==================================================================
BUG: KFENCE: invalid free in kfree_skb include/linux/skbuff.h:1268 [inline]
BUG: KFENCE: invalid free in __hci_req_sync+0x62f/0x950 net/bluetooth/hci_request.c:184

Invalid free of 0xffff88823bd8a000 (in kfence-#196):
 kfree_skb include/linux/skbuff.h:1268 [inline]
 __hci_req_sync+0x62f/0x950 net/bluetooth/hci_request.c:184
 hci_req_sync+0xa9/0xd0 net/bluetooth/hci_request.c:206
 hci_dev_cmd+0x518/0xa90 net/bluetooth/hci_core.c:790
 sock_do_ioctl+0x158/0x460 net/socket.c:1222
 sock_ioctl+0x629/0x8e0 net/socket.c:1341
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:904 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

kfence-#196: 0xffff88823bd8a000-0xffff88823bd8a0ef, size=240, cache=skbuff_head_cache

allocated by task 5103 on cpu 1 at 59.934205s:
 skb_clone+0x20c/0x390 net/core/skbuff.c:2019
 hci_send_cmd_sync net/bluetooth/hci_core.c:4220 [inline]
 hci_cmd_work+0x29e/0x670 net/bluetooth/hci_core.c:4240
 process_one_work kernel/workqueue.c:3254 [inline]
 process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3335
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
 kthread+0x2f0/0x390 kernel/kthread.c:388
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

freed by task 4482 on cpu 0 at 59.934324s:
 kfree_skb include/linux/skbuff.h:1268 [inline]
 hci_req_sync_complete+0xe7/0x290 net/bluetooth/hci_request.c:109
 hci_event_packet+0xc71/0x1540 net/bluetooth/hci_event.c:7607
 hci_rx_work+0x3e8/0xca0 net/bluetooth/hci_core.c:4171
 process_one_work kernel/workqueue.c:3254 [inline]
 process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3335
 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416
 kthread+0x2f0/0x390 kernel/kthread.c:388
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

CPU: 1 PID: 5095 Comm: syz-executor.0 Not tainted 6.9.0-rc5-syzkaller-01429-g9a1a2cb5a0e3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
==================================================================