KASAN: use-after-free Read in ath9k_hif_usb_rx_cb (2) should share the same root cause with "KASAN: slab-out-of-bounds Read in ath9k_hif_usb_rx_cb (2)"

Dear kernel developers, I found that KASAN: use-after-free Read in ath9k_hif_usb_rx_cb (2) and "KASAN: slab-out-of-bounds Read in ath9k_hif_usb_rx_cb (2)" should share the same root cause. The reasons for my above statement, 1) the stack trace is the same; 2) we observed two crash

Re: KASAN: slab-out-of-bounds Read in ath9k_hif_usb_rx_cb (2)

syzbot has found a reproducer for the following issue on: HEAD commit:3650b228 Linux 5.10-rc1 git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing console output: https://syzkaller.appspot.com/x/log.txt?x=14485e5050 kernel config:

KASAN: slab-out-of-bounds Read in ath9k_hif_usb_rx_cb (2)

Hello, syzbot found the following issue on: HEAD commit:ab4dc051 usb: mtu3: simplify mtu3_req_complete() git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing console output: https://syzkaller.appspot.com/x/log.txt?x=11c0666c90 kernel config: