvm> HASH IS DIFFERENT it is [0x2a58fa680c88611] and should be [0x80fe0107fb787c51] !!!
[   42.567193] [p_lkrg] [KOBJ] ALERT !!! MODULE'S <kvm> HASH IS DIFFERENT it is [0x2a58fa680c88611] and should be [0x80fe0107fb787c51] !!!
[   42.567193] [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 1 CHECKSUMS !!!
[   42.567193] Kernel panic - not syncing: [p_lkrg] Kernel Integrity verification failed! Killing the kernel...
[   42.567193] CPU: 1 PID: 291 Comm: kworker/u4:5 Tainted: G           OE     5.12.0-051200rc7daily20210416-generic #202104152206
ABORT
[   42.567193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014
[   42.567193] Workqueue: events_unbound p_check_integrity [p_lkrg]
[   42.567193] Call Trace:
[   42.567193]  show_stack+0x52/0x58
[   42.567193]  dump_stack+0x7d/0x9c
[   42.567193]  panic+0x101/0x2e3
[   42.567193]  p_check_integrity.cold+0xb3d/0x1d9e [p_lkrg]
[   42.567193]  process_one_work+0x220/0x3c0
[   42.567193]  worker_thread+0x50/0x370
[   42.567193]  kthread+0x12f/0x150
[   42.567193]  ? process_one_work+0x3c0/0x3c0
[   42.567193]  ? __kthread_bind_mask+0x70/0x70
[   42.567193]  ret_from_fork+0x22/0x30
[   42.567193] Kernel Offset: 0x1e200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   42.567193] ACPI MEMORY or I/O RESET_REG.
7lSeaBIOS (version 1.13.0-1ubuntu1.1)
Booting from Hard Disk...

Error: Process completed with exit code 1.

[  940.327546] [p_lkrg] <Exploit Detection> Detected data corruption against SELINUX! 'selinux_state->enforcing' has different value [216 vs 168] than expected!

[   27.130301] [p_lkrg] Loading LKRG...
[   27.148158] Freezing user space processes ... (elapsed 0.000 seconds) done.
[   27.150367] OOM killer disabled.
[   27.177919] [p_lkrg] [kretprobe] register_kretprobe() for <search_binary_handler> failed! [err=-22]
[   27.179199] [p_lkrg] Trying to find ISRA / CONSTPROP name for <search_binary_handler>
[   27.203672] [p_lkrg] [kretprobe] register_kretprobe() for search_binary_handler failed and ISRA / CONSTPROP version not found!
[   27.205072] [p_lkrg] ERROR: Can't hook search_binary_handler :(
[   27.206020] [p_lkrg] Can't initialize exploit detection features! Exiting...

[    5.109658] [p_lkrg] Loading LKRG...
[    5.110915] [p_lkrg] System does NOT support SMEP. LKRG can't enforce SMEP validation :(
[    5.110915] [p_lkrg] System does NOT support SMAP. LKRG can't enforce SMAP validation :(
[    5.319365] Freezing user space processes ... (elapsed 0.001 seconds) done.
[    5.323209] OOM killer disabled.
[    6.468278] [p_lkrg] [kretprobe] register_kretprobe() for <sys_setuid> failed! [err=-22]
[    6.469320] [p_lkrg] ERROR: Can't hook sys_setuid :(
[    6.804166] [p_lkrg] Can't initialize exploit detection features! Exiting...

5.4.62-std-debug-alt1:~# runltp -f tracing
...
<<<test_start>>>
tag=ftrace-stress-test stime=1599744593
cmdline="ftrace_stress_test.sh 90"
contacts=""
analysis=exit
<<<test_output>>>
ftrace-stress-test 1 TINFO: Ftrace Stress Test Begin
...

[ 5377.306446] LTP: starting ftrace_regression01 (ftrace_regression01.sh)
[ 5378.097069] LTP: starting ftrace_regression02 (ftrace_regression02.sh)
[ 5383.078461] LTP: starting ftrace-stress-test (ftrace_stress_test.sh 90)
[ 5386.081418] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[ 5388.088215] [p_lkrg] ALERT !!! _STEXT MEMORY BLOCK HASH IS DIFFERENT - it is [0x1706cdb42cde8eb8] and should be [0x581eee007df92d24] !!!
[ 5388.105296] [p_lkrg] ALERT !!! MODULE'S <hwmon> HASH IS DIFFERENT it is [0x1cd9fc3732b4885c] and should be [0x84e3f76402a93d49] !!!
[ 5388.117126] [p_lkrg] ALERT !!! MODULE'S <ext4> HASH IS DIFFERENT it is [0x3bb0c67a82f8aaa5] and should be [0x2ee51f66d4d8329a] !!!
[ 5388.128859] [p_lkrg] ALERT !!! MODULE'S <jbd2> HASH IS DIFFERENT it is [0xee160b439517275b] and should be [0xcdeb451ae7ca6b0] !!!
[ 5388.140505] [p_lkrg] ALERT !!! MODULE'S <xhci_pci> HASH IS DIFFERENT it is [0xeb0a1cd2d3d0ecef] and should be [0x9d43d2cf1208a852] !!!
[ 5388.152588] [p_lkrg] ALERT !!! MODULE'S <xhci_hcd> HASH IS DIFFERENT it is [0x36ff05742340dec0] and should be [0x99e0a5a9595c198d] !!!
[ 5388.164671] [p_lkrg] ALERT !!! MODULE LIST HASH IS DIFFERENT !!! - it is [0xa4ab406b45dd2d62] and should be [0xa679f172b4f386e8] !!!
[ 5388.176589] [p_lkrg] ALERT !!! MODULE KOBJ HASH IS DIFFERENT !!! - it is [0xcd8dfe54b1c33935] and should be [0x7e4e1a50a54119d1] !!!
[ 5388.188491] [p_lkrg] [KOBJ] ALERT !!! MODULE'S <xhci_hcd> HASH IS DIFFERENT it is [0x36ff05742340dec0] and should be [0x99e0a5a9595c198d] !!!
[ 5388.201179] [p_lkrg] [KOBJ] ALERT !!! MODULE'S <xhci_pci> HASH IS DIFFERENT it is [0xeb0a1cd2d3d0ecef] and should be [0x9d43d2cf1208a852] !!!
[ 5388.213869] [p_lkrg] [KOBJ] ALERT !!! MODULE'S <jbd2> HASH IS DIFFERENT it is [0xee160b439517275b] and should be [0xcdeb451ae7ca6b0] !!!
[ 5388.226122] [p_lkrg] [KOBJ] ALERT !!! MODULE'S <ext4> HASH IS DIFFERENT it is [0x3bb0c67a82f8aaa5] and should be [0x2ee51f66d4d8329a] !!!
[ 5388.238465] [p_lkrg] [KOBJ] ALERT !!! MODULE'S <hwmon> HASH IS DIFFERENT it is [0x1cd9fc3732b4885c] and should be [0x84e3f76402a93d49] !!!
[ 5388.250899] [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 13 CHECKSUMS !!!
[ 5388.259689] Kernel panic - not syncing: [p_lkrg] Kernel Integrity verification failed! Killing the kernel...
[ 5388.269522] CPU: 17 PID: 138522 Comm: kworker/u69:1 Tainted: G        W  OE     5.4.62-std-debug-alt1 #1
[ 5388.278997] Hardware name: Supermicro Super Server/H11DSi, BIOS 1.2 04/15/2019
[ 5388.286243] Workqueue: events_unbound p_check_integrity [p_lkrg]
[ 5388.292255] Call Trace:
[ 5388.294718]  dump_stack+0xac/0xec
[ 5388.298055]  panic+0x119/0x31a
[ 5388.301154]  p_check_integrity.cold+0x1828/0x1e81 [p_lkrg]
[ 5388.306670]  process_one_work+0x2ad/0x5e0
[ 5388.310713]  worker_thread+0x4d/0x3e0
[ 5388.314389]  ? process_one_work+0x5e0/0x5e0
[ 5388.318586]  kthread+0x133/0x150
[ 5388.321832]  ? kthread_mod_delayed_work+0xc0/0xc0
[ 5388.326548]  ret_from_fork+0x27/0x50
[ 5388.330546] Kernel Offset: disabled
[ 5388.339867] ---[ end Kernel panic - not syncing: [p_lkrg] Kernel Integrity verification failed! Killing the kernel... ]---

  CC [M]  /root/src/src/p_lkrg_main.o
/root/src/src/modules/exploit_detection/p_selinux_state.c: In function 'p_selinux_restore':
/root/src/src/modules/exploit_detection/p_selinux_state.c:58:31: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
    P_SYM(p_selinux_enforcing) = p_ed_guard_globals.p_selinux.p_selinux_enforcing;
                               ^
  LD [M]  /root/src/p_lkrg.o
  Building modules, stage 2.
  MODPOST 1 modules
WARNING: "p_selinux_state_restore" [/root/src/p_lkrg.ko] undefined!
  CC      /root/src/p_lkrg.mod.o
  LD [M]  /root/src/p_lkrg.ko
make[1]: Leaving directory '/usr/src/linux-headers-4.15.0-20-generic'

oshogbo/lkrg-osho/umh (pull request #6)
    
    Rework UMH.
    
    * Introduce nitems for nice array counting scheme.
    
    * Rework the umh whitelist.
    
        No functional changes intended.
    
    * Sort the UMH and remove dups.

CONFIG_HAVE_ARCH_KFENCE=y
CONFIG_KFENCE=y
CONFIG_KFENCE_STATIC_KEYS=y
CONFIG_KFENCE_SAMPLE_INTERVAL=100
CONFIG_KFENCE_NUM_OBJECTS=255
CONFIG_KFENCE_STRESS_TEST_FAULTS=0

ftrace# ./ftracetest test.d/ftrace/
./ftracetest: строка 42: echo: ошибка записи: Устройство или ресурс занято
=== Ftrace unit tests ===
[1] ftrace - function graph filters with stack tracer   [UNSUPPORTED]
[2] ftrace - function graph filters     [PASS]
[3] ftrace - function trace with cpumask        [PASS]
[4] ftrace - test for function event triggers

[   73.677383] [p_lkrg] ALERT !!! _STEXT MEMORY BLOCK HASH IS DIFFERENT - it is [0xb2cdd5b9a9ce7d21] and should be [0xe523d7e562ce0cd6] !!!
[   73.691709] [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 1 CHECKSUMS !!!
[   73.700395] Kernel panic - not syncing: [p_lkrg] Kernel Integrity verification failed! Killing the kernel...
[   73.710217] CPU: 3 PID: 8 Comm: kworker/u65:0 Tainted: G           OE     5.7.19-un-def-alt1 #1
[   73.718905] Hardware name: Supermicro Super Server/H11DSi, BIOS 1.2 04/15/2019
[   73.726136] Workqueue: events_unbound p_check_integrity [p_lkrg]
[   73.732140] Call Trace:
[   73.734600]  dump_stack+0x7c/0x9c
[   73.737916]  panic+0x114/0x302
[   73.740979]  p_check_integrity.cold+0x1828/0x1e81 [p_lkrg]
[   73.746461]  ? syscall_return_via_sysret+0xf/0x7f
[   73.751165]  ? __switch_to+0x19b/0x450
[   73.754915]  ? finish_task_switch+0x75/0x250
[   73.759181]  process_one_work+0x1da/0x3d0
[   73.763193]  worker_thread+0x4a/0x3d0
[   73.766859]  ? process_one_work+0x3d0/0x3d0
[   73.771046]  kthread+0x12f/0x150
[   73.774278]  ? kthread_unpark+0x70/0x70
[   73.778118]  ret_from_fork+0x22/0x40
[   73.781752] Kernel Offset: disabled
[   73.788936] ---[ end Kernel panic - not syncing: [p_lkrg] Kernel Integrity verification failed! Killing the kernel... ]---

[    9.513329] p_lkrg: loading out-of-tree module taints kernel.
[    9.519306] p_lkrg: module verification failed: signature and/or required key missing - tainting kernel
[    9.530220] [p_lkrg] Loading LKRG...
[    9.536765] Freezing user space processes ... (elapsed 0.039 seconds) done.
[    9.582856] OOM killer disabled.
[    9.816862] [p_lkrg] [kretprobe] register_kretprobe() for <ovl_create_or_link> failed! [err=-22]
[    9.825645] [p_lkrg] Trying to find ISRA / CONSTPROP name for <ovl_create_or_link>
[    9.865042] [p_lkrg] [kretprobe] register_kretprobe() for ovl_create_or_link failed and ISRA / CONSTPROP version not found!
[    9.876161] [p_lkrg] Can't hook 'ovl_create_or_link' function. This is expected if you are not using OverlayFS.

