KASAN: use-after-free Read in ath9k_hif_usb_rx_cb (2) should share the same root cause with "KASAN: slab-out-of-bounds Read in ath9k_hif_usb_rx_cb (2)"

Dear kernel developers, I found that KASAN: use-after-free Read in ath9k_hif_usb_rx_cb (2) and "KASAN: slab-out-of-bounds Read in ath9k_hif_usb_rx_cb (2)" should share the same root cause. The reasons for my above statement, 1) the stack trace is the same; 2) we observed two crash

Re: KASAN: use-after-free Read in ath9k_hif_usb_rx_cb (2)

syzbot has bisected this issue to: commit dcd479e10a0510522a5d88b29b8f79ea3467d501 Author: Johannes Berg Date: Fri Oct 9 12:17:11 2020 + mac80211: always wind down STA state bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=100c9c1650 start commit: 0fa8ee0d Merge bran

KASAN: use-after-free Read in ath9k_hif_usb_rx_cb (2)

Hello, syzbot found the following issue on: HEAD commit:0fb2c41f Merge 5.10-rc4 into here. git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing console output: https://syzkaller.appspot.com/x/log.txt?x=15746da150 kernel config: https://syzkaller.app