================================================================== BUG: KFENCE: invalid free in kfree_skb_reason include/linux/skbuff.h:1260 [inline] BUG: KFENCE: invalid free in kfree_skb include/linux/skbuff.h:1269 [inline] BUG: KFENCE: invalid free in __hci_req_sync+0x631/0x950 net/bluetooth/hci_request.c:184 Invalid free of 0xffff88823bcc6000 (in kfence-#98): kfree_skb_reason include/linux/skbuff.h:1260 [inline] kfree_skb include/linux/skbuff.h:1269 [inline] __hci_req_sync+0x631/0x950 net/bluetooth/hci_request.c:184 hci_req_sync+0xa9/0xd0 net/bluetooth/hci_request.c:206 hci_dev_cmd+0x4c5/0xa50 net/bluetooth/hci_core.c:787 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f kfence-#98: 0xffff88823bcc6000-0xffff88823bcc60ef, size=240, cache=skbuff_head_cache allocated by task 23621 on cpu 1 at 3352.066209s: skb_clone+0x20c/0x390 net/core/skbuff.c:2069 hci_send_cmd_sync net/bluetooth/hci_core.c:4123 [inline] hci_cmd_work+0x2a2/0x670 net/bluetooth/hci_core.c:4143 process_one_work kernel/workqueue.c:3248 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3329 worker_thread+0x86d/0xd50 kernel/workqueue.c:3409 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 freed by task 23621 on cpu 1 at 3352.071916s: kfree_skb_reason include/linux/skbuff.h:1260 [inline] kfree_skb include/linux/skbuff.h:1269 [inline] hci_req_sync_complete+0xe8/0x290 net/bluetooth/hci_request.c:109 hci_event_packet+0xc75/0x1540 net/bluetooth/hci_event.c:7479 hci_rx_work+0x3e8/0xca0 net/bluetooth/hci_core.c:4074 process_one_work kernel/workqueue.c:3248 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3329 worker_thread+0x86d/0xd50 kernel/workqueue.c:3409 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 CPU: 1 PID: 6474 Comm: syz-executor Not tainted 6.10.0-rc5-syzkaller-01097-g748e3bbf4721 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 ==================================================================