[   14.598101] p_lkrg: loading out-of-tree module taints kernel.
[   14.604040] p_lkrg: module verification failed: signature and/or required key missing - tainting kernel
[   14.615663] [p_lkrg] Loading LKRG...
[   14.622363] Freezing user space processes ... (elapsed 0.055 seconds) done.
[   14.685119] OOM killer disabled.
[   15.035576] [p_lkrg] [kretprobe] register_kretprobe() for <ovl_create_or_link> failed! [err=-22]
[   15.044367] [p_lkrg] Trying to find ISRA / CONSTPROP name for <ovl_create_or_link>
[   15.081758] ------------[ cut here ]------------
[   15.086382] WARNING: CPU: 0 PID: 780 at kernel/module.c:257 module_assert_mutex+0x25/0x30
[   15.094553] Modules linked in: p_lkrg(OE+) fuse ip_tables x_tables hid_generic usbhid hid ext4 crc32c_generic crc16 mbcache jbd2 sd_mod crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel ahci aesni_intel glue_helper libahci crypto_simd xhci_pci libata cryptd xhci_hcd scsi_mod usbcore ccp usb_common rng_core button ipv6 crc_ccitt autofs4
[   15.125356] CPU: 0 PID: 780 Comm: modprobe Tainted: G           OE     5.4.96-std-debug-alt1 #1
[   15.134048] Hardware name: Supermicro Super Server/H11DSi, BIOS 1.2 04/15/2019
[   15.141269] RIP: 0010:module_assert_mutex+0x25/0x30
[   15.146145] Code: 0f 1f 44 00 00 0f 1f 44 00 00 8b 05 29 40 38 01 85 c0 75 01 c3 be ff ff ff ff 48 c7 c7 10 cd 33 82 e8 0f b9 fa ff 85 c0 75 ea <0f> 0b c3 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 fd e8 c2
[   15.164892] RSP: 0018:ffffc90004ebfc50 EFLAGS: 00010246
[   15.170117] RAX: 0000000000000000 RBX: 000000000001702b RCX: 000000000000001d
[   15.177248] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000286
[   15.184381] RBP: ffffffffa0349060 R08: 0000000000000000 R09: ffffc90104ebfb57
[   15.191514] R10: ffffffffffffffff R11: 0000000000000000 R12: ffffc90004ebfd40
[   15.198648] R13: ffffffffa0349060 R14: 00000000001186eb R15: 0000000000000000
[   15.205781] FS:  00007f2430d3f740(0000) GS:ffff888616600000(0000) knlGS:0000000000000000
[   15.213865] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   15.219611] CR2: 000055b1a7a23500 CR3: 000000020eb02000 CR4: 00000000003406f0
[   15.226745] Call Trace:
[   15.229201]  module_kallsyms_on_each_symbol+0x18/0xa0
[   15.234259]  ? p_lookup_syms_hack+0x40/0x40 [p_lkrg]
[   15.239228]  kallsyms_on_each_symbol+0xb6/0xc0
[   15.243676]  ? printk+0x58/0x6f
[   15.246831]  p_install_hook+0x9e/0x110 [p_lkrg]
[   15.251369]  p_exploit_detection_init+0x373/0x500 [p_lkrg]
[   15.256855]  ? 0xffffffffa02f6000
[   15.260178]  p_lkrg_register+0x167/0x1000 [p_lkrg]
[   15.264968]  ? 0xffffffffa02f6000
[   15.268285]  do_one_initcall+0x5d/0x310
[   15.272125]  ? kmem_cache_alloc_trace+0x188/0x360
[   15.276832]  do_init_module+0x5c/0x260
[   15.280585]  __do_sys_finit_module+0xbf/0xe0
[   15.284862]  do_syscall_64+0x5c/0x80
[   15.288435]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   15.293486] RIP: 0033:0x7f2430e65819
[   15.297068] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f 66 0c 00 f7 d8 64 89 01 48
[   15.315813] RSP: 002b:00007ffd7b55d788 EFLAGS: 00000206 ORIG_RAX: 0000000000000139
[   15.323379] RAX: ffffffffffffffda RBX: 0000000000797f90 RCX: 00007f2430e65819
[   15.330511] RDX: 0000000000000000 RSI: 000000000041df38 RDI: 0000000000000003
[   15.337643] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000000
[   15.344776] R10: 0000000000000003 R11: 0000000000000206 R12: 000000000041df38
[   15.351909] R13: 0000000000000000 R14: 0000000000797f50 R15: 0000000000797f90
[   15.359047] irq event stamp: 36408
[   15.362450] hardirqs last  enabled at (36407): [<ffffffff810034aa>] trace_hardirqs_on_thunk+0x1a/0x20
[   15.371662] hardirqs last disabled at (36408): [<ffffffff810034ca>] trace_hardirqs_off_thunk+0x1a/0x20
[   15.380959] softirqs last  enabled at (36406): [<ffffffff81c00337>] __do_softirq+0x337/0x444
[   15.389391] softirqs last disabled at (36399): [<ffffffff810936d3>] irq_exit+0x93/0x100
[   15.397392] ---[ end trace 5c1efb8ecd25c1e6 ]---
[   15.404873] [p_lkrg] [kretprobe] register_kretprobe() for ovl_create_or_link failed and ISRA / CONSTPROP version not found!
[   15.416001] [p_lkrg] Can't hook 'ovl_create_or_link' function. This is expected if you are not using OverlayFS.
[   15.635880]
[   15.637378] ======================================================
[   15.643557] WARNING: possible circular locking dependency detected
[   15.649729] 5.4.96-std-debug-alt1 #1 Tainted: G        W  OE
[   15.655733] ------------------------------------------------------
[   15.661905] modprobe/780 is trying to acquire lock:
[   15.666785] ffffffff8226bf70 (text_mutex){+.+.}, at: p_create_database+0x186/0x2f0 [p_lkrg]
[   15.675139]
[   15.675139] but task is already holding lock:
[   15.680970] ffffffff8233cd10 (module_mutex){+.+.}, at: p_create_database+0x161/0x2f0 [p_lkrg]
[   15.689489]
[   15.689489] which lock already depends on the new lock.
[   15.689489]
[   15.697653]
[   15.697653] the existing dependency chain (in reverse order) is:
[   15.705123]
[   15.705123] -> #1 (module_mutex){+.+.}:
[   15.710433]        __mutex_lock+0x8b/0x830
[   15.714531]        set_all_modules_text_rw+0x1e/0x80
[   15.719495]        ftrace_arch_code_modify_prepare+0x18/0x20
[   15.725154]        ftrace_run_update_code+0x8/0x70
[   15.729947]        ftrace_startup.part.0+0xcc/0x130
[   15.734825]        register_ftrace_function+0x50/0x90
[   15.739871]        arm_kprobe+0xcf/0x100
[   15.743797]        register_kprobe+0x509/0x5f0
[   15.748243]        register_kretprobe+0xee/0x2b0
[   15.752868]        p_install_hook+0x33/0x110 [p_lkrg]
[   15.757920]        p_exploit_detection_init+0x373/0x500 [p_lkrg]
[   15.763924]        p_lkrg_register+0x167/0x1000 [p_lkrg]
[   15.769233]        do_one_initcall+0x5d/0x310
[   15.773593]        do_init_module+0x5c/0x260
[   15.777864]        __do_sys_finit_module+0xbf/0xe0
[   15.782657]        do_syscall_64+0x5c/0x80
[   15.786757]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   15.792328]
[   15.792328] -> #0 (text_mutex){+.+.}:
[   15.797470]        __lock_acquire+0xee3/0x1aa0
[   15.801913]        lock_acquire+0xc0/0x1b0
[   15.806006]        __mutex_lock+0x8b/0x830
[   15.810110]        p_create_database+0x186/0x2f0 [p_lkrg]
[   15.815508]        p_lkrg_register+0x1d4/0x1000 [p_lkrg]
[   15.820816]        do_one_initcall+0x5d/0x310
[   15.825175]        do_init_module+0x5c/0x260
[   15.829449]        __do_sys_finit_module+0xbf/0xe0
[   15.834239]        do_syscall_64+0x5c/0x80
[   15.838332]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   15.843904]
[   15.843904] other info that might help us debug this:
[   15.843904]
[   15.851902]  Possible unsafe locking scenario:
[   15.851902]
[   15.857812]        CPU0                    CPU1
[   15.862339]        ----                    ----
[   15.866871]   lock(module_mutex);
[   15.870188]                                lock(text_mutex);
[   15.875841]                                lock(module_mutex);
[   15.881672]   lock(text_mutex);
[   15.884809]
[   15.884809]  *** DEADLOCK ***
[   15.884809]
[   15.890720] 2 locks held by modprobe/780:
[   15.894724]  #0: ffffffff8235b2b0 (ftrace_lock){+.+.}, at: p_create_database+0x153/0x2f0 [p_lkrg]
[   15.903591]  #1: ffffffff8233cd10 (module_mutex){+.+.}, at: p_create_database+0x161/0x2f0 [p_lkrg]
[   15.912544]
[   15.912544] stack backtrace:
[   15.916904] CPU: 1 PID: 780 Comm: modprobe Tainted: G        W  OE     5.4.96-std-debug-alt1 #1
[   15.925595] Hardware name: Supermicro Super Server/H11DSi, BIOS 1.2 04/15/2019
[   15.932806] Call Trace:
[   15.935259]  dump_stack+0xac/0xe2
[   15.938581]  check_noncircular+0x16a/0x180
[   15.942679]  __lock_acquire+0xee3/0x1aa0
[   15.946606]  lock_acquire+0xc0/0x1b0
[   15.950189]  ? p_create_database+0x186/0x2f0 [p_lkrg]
[   15.955242]  ? p_create_database+0x186/0x2f0 [p_lkrg]
[   15.960288]  __mutex_lock+0x8b/0x830
[   15.963874]  ? p_create_database+0x186/0x2f0 [p_lkrg]
[   15.968927]  ? p_lkrg_siphash+0xc4/0x240 [p_lkrg]
[   15.973632]  p_create_database+0x186/0x2f0 [p_lkrg]
[   15.978508]  ? 0xffffffffa02f6000
[   15.981830]  p_lkrg_register+0x1d4/0x1000 [p_lkrg]
[   15.986619]  ? 0xffffffffa02f6000
[   15.989937]  do_one_initcall+0x5d/0x310
[   15.993778]  ? kmem_cache_alloc_trace+0x188/0x360
[   15.998485]  do_init_module+0x5c/0x260
[   16.002236]  __do_sys_finit_module+0xbf/0xe0
[   16.006509]  do_syscall_64+0x5c/0x80
[   16.010087]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   16.015141] RIP: 0033:0x7f2430e65819
[   16.018721] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f 66 0c 00 f7 d8 64 89 01 48
[   16.037463] RSP: 002b:00007ffd7b55d788 EFLAGS: 00000206 ORIG_RAX: 0000000000000139
[   16.045023] RAX: ffffffffffffffda RBX: 0000000000797f90 RCX: 00007f2430e65819
[   16.052154] RDX: 0000000000000000 RSI: 000000000041df38 RDI: 0000000000000003
[   16.059288] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000000
[   16.066418] R10: 0000000000000003 R11: 0000000000000206 R12: 000000000041df38
[   16.073542] R13: 0000000000000000 R14: 0000000000797f50 R15: 0000000000797f90
[  246.748573] INFO: task kworker/0:2:179 blocked for more than 122 seconds.
[  246.755364]       Tainted: G        W  OE     5.4.96-std-debug-alt1 #1
[  246.761887] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  246.769714] kworker/0:2     D13072   179      2 0x80004000
[  246.775212] Workqueue: events kprobe_optimizer
[  246.779660] Call Trace:
[  246.782118]  __schedule+0x378/0xa80
[  246.785610]  ? kprobe_optimizer+0x3a/0x2a0
[  246.789708]  schedule+0x40/0xc0
[  246.792854]  bzImage64_load+0x7e0/0x7e0
[  246.796691]  ? __mutex_lock+0x1e6/0x830
[  246.800532]  ? lock_acquire+0xc0/0x1b0
[  246.804283]  ? kprobe_optimizer+0x1e/0x2a0
[  246.808384]  ? kprobe_optimizer+0x3a/0x2a0
[  246.812484]  ? process_one_work+0x2ad/0x5e0
[  246.816670]  ? worker_thread+0x52/0x400
[  246.820506]  ? process_one_work+0x5e0/0x5e0
[  246.824694]  ? kthread+0x133/0x150
[  246.828099]  ? __kthread_bind_mask+0x60/0x60
[  246.832372]  ? ret_from_fork+0x27/0x50
[  246.836140] INFO: task modprobe:780 blocked for more than 122 seconds.
[  246.842668]       Tainted: G        W  OE     5.4.96-std-debug-alt1 #1
[  246.849192] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  246.857019] modprobe        D13208   780      1 0x80004080
[  246.862504] Call Trace:
[  246.864959]  __schedule+0x378/0xa80
[  246.868462]  ? p_create_database+0x186/0x2f0 [p_lkrg]
[  246.873513]  schedule+0x40/0xc0
[  246.876661]  bzImage64_load+0x7e0/0x7e0
[  246.880498]  ? __mutex_lock+0x1e6/0x830
[  246.884347]  ? p_create_database+0x186/0x2f0 [p_lkrg]
[  246.889399]  ? 0xffffffffa02f6000
[  246.892724]  ? p_lkrg_register+0x1d4/0x1000 [p_lkrg]
[  246.897693]  ? 0xffffffffa02f6000
[  246.901012]  ? do_one_initcall+0x5d/0x310
[  246.905027]  ? kmem_cache_alloc_trace+0x188/0x360
[  246.909733]  ? do_init_module+0x5c/0x260
[  246.913656]  ? __do_sys_finit_module+0xbf/0xe0
[  246.918104]  ? do_syscall_64+0x5c/0x80
[  246.921854]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  246.927101] INFO: lockdep is turned off.

