{
  "entrypoint_kind": "local_kernel_runtime",
  "entrypoint_detail": "kTLS software receive path in net/tls/tls_sw.c during async decryption with partial read in QEMU VM",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "linux-6.6.18-kernel",
    "QEMU-TCG-cpu-max",
    "kTLS-AES-128-GCM-TLS-1.2",
    "KASAN-generic-inline",
    "page_poisoning",
    "cryptd-async-aead-decrypt"
  ],
  "proof_artifacts": [
    "logs/qemu-vuln-ktls.log",
    "logs/qemu-fixed-ktls.log",
    "logs/reproduction_steps.log"
  ],
  "notes": "Reproduction confirmed. Vulnerable kernel (fix reverted) shows KASAN use-after-free in process_rx_list/copyout reading freed clear_skb pages, data corruption via page poisoning, and bad page state errors. Fixed kernel (fix present) shows no UAF, no corruption, test passes cleanly. The async decrypt path was forced via cryptd workqueue patch in crypto/simd.c to simulate hardware crypto accelerator behavior."
}
