retsnoop v0.9.5

What's Changed

Massive improvements in how retsnoop determines whether kprobes are attachable:

• add --debug multi-kprobe mode to bisect failing multi-kprobe attachment; it quickly narrows down and logs which kprobes were attempted but failed to be attached;
• skip attaching to kernel functions that have non-unique name and some of instances are not traceable;
• resolve internal mix up of function and data ksyms;
• internal fixes to consistently take into account kernel module to which ksym/kprobe belongs to.

Overall, these fixes and improvements make retsnoop's mass-attach behavior more reliable.

Full Changelog: v0.9.4...v0.9.5