[   14.757512] p_lkrg: loading out-of-tree module taints kernel.
[   14.764121] p_lkrg: module verification failed: signature and/or required key missing - tainting kernel
[   14.775738] [p_lkrg] Loading LKRG...
[   14.782385] Freezing user space processes ... (elapsed 0.016 seconds) done.
[   14.805650] OOM killer disabled.
[   15.157855] [p_lkrg] [kretprobe] register_kretprobe() for <ovl_create_or_link> failed! [err=-22]
[   15.166644] [p_lkrg] Trying to find ISRA / CONSTPROP name for <ovl_create_or_link>
[   15.204244] ------------[ cut here ]------------
[   15.208867] WARNING: CPU: 2 PID: 772 at kernel/module.c:257 module_assert_mutex+0x25/0x30
[   15.217035] Modules linked in: p_lkrg(OE+) fuse ip_tables x_tables hid_generic usbhid hid ext4 crc32c_generic crc16 mbcache jbd2 sd_mod crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel ahci glue_helper crypto_simd libahci cryptd xhci_pci libata xhci_hcd scsi_mod usbcore ccp usb_common rng_core button ipv6 crc_ccitt autofs4
[   15.247839] CPU: 2 PID: 772 Comm: modprobe Tainted: G           OE     5.4.96-std-debug-alt1 #1
[   15.256530] Hardware name: Supermicro Super Server/H11DSi, BIOS 1.2 04/15/2019
[   15.263751] RIP: 0010:module_assert_mutex+0x25/0x30
[   15.268629] Code: 0f 1f 44 00 00 0f 1f 44 00 00 8b 05 29 40 38 01 85 c0 75 01 c3 be ff ff ff ff 48 c7 c7 10 cd 33 82 e8 0f b9 fa ff 85 c0 75 ea <0f> 0b c3 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 fd e8 c2
[   15.287375] RSP: 0018:ffffc900051fbc50 EFLAGS: 00010246
[   15.292601] RAX: 0000000000000000 RBX: 000000000001702b RCX: 000000000000001d
[   15.299731] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000286
[   15.306865] RBP: ffffffffa0353060 R08: 0000000000000000 R09: ffffc901051fbb57
[   15.313999] R10: ffffffffffffffff R11: 0000000000000000 R12: ffffc900051fbd40
[   15.321131] R13: ffffffffa0353060 R14: 00000000001186eb R15: 0000000000000000
[   15.328263] FS:  00007f5f46c76740(0000) GS:ffff888616a00000(0000) knlGS:0000000000000000
[   15.336349] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   15.342094] CR2: 000055642dea84f8 CR3: 0000000211b1e000 CR4: 00000000003406e0
[   15.349228] Call Trace:
[   15.351683]  module_kallsyms_on_each_symbol+0x18/0xa0
[   15.356744]  ? p_lookup_syms_hack+0x40/0x40 [p_lkrg]
[   15.361711]  kallsyms_on_each_symbol+0xb6/0xc0
[   15.366158]  ? printk+0x58/0x6f
[   15.369312]  p_install_hook+0x9e/0x110 [p_lkrg]
[   15.373851]  p_exploit_detection_init+0x373/0x500 [p_lkrg]
[   15.379339]  ? 0xffffffffa01e2000
[   15.382664]  p_lkrg_register+0x167/0x1000 [p_lkrg]
[   15.387459]  ? 0xffffffffa01e2000
[   15.390777]  do_one_initcall+0x5d/0x310
[   15.394617]  ? kmem_cache_alloc_trace+0x188/0x360
[   15.399326]  do_init_module+0x5c/0x260
[   15.403075]  __do_sys_finit_module+0xbf/0xe0
[   15.407354]  do_syscall_64+0x5c/0x80
[   15.410936]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   15.415986] RIP: 0033:0x7f5f46d9c819
[   15.419567] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f 66 0c 00 f7 d8 64 89 01 48
[   15.438312] RSP: 002b:00007fff726b8398 EFLAGS: 00000202 ORIG_RAX: 0000000000000139
[   15.445878] RAX: ffffffffffffffda RBX: 0000000001e56f90 RCX: 00007f5f46d9c819
[   15.453011] RDX: 0000000000000000 RSI: 000000000041df38 RDI: 0000000000000003
[   15.460142] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000000
[   15.467274] R10: 0000000000000003 R11: 0000000000000202 R12: 000000000041df38
[   15.474399] R13: 0000000000000000 R14: 0000000001e56f50 R15: 0000000001e56f90
[   15.481542] irq event stamp: 31970
[   15.484948] hardirqs last  enabled at (31969): [<ffffffff810034aa>] trace_hardirqs_on_thunk+0x1a/0x20
[   15.494161] hardirqs last disabled at (31970): [<ffffffff810034ca>] trace_hardirqs_off_thunk+0x1a/0x20
[   15.503460] softirqs last  enabled at (31968): [<ffffffff81c00337>] __do_softirq+0x337/0x444
[   15.511892] softirqs last disabled at (31961): [<ffffffff810936d3>] irq_exit+0x93/0x100
[   15.519890] ---[ end trace cc1a5b32e34b57bf ]---
[   15.527495] [p_lkrg] [kretprobe] register_kretprobe() for ovl_create_or_link failed and ISRA / CONSTPROP version not found!
[   15.538624] [p_lkrg] Can't hook 'ovl_create_or_link' function. This is expected if you are not using OverlayFS.
[   15.759784]
[   15.761282] ======================================================
[   15.767462] WARNING: possible circular locking dependency detected
[   15.773641] 5.4.96-std-debug-alt1 #1 Tainted: G        W  OE
[   15.779647] ------------------------------------------------------
[   15.785827] modprobe/772 is trying to acquire lock:
[   15.790704] ffffffff8226bf70 (text_mutex){+.+.}, at: p_create_database+0x186/0x2f0 [p_lkrg]
[   15.799058]
[   15.799058] but task is already holding lock:
[   15.804882] ffffffff8233cd10 (module_mutex){+.+.}, at: p_create_database+0x161/0x2f0 [p_lkrg]
[   15.813404]
[   15.813404] which lock already depends on the new lock.
[   15.813404]
[   15.821575]
[   15.821575] the existing dependency chain (in reverse order) is:
[   15.829056]
[   15.829056] -> #1 (module_mutex){+.+.}:
[   15.834370]        __mutex_lock+0x8b/0x830
[   15.838468]        set_all_modules_text_rw+0x1e/0x80
[   15.843435]        ftrace_arch_code_modify_prepare+0x18/0x20
[   15.849094]        ftrace_run_update_code+0x8/0x70
[   15.853885]        ftrace_startup.part.0+0xcc/0x130
[   15.858766]        register_ftrace_function+0x50/0x90
[   15.863818]        arm_kprobe+0xcf/0x100
[   15.867745]        register_kprobe+0x509/0x5f0
[   15.872191]        register_kretprobe+0xee/0x2b0
[   15.876815]        p_install_hook+0x33/0x110 [p_lkrg]
[   15.881867]        p_exploit_detection_init+0x373/0x500 [p_lkrg]
[   15.887873]        p_lkrg_register+0x167/0x1000 [p_lkrg]
[   15.893180]        do_one_initcall+0x5d/0x310
[   15.897540]        do_init_module+0x5c/0x260
[   15.901812]        __do_sys_finit_module+0xbf/0xe0
[   15.906606]        do_syscall_64+0x5c/0x80
[   15.910704]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   15.916275]
[   15.916275] -> #0 (text_mutex){+.+.}:
[   15.921415]        __lock_acquire+0xee3/0x1aa0
[   15.925852]        lock_acquire+0xc0/0x1b0
[   15.929945]        __mutex_lock+0x8b/0x830
[   15.934048]        p_create_database+0x186/0x2f0 [p_lkrg]
[   15.939446]        p_lkrg_register+0x1d4/0x1000 [p_lkrg]
[   15.944755]        do_one_initcall+0x5d/0x310
[   15.949114]        do_init_module+0x5c/0x260
[   15.953387]        __do_sys_finit_module+0xbf/0xe0
[   15.958178]        do_syscall_64+0x5c/0x80
[   15.962271]        entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   15.967842]
[   15.967842] other info that might help us debug this:
[   15.967842]
[   15.975842]  Possible unsafe locking scenario:
[   15.975842]
[   15.981760]        CPU0                    CPU1
[   15.986285]        ----                    ----
[   15.990819]   lock(module_mutex);
[   15.994135]                                lock(text_mutex);
[   15.999788]                                lock(module_mutex);
[   16.005621]   lock(text_mutex);
[   16.008765]
[   16.008765]  *** DEADLOCK ***
[   16.008765]
[   16.014676] 2 locks held by modprobe/772:
[   16.018680]  #0: ffffffff8235b2b0 (ftrace_lock){+.+.}, at: p_create_database+0x153/0x2f0 [p_lkrg]
[   16.027545]  #1: ffffffff8233cd10 (module_mutex){+.+.}, at: p_create_database+0x161/0x2f0 [p_lkrg]
[   16.036498]
[   16.036498] stack backtrace:
[   16.040853] CPU: 3 PID: 772 Comm: modprobe Tainted: G        W  OE     5.4.96-std-debug-alt1 #1
[   16.049542] Hardware name: Supermicro Super Server/H11DSi, BIOS 1.2 04/15/2019
[   16.056753] Call Trace:
[   16.059202]  dump_stack+0xac/0xe2
[   16.062518]  check_noncircular+0x16a/0x180
[   16.066617]  __lock_acquire+0xee3/0x1aa0
[   16.070543]  lock_acquire+0xc0/0x1b0
[   16.074129]  ? p_create_database+0x186/0x2f0 [p_lkrg]
[   16.079180]  ? p_create_database+0x186/0x2f0 [p_lkrg]
[   16.084227]  __mutex_lock+0x8b/0x830
[   16.087813]  ? p_create_database+0x186/0x2f0 [p_lkrg]
[   16.092864]  ? p_lkrg_siphash+0x63/0x240 [p_lkrg]
[   16.097570]  p_create_database+0x186/0x2f0 [p_lkrg]
[   16.102445]  ? 0xffffffffa01e2000
[   16.105770]  p_lkrg_register+0x1d4/0x1000 [p_lkrg]
[   16.110556]  ? 0xffffffffa01e2000
[   16.113876]  do_one_initcall+0x5d/0x310
[   16.117716]  ? kmem_cache_alloc_trace+0x188/0x360
[   16.122422]  do_init_module+0x5c/0x260
[   16.126175]  __do_sys_finit_module+0xbf/0xe0
[   16.130448]  do_syscall_64+0x5c/0x80
[   16.134026]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[   16.139076] RIP: 0033:0x7f5f46d9c819
[   16.142648] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f 66 0c 00 f7 d8 64 89 01 48
[   16.161395] RSP: 002b:00007fff726b8398 EFLAGS: 00000202 ORIG_RAX: 0000000000000139
[   16.168959] RAX: ffffffffffffffda RBX: 0000000001e56f90 RCX: 00007f5f46d9c819
[   16.176086] RDX: 0000000000000000 RSI: 000000000041df38 RDI: 0000000000000003
[   16.183217] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000000
[   16.190349] R10: 0000000000000003 R11: 0000000000000202 R12: 000000000041df38
[   16.197473] R13: 0000000000000000 R14: 0000000001e56f50 R15: 0000000001e56f90
[  246.748573] INFO: task kworker/2:1:238 blocked for more than 122 seconds.
[  246.755366]       Tainted: G        W  OE     5.4.96-std-debug-alt1 #1
[  246.761898] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  246.769722] kworker/2:1     D14568   238      2 0x80004000
[  246.775222] Workqueue: events kprobe_optimizer
[  246.779670] Call Trace:
[  246.782129]  __schedule+0x378/0xa80
[  246.785629]  ? kprobe_optimizer+0x3a/0x2a0
[  246.789734]  schedule+0x40/0xc0
[  246.792881]  bzImage64_load+0x7e0/0x7e0
[  246.796720]  ? __mutex_lock+0x1e6/0x830
[  246.800560]  ? lock_acquire+0xc0/0x1b0
[  246.804310]  ? kprobe_optimizer+0x1e/0x2a0
[  246.808410]  ? kprobe_optimizer+0x3a/0x2a0
[  246.812511]  ? process_one_work+0x2ad/0x5e0
[  246.816696]  ? worker_thread+0x52/0x400
[  246.820533]  ? process_one_work+0x5e0/0x5e0
[  246.824723]  ? kthread+0x133/0x150
[  246.828128]  ? __kthread_bind_mask+0x60/0x60
[  246.832400]  ? ret_from_fork+0x27/0x50
[  246.836167] INFO: task modprobe:772 blocked for more than 122 seconds.
[  246.842695]       Tainted: G        W  OE     5.4.96-std-debug-alt1 #1
[  246.849218] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  246.857048] modprobe        D13392   772      1 0x80004080
[  246.862540] Call Trace:
[  246.864995]  __schedule+0x378/0xa80
[  246.868499]  ? p_create_database+0x186/0x2f0 [p_lkrg]
[  246.873557]  schedule+0x40/0xc0
[  246.876703]  bzImage64_load+0x7e0/0x7e0
[  246.880541]  ? __mutex_lock+0x1e6/0x830
[  246.884389]  ? p_create_database+0x186/0x2f0 [p_lkrg]
[  246.889445]  ? 0xffffffffa01e2000
[  246.892768]  ? p_lkrg_register+0x1d4/0x1000 [p_lkrg]
[  246.897737]  ? 0xffffffffa01e2000
[  246.901057]  ? do_one_initcall+0x5d/0x310
[  246.905070]  ? kmem_cache_alloc_trace+0x188/0x360
[  246.909777]  ? do_init_module+0x5c/0x260
[  246.913702]  ? __do_sys_finit_module+0xbf/0xe0
[  246.918151]  ? do_syscall_64+0x5c/0x80
[  246.921909]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  246.927156] INFO: lockdep is turned off.
[  369.628753] INFO: task kworker/2:1:238 blocked for more than 245 seconds.
[  369.635560]       Tainted: G        W  OE     5.4.96-std-debug-alt1 #1
[  369.642089] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  369.649914] kworker/2:1     D14568   238      2 0x80004000
[  369.655417] Workqueue: events kprobe_optimizer
[  369.659862] Call Trace:
[  369.662323]  __schedule+0x378/0xa80
[  369.665822]  ? kprobe_optimizer+0x3a/0x2a0
[  369.669927]  schedule+0x40/0xc0
[  369.673073]  bzImage64_load+0x7e0/0x7e0
[  369.676913]  ? __mutex_lock+0x1e6/0x830
[  369.680755]  ? lock_acquire+0xc0/0x1b0
[  369.684512]  ? kprobe_optimizer+0x1e/0x2a0
[  369.688612]  ? kprobe_optimizer+0x3a/0x2a0
[  369.692711]  ? process_one_work+0x2ad/0x5e0
[  369.696898]  ? worker_thread+0x52/0x400
[  369.700734]  ? process_one_work+0x5e0/0x5e0
[  369.704922]  ? kthread+0x133/0x150
[  369.708327]  ? __kthread_bind_mask+0x60/0x60
[  369.712602]  ? ret_from_fork+0x27/0x50
[  369.716428] INFO: task modprobe:772 blocked for more than 245 seconds.
[  369.722956]       Tainted: G        W  OE     5.4.96-std-debug-alt1 #1
[  369.729482] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  369.737308] modprobe        D13392   772      1 0x80004080
[  369.742793] Call Trace:
[  369.745247]  __schedule+0x378/0xa80
[  369.748753]  ? p_create_database+0x186/0x2f0 [p_lkrg]
[  369.753800]  schedule+0x40/0xc0
[  369.756949]  bzImage64_load+0x7e0/0x7e0
[  369.760787]  ? __mutex_lock+0x1e6/0x830
[  369.764633]  ? p_create_database+0x186/0x2f0 [p_lkrg]
[  369.769690]  ? 0xffffffffa01e2000
[  369.773013]  ? p_lkrg_register+0x1d4/0x1000 [p_lkrg]
[  369.777981]  ? 0xffffffffa01e2000
[  369.781303]  ? do_one_initcall+0x5d/0x310
[  369.785317]  ? kmem_cache_alloc_trace+0x188/0x360
[  369.790023]  ? do_init_module+0x5c/0x260
[  369.793947]  ? __do_sys_finit_module+0xbf/0xe0
[  369.798395]  ? do_syscall_64+0x5c/0x80
[  369.802145]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  369.807372] INFO: lockdep is turned off.
[  492.508749] INFO: task kworker/2:1:238 blocked for more than 368 seconds.
...

