{
  "entrypoint_kind": "local_kernel_runtime",
  "entrypoint_detail": "kTLS TLS1.2 software RX async decrypt via recvmsg/recv under crypto backlog congestion (-EBUSY) with a failing (-EBADMSG) pending async decrypt, in a QEMU VM (KASAN + page poisoning)",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "linux-6.6.18-kernel (builds #8/#9/#10; 32b55c5 present in fixed, reverted in vuln; 13114dc absent in all base builds)",
    "QEMU-TCG-cpu-max-smp2-mem1024",
    "kTLS-AES-128-GCM-TLS-1.2 (mismatched TX/RX keys => -EBADMSG)",
    "KASAN-generic-inline",
    "page_poisoning",
    "cryptd-async-aead-decrypt (forced via crypto/simd.c patch)",
    "ebusy_force.patch (-EINPROGRESS -> -EBUSY for async decrypts, simulating backlog congestion)"
  ],
  "proof_artifacts": [
    "logs/vuln_variant/qemu-vuln-ebusy-variant.log",
    "logs/vuln_variant/qemu-fixed-nobacklog-baseline.log",
    "logs/vuln_variant/qemu-fixed-ebusy-variant.log",
    "logs/vuln_variant/qemu-fixed-ebusy-13114dc.log",
    "logs/vuln_variant/kasan_report_excerpt.txt",
    "logs/vuln_variant/fixed_version.txt",
    "logs/vuln_variant/reproduction_steps.log"
  ],
  "kasan_findings": {
    "vuln_32b55c5_reverted_plus_ebusy": "BUG: KASAN: slab-use-after-free in tls_decrypt_sg+0x207c/0x29e0 (count=1) -- variant present on vulnerable tree",
    "fixed_no_backlog": "no BUG: KASAN (count=0) -- 32b55c5 holds for normal async path",
    "fixed_plus_ebusy": "BUG: KASAN: slab-use-after-free in tls_decrypt_sg+0x2037/0x29c0 (count=1) -- BYPASS on fixed kernel",
    "fixed_plus_ebusy_plus_13114dc": "no BUG: KASAN (count=0) -- 13114dc closes the gap"
  },
  "kasan_detail": {
    "bug": "BUG: KASAN: slab-use-after-free in tls_decrypt_sg+0x2037/0x29c0 (fixed+ebusy)",
    "access": "Read of size 8 at addr ff110000025ff9b8 (440 bytes inside freed 512-byte region)",
    "object": "kmalloc-512 (the aead_request || tls_decrypt_ctx block allocated by __kmalloc in tls_decrypt_sg)",
    "allocated_by": "__kmalloc -> tls_decrypt_sg -> tls_rx_one_record -> tls_sw_recvmsg (recv syscall)",
    "freed_by": "tls_decrypt_done+0x182/0x3f0 -> cryptd_aead_crypt -> cryptd_queue_worker -> process_one_work -> worker_thread (async cryptd workqueue, task 26)",
    "interpretation": "tls_decrypt_done() kfree()'d the aead_req/dctx block during the -EBUSY backlog wait; tls_decrypt_sg()'s exit_free_pages error path then read the freed dctx->sg[] (to put_page) and exit_free kfree(mem) again => UAF/double-free. Exactly the bug fixed by 13114dc."
  },
  "notes": "Four-kernel side-by-side test on the v6.6.18 base. The bypass (KASAN UAF) is reproduced on the FIXED kernel only when the -EBUSY backlog path is taken and 13114dc is absent; the vulnerable tree also shows it (lacks 13114dc too); the baseline (no backlog forcing) and the 13114dc-adapted kernel are clean. This proves 32b55c5 (free_sgout) is insufficient and 13114dc (async_done) is the missing fix."
}
