Why don't the addresses in `/boot/System.map-*` and `/proc/kallsyms` match? Consider the output of `/boot/System.map-5.8.0-50-generic` and `/proc/kallsyms` on Ubuntu 20.10 (Groovy Gorilla): $ sudo cat /boot/System.map-5.8.0-50-generic | grep sys_call_table ffffffff820002e0 D sys_call_table ffffffff82001360 D ia32_sys_call_table ffffffff82002120 D x32_sys_call_table $ sudo cat /proc/kallsyms | grep sys_call_table ffffffff978002e0 D sys_call_table ffffffff97801360 D ia32_sys_call_table ffffffff97802120 D x32_sys_call_table **AFAIK, these files should contain the current load addresses of kernel symbols, so why don't they match?** Is it because only `/proc/kallsyms` is affected by KASLR? If so, how can I verify whether KASLR is enabled?

Yes, this is caused by KASLR. Note that all addresses are offset by the same amount. The kernel doesn’t know about `System.map` so it doesn’t update it.

I’m not aware of any way of detecting whether KASLR is enabled from userspace at runtime, short of comparing `/proc/kallsyms` and `System.map`, or possibly causing a panic on x86 (the kernel dumps its offset on panic there).