/home/solar/lkrg-build/src/p_lkrg_main.c:681:1: warning: data definition has no type or storage class [enabled by default]
 late_initcall_sync(p_lkrg_register);
 ^
/home/solar/lkrg-build/src/p_lkrg_main.c:681:1: warning: type defaults to 'int' in declaration of 'late_initcall_sync' [-Wimplicit-int]
/home/solar/lkrg-build/src/p_lkrg_main.c:681:1: warning: parameter names (without types) in function declaration [enabled by default]
/home/solar/lkrg-build/src/p_lkrg_main.c:367:19: warning: 'p_lkrg_register' defined but not used [-Wunused-function]
 static int __init p_lkrg_register(void) {
                   ^

Loading the LKRG p_lkrg module from v0.9.0 with modprobe -v p_lkrg on any machine with SELinux enabled will cause a kernel panic with this rather bizarre message:

"<Exploit Detection> Detected data corruption against SELINUX! 'selinux_state->enforcing' has different value [1 vs 0] than expected!

[p_lkrg] SELinux Integrity verification failed! Killing the kernel..."

oshogbo/lkrg-osho/refactor (pull request #5)
    
    Refactor the syscall hooks.

u5.7.19-un-def-alt1# runltp -s request_key03
...
Running tests.......
<<<test_start>>>
tag=request_key03 stime=1599729453
cmdline="request_key03"
contacts=""
analysis=exit
<<<test_output>>>
tst_test.c:1244: INFO: Timeout per run is 0h 05m 00s

[   76.147549] LTP: starting request_key03
[   76.161564] encrypted_key: keyword 'update' not allowed when called from .instantiate method
[   76.170554] [p_lkrg] Blocked usermodehelper execution of [/sbin/request-key]
[   76.177617] BUG: unable to handle page fault for address: ffffffff81e5a270
[   76.184491] #PF: supervisor write access in kernel mode
[   76.189715] #PF: error_code(0x0003) - permissions violation
[   76.195287] PGD 220e067 P4D 220e067 PUD 220f063 PMD 8000000001e001e1
[   76.201728] Oops: 0003 [#1] PREEMPT SMP NOPTI
[   76.206088] CPU: 7 PID: 2831 Comm: kworker/u66:7 Tainted: G           OE     5.7.19-un-def-alt1 #1
[   76.215038] Hardware name: Supermicro Super Server/H11DSi, BIOS 1.2 04/15/2019
[   76.222265] RIP: 0010:__memset+0x24/0x30
[   76.226196] Code: cc cc cc cc cc cc 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 f3
[   76.244937] RSP: 0018:ffffc90010277c28 EFLAGS: 00010212
[   76.250164] RAX: 2f2f2f2f2f2f2f2f RBX: 0000000000000170 RCX: 0000000000000002
[   76.257295] RDX: 0000000000000001 RSI: 000000000000002f RDI: ffffffff81e5a270
[   76.264430] RBP: ffffc90010277df0 R08: 0000000000000000 R09: ffffffff81e5a270
[   76.271564] R10: 0000000000000002 R11: 00000000000000f0 R12: ffffffff81e5a270
[   76.278694] R13: ffff88820b1d9f80 R14: ffffffff81e5a270 R15: 0000000000000000
[   76.285829] FS:  0000000000000000(0000) GS:ffff888217d80000(0000) knlGS:0000000000000000
[   76.293914] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.299658] CR2: ffffffff81e5a270 CR3: 000000020df26000 CR4: 00000000003406e0
[   76.306793] Call Trace:
[   76.309262]  p_call_usermodehelper_entry+0x315/0x3f0 [p_lkrg]
[   76.315023]  ? pre_handler_kretprobe+0xaf/0x1b0
[   76.319560]  pre_handler_kretprobe+0xaf/0x1b0
[   76.323921]  ? call_usermodehelper_exec_async+0x1/0x1a0
[   76.329145]  ? call_usermodehelper_exec_async+0x5/0x1a0
[   76.334371]  kprobe_ftrace_handler+0x92/0xf0
[   76.338645]  ftrace_ops_assist_func+0x7a/0x100
[   76.343094]  ? __switch_to_asm+0x34/0x70
[   76.347025]  ? __switch_to_asm+0x40/0x70
[   76.350950]  ? __switch_to_asm+0x34/0x70
[   76.354876]  ? umh_complete+0x40/0x40
[   76.358557]  0xffffffffa014c0c8
[   76.361705]  ? umh_complete+0x40/0x40
[   76.365373]  ? call_usermodehelper_exec_async+0x1/0x1a0
[   76.370596]  call_usermodehelper_exec_async+0x5/0x1a0
[   76.375649]  ret_from_fork+0x22/0x40
[   76.379230] Modules linked in: ebtable_filter(E) ebtables(E) ip6table_filter(E) ip6_tables(E) iptable_filter(E) bpfilter(E) joydev(E) input_leds(E) hid_generic(E) edac_mce_amd(E) kvm_amd(E) kvm(E) ipmi_ssif(E) irqbypass(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) ghash_clmulni_intel(E) aesni_intel(E) igb(E) crypto_simd(E) ipmi_si(E) ccp(E) cryptd(E) ipmi_devintf(E) usbhid(E) glue_helper(E) sp5100_tco(E) hid(E) k10temp(E) dca(E) rng_core(E) ipmi_msghandler(E) pcspkr(E) i2c_algo_bit(E) i2c_piix4(E) hwmon(E) tiny_power_button(E) acpi_cpufreq(E) evdev(E) sch_fq_codel(E) p_lkrg(OE) button(E) ip_tables(E) x_tables(E) autofs4(E) sd_mod(E) ahci(E) libahci(E) libata(E) xhci_pci(E) scsi_mod(E) xhci_hcd(E) usbcore(E) usb_common(E)
[   76.443864] CR2: ffffffff81e5a270
[   76.447184] ---[ end trace 62a86da7c7a2ee7c ]---
[   76.459350] RIP: 0010:__memset+0x24/0x30
[   76.463278] Code: cc cc cc cc cc cc 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 f3
[   76.482023] RSP: 0018:ffffc90010277c28 EFLAGS: 00010212
[   76.487250] RAX: 2f2f2f2f2f2f2f2f RBX: 0000000000000170 RCX: 0000000000000002
[   76.494381] RDX: 0000000000000001 RSI: 000000000000002f RDI: ffffffff81e5a270
[   76.501513] RBP: ffffc90010277df0 R08: 0000000000000000 R09: ffffffff81e5a270
[   76.508647] R10: 0000000000000002 R11: 00000000000000f0 R12: ffffffff81e5a270
[   76.515778] R13: ffff88820b1d9f80 R14: ffffffff81e5a270 R15: 0000000000000000
[   76.522913] FS:  0000000000000000(0000) GS:ffff888217d80000(0000) knlGS:0000000000000000
[   76.530997] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.536742] CR2: ffffffff81e5a270 CR3: 000000020df26000 CR4: 00000000003406e0
[   76.543879] note: kworker/u66:7[2831] exited with preempt_count 2

