==================================================================
BUG: KFENCE: invalid free in kfree_skb_reason include/linux/skbuff.h:1260 [inline]
BUG: KFENCE: invalid free in kfree_skb include/linux/skbuff.h:1269 [inline]
BUG: KFENCE: invalid free in __hci_req_sync+0x631/0x950 net/bluetooth/hci_request.c:184

Invalid free of 0xffff88823bd46f00 (in kfence-#162):
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 kfree_skb include/linux/skbuff.h:1269 [inline]
 __hci_req_sync+0x631/0x950 net/bluetooth/hci_request.c:184
 hci_req_sync+0xa9/0xd0 net/bluetooth/hci_request.c:206
 hci_dev_cmd+0x4c5/0xa50 net/bluetooth/hci_core.c:787
 sock_do_ioctl+0x158/0x460 net/socket.c:1222
 sock_ioctl+0x629/0x8e0 net/socket.c:1341
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

kfence-#162: 0xffff88823bd46f00-0xffff88823bd46fef, size=240, cache=skbuff_head_cache

allocated by task 12523 on cpu 1 at 977.878663s:
 skb_clone+0x20c/0x390 net/core/skbuff.c:2069
 hci_send_cmd_sync net/bluetooth/hci_core.c:4123 [inline]
 hci_cmd_work+0x2a2/0x670 net/bluetooth/hci_core.c:4143
 process_one_work kernel/workqueue.c:3248 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3329
 worker_thread+0x86d/0x