DF-0101
struct ktr_header written to trace file leaks kernel pointer (ktr_buf) and uninitialized padding
Summary
ktrwrite (kern_ktrace.c:615-617): VOP_WRITE entire struct ktr_header sizeof incl caddr_t ktr_buf (ktrace.h:79) which every caller sets to KERNEL addr (&ktp_cache :97 &ktp :155 path :171 etc) but ktrgetheader never touches (:72-86). Trace file readable by tracer (who opened it) -> live kernel stack/heap addr per record KASLR defeat. Also 7 bytes padding between ktr_comm[17] and 8-byte ktr_time never init by ktrgetheader (ktr_time set later :634 but padding not). Unprivileged self-trace. Fix: memset(kth,0,sizeof) in ktrgetheader or separate on-disk struct without ktr_buf.