$ uname -a
Linux grimhilde 5.8.0-38-generic #43-Ubuntu SMP Tue Jan 12 12:42:13 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.10
Release:	20.10
Codename:	groovy
$ git show | grep ^commit
commit 226ab5ed2e9ba5041b2ed0119a1bdba269ca18f4
$ make
make[1]: Entering directory '/usr/src/linux-headers-5.8.0-38-generic'
make[1]: Leaving directory '/usr/src/linux-headers-5.8.0-38-generic'
mkdir -p output
cp /home/jvoisin/dev/lkrg/p_lkrg.ko output
$ sudo -i
# insmod output/p_lkrg.ko 
insmod: ERROR: could not insert module output/p_lkrg.ko: No buffer space available
# dmesg  | tail -n 11
[16898.475805] [p_lkrg] Loading LKRG...
[16898.475809] [p_lkrg] System does NOT support SMAP. LKRG can't enforce SMAP validation :(
[16898.505453] Freezing user space processes ... (elapsed 0.002 seconds) done.
[16898.507904] OOM killer disabled.
[16898.536117] [p_lkrg] [kretprobe] register_kretprobe() for <do_execveat_common> failed! [err=-22]
[16898.536118] [p_lkrg] Trying to find ISRA / CONSTPROP name for <do_execveat_common>
[16898.579338] [p_lkrg] [kretprobe] register_kretprobe() for do_execveat_common failed and ISRA / CONSTPROP version not found!
[16898.579341] [p_lkrg] ERROR: Can't hook do_execveat_common :(
[16898.585680] [p_lkrg] Can't initialize exploit detection features! Exiting...
[16898.637393] OOM killer enabled.
[16898.637396] Restarting tasks ... done.
#

[    8.861781] [p_lkrg] Loading LKRG...
[    8.862813] [p_lkrg] System does NOT support SMEP. LKRG can't enforce SMEP validation :(
[    8.863662] [p_lkrg] System does NOT support SMAP. LKRG can't enforce SMAP validation :(
[    8.891631] Freezing user space processes ... (elapsed 0.001 seconds) done.
[    8.894079] OOM killer disabled.
[   11.473773] [p_lkrg] [kretprobe] register_kretprobe() for <ovl_create_or_link> failed! [err=-22]
[   11.474723] [p_lkrg] Trying to find ISRA / CONSTPROP name for <ovl_create_or_link>
[   11.974002] [p_lkrg] [kretprobe] register_kretprobe() for ovl_create_or_link failed and ISRA / CONSTPROP version not found!
[   11.975151] [p_lkrg] Can't hook 'ovl_create_or_link' function. This is expected if you are not using OverlayFS.
[   13.621145] ------------[ cut here ]------------
[   13.621439] refcount_t: increment on 0; use-after-free.
[   13.621439] WARNING: CPU: 0 PID: 2 at lib/refcount.c:156 refcount_inc_checked+0x34/0x40
[   13.621439] Modules linked in: p_lkrg(FOE+)
[   13.621439] CPU: 0 PID: 2 Comm: kthreadd Tainted: GF          OE     5.4.97-std-debug-alt1 #1
[   13.621439] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-alt4 04/01/2014
[   13.621439] EIP: refcount_inc_checked+0x34/0x40
[   13.621439] Code: ff 84 c0 74 09 89 ec 5d c3 8d 74 26 00 90 80 3d d5 d8 ca c1 00 75 ee c7 04 24 80 ad b3 c1 b0 01 a2 d5 d8 ca c1 e8 fc e8 41 00 <0f> 0b eb d7 8d b4 26 00 00 00 00 90 55 89 e5 56 53 89 c3  8
[   13.621439] EAX: 0000002b EBX: c6bd8ea0 ECX: 00000000 EDX: c10ee7f3
[   13.621439] ESI: c78f3c80 EDI: c8879760 EBP: c78fbdc4 ESP: c78fbdc0
[   13.621439] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00000096
[   13.621439] CR0: 80050033 CR2: 080d90a0 CR3: 06ba1000 CR4: 00000690
[   13.621439] Call Trace:
[   13.621439]  p_update_ed_process+0x62/0x280 [p_lkrg]
[   13.621439]  ? p_dump_seccomp+0x60/0x60 [p_lkrg]
[   13.621439]  p_dump_task_f+0x34/0xe0 [p_lkrg]
[   13.621439]  ? p_wake_up_new_task_entry+0x57/0xe0 [p_lkrg]
[   13.621439]  p_wake_up_new_task_entry+0x74/0xe0 [p_lkrg]
[   13.621439]  pre_handler_kretprobe+0x86/0x160
[   13.621439]  ? to_ratio+0x70/0x70
[   13.621439]  kprobe_ftrace_handler+0x88/0xe0
[   13.621439]  ? wake_up_new_task+0x5/0x360
[   13.621439]  ? arch_unoptimize_kprobes+0xa0/0xa0
[   13.621439]  ftrace_ops_assist_func+0x82/0x110
[   13.621439]  ? to_ratio+0x70/0x70
[   13.621439]  ? kthread_create_worker_on_cpu+0x30/0x30
[   13.621439]  ftrace_regs_call+0x5/0x27
[   13.621439] EIP: wake_up_new_task+0x1/0x360
[   13.621439] Code: d8 e8 63 02 3d 00 8b 5d f8 8b 75 fc 89 ec 5d c3 8d b4 26 00 00 00 00 66 90 8b 5d f8 b8 00 00 10 00 8b 75 fc 89 ec 5d c3 90 e8 <3f> c8 fa ff 55 89 e5 57 56 53 89 c3 83 ec 1c 65 a1 14 00  9
[   13.621439] EAX: c6b9a040 EBX: c1096060 ECX: 00000062 EDX: c78f3c80
[   13.621439] ESI: c6b9a040 EDI: c78f3c80 EBP: c78fbf48 ESP: c78fbeec
[   13.621439] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00000282
[   13.621439]  ? kthread_create_worker_on_cpu+0x30/0x30
[   13.621439]  ? get_task_pid+0x5/0x160
[   13.621439]  ? kthread_create_worker_on_cpu+0x30/0x30
[   13.621439]  ? wake_up_new_task+0x5/0x360
[   13.621439]  ? _do_fork+0xe4/0x3a0
[   13.621439]  ? finish_task_switch+0x58/0x260
[   13.621439]  ? kthread_create_worker_on_cpu+0x30/0x30
[   13.621439]  kernel_thread+0x5f/0x80
[   13.621439]  ? kthread_create_worker_on_cpu+0x30/0x30
[   13.621439]  kthreadd+0x16b/0x1d0
[   13.621439]  ? ret_from_fork+0x2e/0x38
[   13.621439]  kthreadd+0x16b/0x1d0
[   13.621439]  ? ret_from_fork+0x2e/0x38
[   13.621439]  ? kthread_is_per_cpu+0x30/0x30
[   13.621439]  ret_from_fork+0x2e/0x38
[   13.621439] irq event stamp: 6396
[   13.621439] hardirqs last  enabled at (6395): [<c18de325>] _raw_spin_unlock_irqrestore+0x55/0x60
[   13.621439] hardirqs last disabled at (6396): [<c18d6f86>] __schedule+0xd6/0xaf0
[   13.621439] softirqs last  enabled at (6354): [<c102ce43>] fpu__copy+0xa3/0x390
[   13.621439] softirqs last disabled at (6352): [<c102ce00>] fpu__copy+0x60/0x390
[   13.621439] ---[ end trace 534856d96e473874 ]---
[   13.621439] BUG: kernel NULL pointer dereference, address: 00000004
[   13.621439] #PF: supervisor read access in kernel mode
[   13.621439] #PF: error_code(0x0000) - not-present page
[   13.621439] *pde = 00000000 
[   13.621439] Oops: 0000 [#1] SMP
[   13.621439] CPU: 0 PID: 2 Comm: kthreadd Tainted: GF       W  OE     5.4.97-std-debug-alt1 #1
[   13.621439] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-alt4 04/01/2014
[   13.621439] EIP: p_update_ed_process+0xc7/0x280 [p_lkrg]
[   13.621439] Code: 87 c8 00 0f 84 aa 01 00 00 80 7d ef 00 89 7b 30 74 09 8b 46 0c 89 83 10 01 00 00 8b 86 f4 04 00 00 8b 53 2c 89 83 f0 00 00 00 <8b> 40 04 89 83 f8 00 00 00 8b 86 f4 04 00 00 8b 40 08 89  0
[   13.621439] EAX: 00000000 EBX: c6bd8ea0 ECX: 00000000 EDX: 00000000
[   13.621439] ESI: c78f3c80 EDI: 00000000 EBP: c78fbdf0 ESP: c78fbdcc
[   13.621439] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00000002
[   13.621439] CR0: 80050033 CR2: 00000004 CR3: 06ba1000 CR4: 00000690

Jan 16 03:04:04 svl-arch00 kernel: [p_lkrg] <Exploit Detection> Detected pointer swapping attack!process[678 | sudo] has different 'cred' pointer
Jan 16 03:04:04 svl-arch00 kernel: [p_lkrg] <Exploit Detection> Detected pointer swapping attack!process[678 | sudo] has different 'real_cred' pointer
Jan 16 03:04:04 svl-arch00 kernel: [p_lkrg] <Exploit Detection> process[678 | sudo] has different EUID! 1000 vs 0
Jan 16 03:04:04 svl-arch00 kernel: [p_lkrg] <Exploit Detection> process[678 | sudo] has different SUID! 1000 vs 0
Jan 16 03:04:04 svl-arch00 kernel: [p_lkrg] <Exploit Detection> process[678 | sudo] has different FSUID! 1000 vs 0
Jan 16 03:04:04 svl-arch00 kernel: [p_lkrg] <Exploit Detection> process[678 | sudo] has different EUID! 1000 vs 0
Jan 16 03:04:04 svl-arch00 kernel: [p_lkrg] <Exploit Detection> process[678 | sudo] has different SUID! 1000 vs 0
Jan 16 03:04:04 svl-arch00 kernel: [p_lkrg] <Exploit Detection> process[678 | sudo] has different FSUID! 1000 vs 0
Jan 16 03:04:04 svl-arch00 kernel: [p_lkrg] <Exploit Detection> Trying to kill process[sudo | 678]!

$ ./scripts/copy-builtin.sh
Copying /media/debuilder/git-lkrg/lkrg/scripts/../src/* to /media/debuilder/git-kernel/linux-5.10/security/lkrg along with Kconfig:
# SPDX-License-Identifier: GPL-2.0-only
config SECURITY_LKRG
        tristate "LKRG support"
        depends on SECURITY
        default m
        help
          This selects LKRG - Linux Kernel Runtime Guard, which provides
          integrity validation and anti-exploitation functions.

