================================================================== BUG: KFENCE: invalid free in kfree_skb include/linux/skbuff.h:1220 [inline] BUG: KFENCE: invalid free in __hci_req_sync+0x626/0x940 net/bluetooth/hci_request.c:184 Invalid free of 0xffff88823bdac000 (in kfence-#213): kfree_skb include/linux/skbuff.h:1220 [inline] __hci_req_sync+0x626/0x940 net/bluetooth/hci_request.c:184 hci_req_sync+0xa5/0xc0 net/bluetooth/hci_request.c:206 hci_dev_cmd+0x2fc/0xa30 net/bluetooth/hci_core.c:790 sock_do_ioctl+0x152/0x450 net/socket.c:1204 sock_ioctl+0x47f/0x770 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl+0xf1/0x160 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0xb0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 kfence-#213: 0xffff88823bdac000-0xffff88823bdac0ef, size=240, cache=skbuff_head_cache allocated by task 3570 on cpu 1 at 339.858362s: skb_clone+0x1e5/0x360 net/core/skbuff.c:1660 hci_send_cmd_sync net/bluetooth/hci_core.c:4179 [inline] hci_cmd_work+0x296/0x660 net/bluetooth/hci_core.c:4199 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439 kthread+0x28d/0x320 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 freed by task 3570 on cpu 1 at 339.861251s: kfree_skb include/linux/skbuff.h:1220 [inline] hci_req_sync_complete+0xee/0x280 net/bluetooth/hci_request.c:109 hci_event_packet+0xc49/0x1510 net/bluetooth/hci_event.c:7601 hci_rx_work+0x3cd/0xce0 net/bluetooth/hci_core.c:4130 process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292 worker_thread+0xa47/0x1200 kernel/workqueue.c:2439 kthread+0x28d/0x320 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 CPU: 0 PID: 8892 Comm: syz-executor.0 Not tainted 6.1.90-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 ==================================================================