wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
=====================================================
BUG: KMSAN: use-after-free in variable_test_bit arch/x86/include/asm/bitops.h:227 [inline]
BUG: KMSAN: use-after-free in arch_test_bit arch/x86/include/asm/bitops.h:239 [inline]
BUG: KMSAN: use-after-free in _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]
BUG: KMSAN: use-after-free in n_tty_receive_buf_standard+0xafd/0x98a0 drivers/tty/n_tty.c:1587
 variable_test_bit arch/x86/include/asm/bitops.h:227 [inline]
 arch_test_bit arch/x86/include/asm/bitops.h:239 [inline]
 _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]
 n_tty_receive_buf_standard+0xafd/0x98a0 drivers/tty/n_tty.c:1587
 __receive_buf drivers/tty/n_tty.c:1624 [inline]
 n_tty_receive_buf_common+0x1a68/0x2540 drivers/tty/n_tty.c:1723
 n_tty_receive_buf2+0x4c/0x60 drivers/tty/n_tty.c:1769
 tty_ldisc_receive_buf+0xc6/0x2c0 drivers/tty/tty_buffer.c:387
 tty_port_default_receive_buf+0xd7/0x1a0 drivers/tty/tty_port.c:37
 receive_buf drivers/tty/tty_buffer.c:445 [inline]
 flush_to_ldisc+0x49d/0xf00 drivers/tty/tty_buffer.c:495
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xb8e/0x1d80 kernel/workqueue.c:3321
 worker_thread+0xedf/0x1590 kernel/workqueue.c:3402
 kthread+0xd5c/0xf00 kernel/kthread.c:464
 ret_from_fork+0x1e3/0x310 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

Uninit was stored to memory at:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 6622 at kernel/stacktrace.c:29 stack_trace_print+0xd4/0xf0 kernel/stacktrace.c:29
Modules linked in:
CPU: 0 UID: 0 PID: 6622 Comm: kworker/u8:0 Not tainted 6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(undef) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound flush_to_ldisc
RIP: 0010:stack_trace_print+0xd4/0xf0 kernel/stacktrace.c:29
Code: f7 4b 02 92 89 de ba 20 00 00 00 4c 89 e1 e8 a3 7f 4d ff 49 83 c6 08 49 ff cd 0f 85 6e ff ff ff eb 0b e8 0f 84 c3 00 eb d4 90 <0f> 0b 90 5b 41 5c 41 5d 41 5e 41 5f 5d e9 5a f4 f0 0e cc 66 0f 1f
RSP: 0018:ffff888056f3b2a8 EFLAGS: 00010246
RAX: ffff8881163e8b58 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff888056f3b2d0 R08: 0000000000000000 R09: 0000000000000000
R10: ffff88805673b2e8 R11: 0000000000000001 R12: 0000000000000000
R13: 00000000abcd0100 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8881aa884000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f62e5b31a90 CR3: 0000000044d22000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 kmsan_print_origin+0xb0/0x340 mm/kmsan/report.c:133
 kmsan_report+0x1d3/0x320 mm/kmsan/report.c:196
 __msan_warning+0x1b/0x30 mm/kmsan/instrumentation.c:315
 variable_test_bit arch/x86/include/asm/bitops.h:227 [inline]
 arch_test_bit arch/x86/include/asm/bitops.h:239 [inline]
 _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:142 [inline]
 n_tty_receive_buf_standard+0xafd/0x98a0 drivers/tty/n_tty.c:1587
 __receive_buf drivers/tty/n_tty.c:1624 [inline]
 n_tty_receive_buf_common+0x1a68/0x2540 drivers/tty/n_tty.c:1723
 n_tty_receive_buf2+0x4c/0x60 drivers/tty/n_tty.c:1769
 tty_ldisc_receive_buf+0xc6/0x2c0 drivers/tty/tty_buffer.c:387
 tty_port_default_receive_buf+0xd7/0x1a0 drivers/tty/tty_port.c:37
 receive_buf drivers/tty/tty_buffer.c:445 [inline]
 flush_to_ldisc+0x49d/0xf00 drivers/tty/tty_buffer.c:495
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xb8e/0x1d80 kernel/workqueue.c:3321
 worker_thread+0xedf/0x1590 kernel/workqueue.c:3402
 kthread+0xd5c/0xf00 kernel/kthread.c:464
 ret_from_fork+0x1e3/0x310 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
---[ end trace 0000000000000000 ]---

Uninit was created at:
 slab_free_hook mm/slub.c:2307 [inline]
 slab_free mm/slub.c:4643 [inline]
 kfree+0x252/0xec0 mm/slub.c:4842
 load_elf_binary+0x4118/0x5400 fs/binfmt_elf.c:1271
 search_binary_handler fs/exec.c:1665 [inline]
 exec_binprm fs/exec.c:1697 [inline]
 bprm_execve+0xb27/0x18f0 fs/exec.c:1749
 kernel_execve+0x1070/0x1210 fs/exec.c:1915
 call_usermodehelper_exec_async+0x4a1/0x6f0 kernel/umh.c:109
 ret_from_fork+0x1e3/0x310 arch/x86/kernel/process.c:148
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245

CPU: 0 UID: 0 PID: 6622 Comm: kworker/u8:0 Tainted: G        W           6.15.0-syzkaller-13655-gbdc7f8c5adad #0 PREEMPT(undef) 
Tainted: [W]=WARN
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound flush_to_ldisc
=====================================================