          If you are unsure how to answer this question, answer M.

and Makefile
# SPDX-License-Identifier: GPL-2.0-only

obj-$(CONFIG_SECURITY_LKRG) := p_lkrg.o
p_lkrg-objs += modules/ksyms/p_resolve_ksym.o \
                  modules/hashing/p_lkrg_fast_hash.o \
                  modules/comm_channel/p_comm_channel.o \
                  modules/integrity_timer/p_integrity_timer.o \
                  modules/kmod/p_kmod.o \
                  modules/database/CPU.o \
                  modules/database/arch/x86/p_x86_metadata.o \
                  modules/database/arch/x86/p_switch_idt/p_switch_idt.o \
                  modules/database/arch/arm64/p_arm64_metadata.o \
                  modules/database/arch/arm/p_arm_metadata.o \
                  modules/database/arch/p_arch_metadata.o \
                  modules/database/JUMP_LABEL/p_arch_jump_label_transform/p_arch_jump_label_transform.o \
                  modules/database/JUMP_LABEL/p_arch_jump_label_transform_apply/p_arch_jump_label_transform_apply.o \
                  modules/database/FTRACE/p_ftrace_modify_all_code/p_ftrace_modify_all_code.o \
                  modules/database/FTRACE/p_ftrace_enable_sysctl/p_ftrace_enable_sysctl.o \
                  modules/database/p_database.o \
                  modules/notifiers/p_notifiers.o \
                  modules/self-defense/hiding/p_hiding.o \
                  modules/exploit_detection/p_rb_ed_trees/p_rb_ed_pids/p_rb_ed_pids_tree.o \
                  modules/exploit_detection/syscalls/p_install.o \
                  modules/exploit_detection/syscalls/p_search_binary_handler/p_search_binary_handler.o \
                  modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.o \
                  modules/exploit_detection/syscalls/p_call_usermodehelper_exec/p_call_usermodehelper_exec.o \
                  modules/exploit_detection/syscalls/p_do_exit/p_do_exit.o \
                  modules/exploit_detection/syscalls/p_wake_up_new_task/p_wake_up_new_task.o \
                  modules/exploit_detection/syscalls/p_sys_setuid/p_sys_setuid.o \
                  modules/exploit_detection/syscalls/p_sys_setreuid/p_sys_setreuid.o \
                  modules/exploit_detection/syscalls/p_sys_setresuid/p_sys_setresuid.o \
                  modules/exploit_detection/syscalls/p_sys_setfsuid/p_sys_setfsuid.o \
                  modules/exploit_detection/syscalls/p_sys_setgid/p_sys_setgid.o \
                  modules/exploit_detection/syscalls/p_sys_setregid/p_sys_setregid.o \
                  modules/exploit_detection/syscalls/p_sys_setresgid/p_sys_setresgid.o \
                  modules/exploit_detection/syscalls/p_sys_setfsgid/p_sys_setfsgid.o \
                  modules/exploit_detection/syscalls/p_set_current_groups/p_set_current_groups.o \
                  modules/exploit_detection/syscalls/p_generic_permission/p_generic_permission.o \
                  modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.o \
                  modules/exploit_detection/syscalls/p_seccomp/p_seccomp.o \
                  modules/exploit_detection/syscalls/p_sys_unshare/p_sys_unshare.o \
                  modules/exploit_detection/syscalls/p_sys_setns/p_sys_setns.o \
                  modules/exploit_detection/syscalls/caps/p_sys_capset/p_sys_capset.o \
                  modules/exploit_detection/syscalls/caps/p_cap_task_prctl/p_cap_task_prctl.o \
                  modules/exploit_detection/syscalls/keyring/p_key_change_session_keyring/p_key_change_session_keyring.o \
                  modules/exploit_detection/syscalls/keyring/p_sys_add_key/p_sys_add_key.o \
                  modules/exploit_detection/syscalls/keyring/p_sys_request_key/p_sys_request_key.o \
                  modules/exploit_detection/syscalls/keyring/p_sys_keyctl/p_sys_keyctl.o \
                  modules/exploit_detection/syscalls/p_security_ptrace_access/p_security_ptrace_access.o \
                  modules/exploit_detection/syscalls/compat/p_compat_sys_keyctl/p_compat_sys_keyctl.o \
                  modules/exploit_detection/syscalls/compat/p_compat_sys_capset/p_compat_sys_capset.o \
                  modules/exploit_detection/syscalls/compat/p_compat_sys_add_key/p_compat_sys_add_key.o \
                  modules/exploit_detection/syscalls/compat/p_compat_sys_request_key/p_compat_sys_request_key.o \
                  modules/exploit_detection/syscalls/__x32/p_x32_sys_keyctl/p_x32_sys_keyctl.o \
                  modules/exploit_detection/syscalls/override/p_override_creds/p_override_creds.o \
                  modules/exploit_detection/syscalls/override/p_revert_creds/p_revert_creds.o \
                  modules/exploit_detection/syscalls/override/overlayfs/p_ovl_create_or_link/p_ovl_create_or_link.o \
                  modules/exploit_detection/syscalls/pCFI/p_mark_inode_dirty/p_mark_inode_dirty.o \
                  modules/exploit_detection/syscalls/pCFI/p_schedule/p_schedule.o \
                  modules/exploit_detection/syscalls/pCFI/p___queue_work/p___queue_work.o \
                  modules/exploit_detection/syscalls/pCFI/p_lookup_fast/p_lookup_fast.o \
                  modules/exploit_detection/syscalls/p_ttwu_do_wakeup/p_ttwu_do_wakeup.o \
                  modules/exploit_detection/syscalls/p_capable/p_capable.o \
                  modules/exploit_detection/syscalls/p_scm_send/p_scm_send.o \
                  modules/exploit_detection/p_exploit_detection.o \
                  p_lkrg_main.o
Commit msg: LKRG in-tree @ 1f9809db4bed4e33fcc3db31
Ctrl+c to quit, any other key to continue

./scripts/copy-builtin.sh: 54: pushd: not found

# KERNELRELEASE=5.4.120 make
make -C /lib/modules/5.4.120/build M=/usr/src/lkrg-0.9.1 modules
make[1]: Entering directory '/usr/src/linux-5.4.120'
  Building modules, stage 2.
  MODPOST 1 modules
ERROR: "__module_text_address" [/usr/src/lkrg-0.9.1/p_lkrg.ko] undefined!
ERROR: "__module_address" [/usr/src/lkrg-0.9.1/p_lkrg.ko] undefined!
scripts/Makefile.modpost:93: recipe for target '__modpost' failed
make[2]: *** [__modpost] Error 1
Makefile:1647: recipe for target 'modules' failed
make[1]: *** [modules] Error 2
make[1]: Leaving directory '/usr/src/linux-5.4.120'
Makefile:97: recipe for target 'all' failed
make: *** [all] Error 2

commit ebb32e28691e27d13584105306ffea6fca1b6284
Author: Rusty Russell <[email protected]>
Date:   Sat Mar 28 23:12:51 2009 -0600

    module: __module_address
    
    Impact: New API, cleanup
    
    ksplice wants to know the bounds of a module, not just the module text.
    
    It makes sense to have __module_address.  We then implement
    is_module_address and __module_text_address in terms of this (and
    change is_module_text_address() to bool while we're at it).
    
    Also, add proper kerneldoc for them all.
    
    Cc: Anders Kaseorg <[email protected]>
    Cc: Jeff Arnold <[email protected]>
    Cc: Tim Abbott <[email protected]>
    Signed-off-by: Rusty Russell <[email protected]>

 include/linux/module.h |   20 +++++++++---
 kernel/module.c        |   76 ++++++++++++++++++++++++++++++++++++-----------
 2 files changed, 73 insertions(+), 23 deletions(-)

make[1]: Entering directory '/usr/src/linux-5.11'
  CC [M]  /usr/src/lkrg-0.9.0/src/modules/ksyms/p_resolve_ksym.o
In file included from /usr/src/lkrg-0.9.0/src/modules/ksyms/../../p_lkrg_main.h:355,
                 from /usr/src/lkrg-0.9.0/src/modules/ksyms/p_resolve_ksym.c:19:
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../modules/wrap/p_struct_wrap.h:145:60: warning: ‘struct jump_entry’ declared inside parameter list will not be visible outside of this definition or declaration
  145 | static inline unsigned long p_jump_entry_code(const struct jump_entry *entry) {
      |                                                            ^~~~~~~~~~
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../modules/wrap/p_struct_wrap.h: In function ‘p_jump_entry_code’:
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../modules/wrap/p_struct_wrap.h:146:49: error: invalid use of undefined type ‘const struct jump_entry’
  146 |     return (unsigned long)((unsigned long)&entry->code + entry->code);
      |                                                 ^~
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../modules/wrap/p_struct_wrap.h:146:63: error: invalid use of undefined type ‘const struct jump_entry’
  146 |     return (unsigned long)((unsigned long)&entry->code + entry->code);
      |                                                               ^~
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../modules/wrap/p_struct_wrap.h: At top level:
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../modules/wrap/p_struct_wrap.h:149:62: warning: ‘struct jump_entry’ declared inside parameter list will not be visible outside of this definition or declaration
  149 | static inline unsigned long p_jump_entry_target(const struct jump_entry *entry) {
      |                                                              ^~~~~~~~~~
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../modules/wrap/p_struct_wrap.h: In function ‘p_jump_entry_target’:
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../modules/wrap/p_struct_wrap.h:150:49: error: invalid use of undefined type ‘const struct jump_entry’
  150 |     return (unsigned long)((unsigned long)&entry->target) + entry->target;
      |                                                 ^~
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../modules/wrap/p_struct_wrap.h:150:66: error: invalid use of undefined type ‘const struct jump_entry’
  150 |     return (unsigned long)((unsigned long)&entry->target) + entry->target;
      |                                                                  ^~
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../modules/wrap/p_struct_wrap.h: At top level:
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../modules/wrap/p_struct_wrap.h:153:64: warning: ‘struct jump_entry’ declared inside parameter list will not be visible outside of this definition or declaration
  153 | static inline struct static_key *p_jump_entry_key(const struct jump_entry *entry) {
      |                                                                ^~~~~~~~~~
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../modules/wrap/p_struct_wrap.h: In function ‘p_jump_entry_key’:
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../modules/wrap/p_struct_wrap.h:154:24: error: invalid use of undefined type ‘const struct jump_entry’
  154 |     long offset = entry->key & ~3L;
      |                        ^~
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../modules/wrap/p_struct_wrap.h:156:55: error: invalid use of undefined type ‘const struct jump_entry’
  156 |     return (struct static_key *)((unsigned long)&entry->key + offset);
      |                                                       ^~
In file included from /usr/src/lkrg-0.9.0/src/modules/ksyms/p_resolve_ksym.c:19:
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../p_lkrg_main.h: At top level:
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../p_lkrg_main.h:364:3: error: #error "LKRG requires CONFIG_KPROBES"
  364 |  #error "LKRG requires CONFIG_KPROBES"
      |   ^~~~~
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../p_lkrg_main.h:378:3: error: #error "LKRG requires CONFIG_JUMP_LABEL"
  378 |  #error "LKRG requires CONFIG_JUMP_LABEL"
      |   ^~~~~
In file included from /usr/src/lkrg-0.9.0/src/modules/ksyms/p_resolve_ksym.c:19:
/usr/src/lkrg-0.9.0/src/modules/ksyms/../../p_lkrg_main.h:390:3: error: #error "LKRG does not support RT kernels (PREEMPT_RT is enabled)"
  390 |  #error "LKRG does not support RT kernels (PREEMPT_RT is enabled)"
      |   ^~~~~
make[2]: *** [scripts/Makefile.build:279: /usr/src/lkrg-0.9.0/src/modules/ksyms/p_resolve_ksym.o] Error 1
make[1]: *** [Makefile:1800: /usr/src/lkrg-0.9.0] Error 2
make[1]: Leaving directory '/usr/src/linux-5.11'
make: *** [Makefile:96: all] Error 2

[   16.654287] [p_lkrg] Loading LKRG...
[   17.030168] [p_lkrg] [kretprobe] register_kretprobe() for <ovl_create_or_link> failed! [err=-2]
[   17.031705] [p_lkrg] Can't hook 'ovl_create_or_link' function. This is expected if you are not using OverlayFS.
[   17.721312] [p_lkrg] LKRG initialized successfully!
[   17.973014] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[p_lkrg] but can't find the same module in KOBJs list!
[   18.007130] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[acpi_cpufreq] but can't find the same module in KOBJs list!
[   18.009196] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[acpi_cpufreq] but can't find the same module in KOBJs list!
[   18.263941] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[snd_seq] but can't find the same module in KOBJs list!
[   18.298893] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[snd_hda_core] but can't find the same module in KOBJs list!
[   18.343835] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[snd_rawmidi] but can't find the same module in KOBJs list!
[   18.359699] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[snd_rawmidi] but can't find the same module in KOBJs list!
[   18.362252] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[snd_rawmidi] but can't find the same module in KOBJs list!
[   18.541831] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[snd_hda_intel] but can't find the same module in KOBJs list!
[   18.544523] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[snd_hda_intel] but can't find the same module in KOBJs list!
[   18.751163] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[videobuf2_memops] but can't find the same module in KOBJs list!
[   18.757196] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[videobuf2_memops] but can't find the same module in KOBJs list!
[   25.780648] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[msr] but can't find the same module in KOBJs list!
[   25.780661] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[msr] but can't find the same module in KOBJs list!
[   25.885915] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[it87] but can't find the same module in KOBJs list!
[   25.912566] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[nf_defrag_ipv4] but can't find the same module in KOBJs list!
[   25.927260] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[nf_defrag_ipv6] but can't find the same module in KOBJs list!

[   25.939844] [p_lkrg] [TRACEPOINT] Updated module's list hash for module[nf_defrag_ipv6] but can't find the same module in KOBJs list!

#  cat /var/lib/dkms/lkrg/0.9.0/build/make.log
DKMS make.log for lkrg-0.9.0 for kernel 5.11.13-amd64 (x86_64)
2021-04-13T23:09:35 CEST
make: Entering directory '/usr/src/linux-headers-5.11.13-amd64'
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/ksyms/p_resolve_ksym.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/hashing/p_lkrg_fast_hash.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/comm_channel/p_comm_channel.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/integrity_timer/p_integrity_timer.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/kmod/p_kmod.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/database/CPU.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/database/arch/x86/p_x86_metadata.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/database/arch/x86/p_switch_idt/p_switch_idt.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/database/arch/arm64/p_arm64_metadata.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/database/arch/arm/p_arm_metadata.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/database/arch/p_arch_metadata.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/database/JUMP_LABEL/p_arch_jump_label_transform/p_arch_jump_label_transform.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/database/JUMP_LABEL/p_arch_jump_label_transform_apply/p_arch_jump_label_transform_apply.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/database/FTRACE/p_ftrace_modify_all_code/p_ftrace_modify_all_code.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/database/FTRACE/p_ftrace_enable_sysctl/p_ftrace_enable_sysctl.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/database/p_database.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/notifiers/p_notifiers.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/self-defense/hiding/p_hiding.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/p_rb_ed_trees/p_rb_ed_pids/p_rb_ed_pids_tree.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_install.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/exec/p_security_bprm_committing_creds/p_security_bprm_committing_creds.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/exec/p_security_bprm_committed_creds/p_security_bprm_committed_creds.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_call_usermodehelper/p_call_usermodehelper.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_call_usermodehelper_exec/p_call_usermodehelper_exec.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_do_exit/p_do_exit.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_wake_up_new_task/p_wake_up_new_task.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_sys_setuid/p_sys_setuid.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_sys_setreuid/p_sys_setreuid.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_sys_setresuid/p_sys_setresuid.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_sys_setfsuid/p_sys_setfsuid.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_sys_setgid/p_sys_setgid.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_sys_setregid/p_sys_setregid.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_sys_setresgid/p_sys_setresgid.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_sys_setfsgid/p_sys_setfsgid.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_set_current_groups/p_set_current_groups.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_generic_permission/p_generic_permission.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_seccomp/p_seccomp.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_sys_unshare/p_sys_unshare.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_sys_setns/p_sys_setns.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/caps/p_sys_capset/p_sys_capset.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/caps/p_cap_task_prctl/p_cap_task_prctl.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/keyring/p_key_change_session_keyring/p_key_change_session_keyring.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/keyring/p_sys_add_key/p_sys_add_key.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/keyring/p_sys_request_key/p_sys_request_key.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/keyring/p_sys_keyctl/p_sys_keyctl.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_security_ptrace_access/p_security_ptrace_access.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/compat/p_compat_sys_keyctl/p_compat_sys_keyctl.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/compat/p_compat_sys_capset/p_compat_sys_capset.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/compat/p_compat_sys_add_key/p_compat_sys_add_key.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/compat/p_compat_sys_request_key/p_compat_sys_request_key.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/__x32/p_x32_sys_keyctl/p_x32_sys_keyctl.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/override/p_override_creds/p_override_creds.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/override/p_revert_creds/p_revert_creds.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/override/overlayfs/p_ovl_create_or_link/p_ovl_create_or_link.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/pCFI/p_mark_inode_dirty/p_mark_inode_dirty.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/pCFI/p_schedule/p_schedule.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/pCFI/p___queue_work/p___queue_work.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/pCFI/p_lookup_fast/p_lookup_fast.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_capable/p_capable.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/syscalls/p_scm_send/p_scm_send.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/p_selinux_state.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/modules/exploit_detection/p_exploit_detection.o
  CC [M]  /var/lib/dkms/lkrg/0.9.0/build/src/p_lkrg_main.o
  LD [M]  /var/lib/dkms/lkrg/0.9.0/build/p_lkrg.o
  MODPOST /var/lib/dkms/lkrg/0.9.0/build/Module.symvers
ERROR: modpost: "proc_dointvec_minmax" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "kobject_put" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "kmem_cache_destroy" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "kobject_get" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__kmalloc" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "unwind_next_frame" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__cpuhp_remove_state" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "task_handoff_unregister" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "profile_event_unregister" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "_raw_spin_unlock" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "register_sysctl_table" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "register_module_notifier" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "latent_entropy" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "strlen" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "_raw_write_lock_irqsave" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "stack_trace_print" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "usb_register_notify" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "unregister_module_notifier" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "register_inetaddr_notifier" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "unregister_kprobe" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "system_unbound_wq" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "find_vpid" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "boot_cpu_data" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "register_kretprobe" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "register_kprobe" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "_raw_read_lock" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "kobject_uevent" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "get_random_u32" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "register_netdevice_notifier" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "sysfs_create_files" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "cpufreq_register_notifier" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "register_inet6addr_notifier" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "unwind_get_return_address" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "init_timer_key" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "mutex_unlock" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "kobject_del" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "jiffies" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "unregister_netdevice_notifier" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "strcmp" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "kobject_create_and_add" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "_raw_write_unlock_irqrestore" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "cpumask_next" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "rb_first" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "cpufreq_unregister_notifier" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "nr_cpu_ids" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "unregister_inet6addr_notifier" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "del_timer_sync" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "memset" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__cpu_possible_mask" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "_raw_spin_unlock_irqrestore" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "current_task" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "printk" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__list_del_entry_valid" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__cpu_online_mask" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "_raw_write_unlock" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "unregister_acpi_notifier" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "_raw_read_unlock" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "debug_smp_processor_id" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "kobject_init_and_add" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "panic" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "kfree_sensitive" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "rb_erase" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "mutex_is_locked" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "strncpy" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "unregister_kretprobe" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "_raw_read_trylock" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "strncmp" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "unregister_netevent_notifier" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "kmem_cache_free" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "mutex_lock" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "_raw_write_lock" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__rcu_read_unlock" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "add_timer" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__invalid_creds" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "pid_task" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__cpuhp_setup_state" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__list_add_valid" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "cpus_read_lock" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "flush_workqueue" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__sw_hweight64" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "usb_unregister_notify" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "sysfs_create_link" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "init_task" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "kmem_cache_alloc" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "unregister_inetaddr_notifier" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "strnlen" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "task_handoff_register" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "register_acpi_notifier" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "unregister_sysctl_table" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "refcount_warn_saturate" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__stack_chk_fail" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "schedule" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__x86_indirect_thunk_rax" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "force_sig" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__put_cred" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "fortify_panic" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "creds_are_invalid" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "_raw_spin_lock" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "_raw_spin_lock_irqsave" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "rb_insert_color" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "native_write_cr0" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "kmem_cache_create" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "cpus_read_unlock" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "find_module" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "kfree" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "memcpy" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "send_sig_info" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "module_mutex" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__cpu_present_mask" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__put_task_struct" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__unwind_start" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "profile_event_register" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "rb_next" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "stackleak_track_stack" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "queue_work_on" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "snprintf" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "sprint_symbol_no_offset" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__cpu_active_mask" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "get_random_u64" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "register_netevent_notifier" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__rcu_read_lock" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "__num_online_cpus" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "on_each_cpu" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "param_ops_uint" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
ERROR: modpost: "smp_call_function_single" [/var/lib/dkms/lkrg/0.9.0/build/p_lkrg.ko] undefined!
make[1]: *** [scripts/Makefile.modpost:111: /var/lib/dkms/lkrg/0.9.0/build/Module.symvers] Error 1
make[1]: *** Deleting file '/var/lib/dkms/lkrg/0.9.0/build/Module.symvers'
make: *** [Makefile:1723: modules] Error 2
make: Leaving directory '/usr/src/linux-headers-5.11.13-amd64'

# cat /proc/version
Linux version 5.11.13-amd64 (morfik@morfikownia) (gcc (Debian 10.3.0-1) 10.3.0, GNU ld (GNU Binutils for Debian) 2.35.2) #21 SMP PREEMPT Tue Apr 13 21:44:50 CEST 2021

[    8.750608] p_lkrg: loading out-of-tree module taints kernel.
[    8.752223] p_lkrg: module verification failed: signature and/or required key missing - tainting kernel
[    8.756841] [p_lkrg] Loading LKRG...
[    8.757533] [p_lkrg] System does NOT support SMEP. LKRG can't enforce SMEP validation :(
[    8.758819] [p_lkrg] System does NOT support SMAP. LKRG can't enforce SMAP validation :(
[    8.825566] Freezing user space processes ... (elapsed 0.002 seconds) done.
[    8.828798] OOM killer disabled.
[    9.923800] [p_lkrg] [kretprobe] register_kretprobe() for <ovl_create_or_link> failed! [err=-22]
[    9.924803] [p_lkrg] Trying to find ISRA / CONSTPROP name for <ovl_create_or_link>
[   10.201870] [p_lkrg] [kretprobe] register_kretprobe() for ovl_create_or_link failed and ISRA / CONSTPROP version not found!
[   10.202940] [p_lkrg] Can't hook 'ovl_create_or_link' function. This is expected if you are not using OverlayFS.
[   10.332983] BUG: kernel NULL pointer dereference, address: 0000000000000000
[   10.335978] #PF: supervisor instruction fetch in kernel mode
[   10.335978] #PF: error_code(0x0010) - not-present page
[   10.335978] PGD 0 P4D 0 
[   10.335978] Oops: 0010 [#1] SMP NOPTI
[   10.335978] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G           OE     5.8.0-25-generic #26-Ubuntu
[   10.335978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014
[   10.335978] Workqueue:  0x0 (events)
[   10.335978] RIP: 0010:schedule+0x0/0xc0
[   10.335978] Code: e9 63 fd ff ff 0f 0b e9 6f fe ff ff 0f 0b e9 b6 fe ff ff e8 e2 6f ff ff 48 c7 c7 70 9e 3a 9f e8 84 fd 4d ff 66 0f 1f 44 00 00 <e8> bb d7 6e 21 55 48 89 e5 41 54 53 65 4c 8b 24 25 c0 7b 01 00 49
[   10.335978] RSP: 0018:ffff9f1900037ec8 EFLAGS: 00000246
[   10.335978] RAX: 0000000000000000 RBX: ffff8c1f3e96a628 RCX: 0000000000000000
[   10.335978] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8c1f3ec2c040
[   10.335978] RBP: ffff9f1900037f00 R08: 0000000000000001 R09: ffffffff9fae9a40
[   10.335978] R10: 0000000000000018 R11: 0000000000000018 R12: ffff8c1f3e96a600
[   10.335978] R13: ffff8c1f3ec2c040 R14: ffff8c1f3ec2c060 R15: ffff8c1f3e9d42c0
[   10.335978] FS:  0000000000000000(0000) GS:ffff8c1f3ec00000(0000) knlGS:0000000000000000
[   10.335978] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   10.335978] CR2: 0000000000000000 CR3: 0000000035d82000 CR4: 00000000000006f0
[   10.335978] Call Trace:
[   10.335978]  ? worker_thread+0xcd/0x370
[   10.335978]  kthread+0x12f/0x150
[   10.335978]  ? process_one_work+0x3b0/0x3b0
[   10.335978]  ? __kthread_bind_mask+0x70/0x70
[   10.335978]  ret_from_fork+0x22/0x30
[   10.335978] Modules linked in: p_lkrg(OE+) dm_mirror dm_region_hash dm_log virtio_rng autofs4
[   10.335978] CR2: 0000000000000000
[   10.349523] BUG: kernel NULL pointer dereference, address: 0000000000000000
[   10.335978] ---[ end trace 0e75767687a68fd0 ]---
[   10.349523] #PF: supervisor instruction fetch in kernel mode
[   10.335978] RIP: 0010:schedule+0x0/0xc0
[   10.335978] Code: e9 63 fd ff ff 0f 0b e9 6f fe ff ff 0f 0b e9 b6 fe ff ff e8 e2 6f ff ff 48 c7 c7 70 9e 3a 9f e8 84 fd 4d ff 66 0f 1f 44 00 00 <e8> bb d7 6e 21 55 48 89 e5 41 54 53 65 4c 8b 24 25 c0 7b 01 00 49
[   10.349523] #PF: error_code(0x0010) - not-present page
[   10.349523] PGD 0 P4D 0 
[   10.335978] RSP: 0018:ffff9f1900037ec8 EFLAGS: 00000246
[   10.335978] RAX: 0000000000000000 RBX: ffff8c1f3e96a628 RCX: 0000000000000000
[   10.349523] Oops: 0010 [#2] SMP NOPTI
[   10.335978] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8c1f3ec2c040
[   10.335978] RBP: ffff9f1900037f00 R08: 0000000000000001 R09: ffffffff9fae9a40
[   10.335978] R10: 0000000000000018 R11: 0000000000000018 R12: ffff8c1f3e96a600
[   10.335978] R13: ffff8c1f3ec2c040 R14: ffff8c1f3ec2c060 R15: ffff8c1f3e9d42c0
[   10.335978] FS:  0000000000000000(0000) GS:ffff8c1f3ec00000(0000) knlGS:0000000000000000
[   10.349523] CPU: 1 PID: 37 Comm: kworker/1:1 Tainted: G      D    OE     5.8.0-25-generic #26-Ubuntu
[   10.335978] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   10.335978] CR2: 0000000000000000 CR3: 0000000035d82000 CR4: 00000000000006f0
[   10.349523] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-1ubuntu1.1 04/01/2014
[   10.349523] Workqueue:  0x0 (mm_percpu_wq)
[   10.349523] RIP: 0010:schedule+0x0/0xc0
ABORT
[   10.349523] Code: e9 63 fd ff ff 0f 0b e9 6f fe ff ff 0f 0b e9 b6 fe ff ff e8 e2 6f ff ff 48 c7 c7 70 9e 3a 9f e8 84 fd 4d ff 66 0f 1f 44 00 00 <e8> bb d7 6e 21 55 48 89 e5 41 54 53 65 4c 8b 24 25 c0 7b 01 00 49
[   10.349523] RSP: 0018:ffff9f190013bec8 EFLAGS: 00000246
[   10.335978] Kernel panic - not syncing: Fatal exception
[   10.349523] RAX: 0000000000000000 RBX: ffff8c1f3ea59f28 RCX: 0000000000000000
[   10.349523] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8c1f3ed2c040
[   10.349523] RBP: ffff9f190013bf00 R08: 0000000000000001 R09: ffff8c1f3ed297a0
[   10.349523] R10: 000000000003216e R11: 0000000000000000 R12: ffff8c1f3ea59f00
[   10.349523] R13: ffff8c1f3ed2c040 R14: ffff8c1f3ed2c060 R15: ffff8c1f3ebf0000
[   10.349523] FS:  0000000000000000(0000) GS:ffff8c1f3ed00000(0000) knlGS:0000000000000000
[   10.349523] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   10.349523] CR2: 0000000000000000 CR3: 0000000035de4000 CR4: 00000000000006e0
[   10.349523] Call Trace:
[   10.349523]  ? worker_thread+0xcd/0x370
[   10.349523]  kthread+0x12f/0x150
[   10.349523]  ? process_one_work+0x3b0/0x3b0
[   10.349523]  ? __kthread_bind_mask+0x70/0x70
[   10.349523]  ret_from_fork+0x22/0x30
[   10.349523] Modules linked in: p_lkrg(OE+) dm_mirror dm_region_hash dm_log virtio_rng autofs4
[   10.349523] CR2: 0000000000000000
[   10.349523] ---[ end trace 0e75767687a68fd1 ]---
[   10.349523] RIP: 0010:schedule+0x0/0xc0
[   10.349523] Code: e9 63 fd ff ff 0f 0b e9 6f fe ff ff 0f 0b e9 b6 fe ff ff e8 e2 6f ff ff 48 c7 c7 70 9e 3a 9f e8 84 fd 4d ff 66 0f 1f 44 00 00 <e8> bb d7 6e 21 55 48 89 e5 41 54 53 65 4c 8b 24 25 c0 7b 01 00 49
[   10.349523] RSP: 0018:ffff9f1900037ec8 EFLAGS: 00000246
[   10.349523] RAX: 0000000000000000 RBX: ffff8c1f3e96a628 RCX: 0000000000000000
[   10.349523] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8c1f3ec2c040
[   10.349523] RBP: ffff9f1900037f00 R08: 0000000000000001 R09: ffffffff9fae9a40
[   10.349523] R10: 0000000000000018 R11: 0000000000000018 R12: ffff8c1f3e96a600
[   10.349523] R13: ffff8c1f3ec2c040 R14: ffff8c1f3ec2c060 R15: ffff8c1f3e9d42c0
[   10.349523] FS:  0000000000000000(0000) GS:ffff8c1f3ed00000(0000) knlGS:0000000000000000
[   10.349523] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   10.349523] CR2: 0000000000000000 CR3: 0000000035de4000 CR4: 00000000000006e0
[   10.335978] Shutting down cpus with NMI
[   10.335978] Kernel Offset: 0x1d000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[   10.335978] ACPI MEMORY or I/O RESET_REG.

[  381.331697] BUG: sleeping function called from invalid context at /home/workspace/builder/01-2150/08-r00020-new-develop-code-download-check/kernel/msm-4.9/kernel/locking/mutex.c:98
[  381.331756] in_atomic(): 0, irqs_disabled(): 128, pid: 5051, name: setenforce
[  382.007536] [<c0170db8>] (___might_sleep) from [<c0170bd4>] (__might_sleep+0x50/0x9c)
[  382.015690] [<c0170bd4>] (__might_sleep) from [<c115ea78>] (mutex_lock+0x30/0x68)
[  382.023551] [<c115ea78>] (mutex_lock) from [<bf256bd0>] (p_sel_write_enforce_entry+0x98/0xa0 [p_lkrg_dlkm])
[  382.031018] [<bf256bd0>] (p_sel_write_enforce_entry [p_lkrg_dlkm]) from [<c022916c>] (pre_handler_kretprobe+0xa8/0x170)
[  382.040520] [<c022916c>] (pre_handler_kretprobe) from [<c11641b4>] (kprobe_handler+0x160/0x1d8)
[  382.051279] [<c11641b4>] (kprobe_handler) from [<c1164768>] (kprobe_trap_handler+0x24/0x50)
[  382.059958] [<c1164768>] (kprobe_trap_handler) from [<c01010c0>] (do_undefinstr+0xc0/0x338)
[  382.068291] [<c01010c0>] (do_undefinstr) from [<c1162b9c>] (__und_svc_finish+0x0/0x44)
[  382.106050] [<c1162b9c>] (__und_svc_finish) from [<c04cf2f8>] (sel_write_enforce+0x0/0x194)
[  382.112476] [<c04cf2f8>] (sel_write_enforce) from [<c0310ff0>] (vfs_write+0xcc/0x194)
[  382.120811] [<c0310ff0>] (vfs_write) from [<c03111f8>] (SyS_write+0x70/0xd0)
[  382.128794] [<c03111f8>] (SyS_write) from [<c01098e0>] (ret_fast_syscall+0x0/0x28) 

Jan 08 20:26:15 bubbles kernel: [p_lkrg] Loading LKRG...
Jan 08 20:26:15 bubbles kernel: EXT4-fs (dm-9): re-mounted. Opts: (null)
Jan 08 20:26:15 bubbles systemd[1]: Finished Remount Root and Kernel File Systems.
Jan 08 20:26:15 bubbles systemd[1]: Condition check resulted in First Boot Wizard being skipped.
Jan 08 20:26:15 bubbles kernel: Freezing user space processes ... (elapsed 0.001 seconds) done.
Jan 08 20:26:15 bubbles kernel: OOM killer disabled.
Jan 08 20:26:15 bubbles kernel: [p_lkrg] [kretprobe] register_kretprobe() for <ovl_create_or_link> failed! [err=-22]
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Trying to find ISRA / CONSTPROP name for <ovl_create_or_link>
Jan 08 20:26:15 bubbles kernel: [p_lkrg] [kretprobe] register_kretprobe() for ovl_create_or_link failed and ISRA / CONSTPROP version not found!
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Can't hook 'ovl_create_or_link' function. This is expected if you are not using OverlayFS.
Jan 08 20:26:15 bubbles kernel: [p_lkrg] [kretprobe] register_kretprobe() for <lookup_fast> failed! [err=-22]
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Trying to find ISRA / CONSTPROP name for <lookup_fast>
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Found CONSTPROP version of function <lookup_fast.constprop.0>
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Trying to find ISRA / CONSTPROP name for <lookup_fast>
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Found CONSTPROP version of function <lookup_fast.constprop.0>
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Trying to find ISRA / CONSTPROP name for <lookup_fast>
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Found CONSTPROP version of function <lookup_fast.constprop.0>
Jan 08 20:26:15 bubbles kernel: [p_lkrg] ISRA / CONSTPROP version was found and hook was planted at <lookup_fast.constprop.0>
Jan 08 20:26:15 bubbles kernel: [p_lkrg] LKRG initialized successfully!
Jan 08 20:26:15 bubbles kernel: OOM killer enabled.
Jan 08 20:26:15 bubbles kernel: Restarting tasks ... done.
Jan 08 20:26:15 bubbles systemd[1]: Condition check resulted in Rebuild Hardware Database being skipped.
Jan 08 20:26:15 bubbles systemd[1]: Condition check resulted in Create System Users being skipped.
Jan 08 20:26:15 bubbles systemd[1]: Starting Create Static Device Nodes in /dev...
Jan 08 20:26:15 bubbles systemd[1]: Finished Load Kernel Modules.
Jan 08 20:26:15 bubbles systemd[1]: Starting Apply Kernel Variables...
Jan 08 20:26:15 bubbles systemd[1]: Finished Create Static Device Nodes in /dev.
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Changing "profile_enforce" logic. From Old[2 | Strict] to new[0 | Log & Accept] one.
Jan 08 20:26:15 bubbles kernel: [p_lkrg] [kINT] New interval => 15
Jan 08 20:26:15 bubbles kernel: [p_lkrg] New log level => 4 (INFO)
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Enabling "blocking modules" feature.
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Hash from CPUs metadata => [0x37ff69e78d7874e9]
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Hash from kernel exception table => [0x61fd07eaab082d44]
Jan 08 20:26:15 bubbles systemd[1]: Reached target Local File Systems (Pre).
Jan 08 20:26:15 bubbles systemd[1]: Attaching device control BPF program to cgroup /system.slice/systemd-udevd.service failed: Invalid argument
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Hash from _stext memory block => [0x8adb21edc9cb3848]
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Hash from _rodata memory block => [0x20308bf5337dbbc8]
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Hash from IOMMU table => [0xffffffff]
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Hash from 'module list' => [0xfe729b8071b68d21]
Jan 08 20:26:15 bubbles kernel: [p_lkrg] Hash from 'module kobj(s)' => [0x956011fdd9b4159f]
Jan 08 20:26:15 bubbles kernel: [p_lkrg] ALERT !!! MODULE KOBJ HASH IS DIFFERENT !!! - it is [0x956011fdd9b4159f] and should be [0x692dcffee8bb996c] !!!
Jan 08 20:26:15 bubbles kernel: [p_lkrg] ALERT !!! SYSTEM HAS BEEN COMPROMISED - DETECTED DIFFERENT 1 CHECKSUMS !!!