BUG: spinlock bad magic on CPU#0, kworker/0:21/17475
==================================================================
BUG: KASAN: slab-out-of-bounds in task_pid_nr include/linux/sched.h:1408 [inline]
BUG: KASAN: slab-out-of-bounds in spin_dump kernel/locking/spinlock_debug.c:65 [inline]
BUG: KASAN: slab-out-of-bounds in spin_bug.cold+0x95/0x9e kernel/locking/spinlock_debug.c:75
Read of size 4 at addr ffff88802591e8e0 by task kworker/0:21/17475

CPU: 0 PID: 17475 Comm: kworker/0:21 Not tainted 5.11.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events l2cap_chan_timeout
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x107/0x163 lib/dump_stack.c:120
 print_address_description.constprop.0.cold+0x5b/0x2f8 mm/kasan/report.c:230
 __kasan_report mm/kasan/report.c:396 [inline]
 kasan_report.cold+0x79/0xd5 mm/kasan/report.c:413
 task_pid_nr include/linux/sched.h:1408 [inline]
 spin_dump kernel/locking/spinlock_debug.c:65 [inline]
 spin_bug.cold+0x95/0x9e kernel/locking/spinlock_debug.c:75
 debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]
 do_raw_spin_lock+0x216/0x2b0 kernel/locking/spinlock_debug.c:112
 spin_lock_bh include/linux/spinlock.h:359 [inline]
 lock_sock_nested+0x3b/0x110 net/core/sock.c:3049
 l2cap_sock_teardown_cb+0xa1/0x660 net/bluetooth/l2cap_sock.c:1520
 l2cap_chan_del+0xbc/0xa80 net/bluetooth/l2cap_core.c:618
 l2cap_chan_close+0x1bc/0xaf0 net/bluetooth/l2cap_core.c:823
 l2cap_chan_timeout+0x17e/0x2f0 net/bluetooth/l2cap_core.c:436
 process_one_work+0x98d/0x15f0 kernel/workqueue.c:2275
 worker_thread+0x64c/0x1120 kernel/workqueue.c:2421
 kthread+0x3b1/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296

Allocated by task 29667:
 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38
 kasan_set_track mm/kasan/common.c:46 [inline]
 set_alloc_info mm/kasan/common.c:401 [inline]
 ____kasan_kmalloc.constprop.0+0x82/0xa0 mm/kasan/common.c:429
 kmalloc include/linux/slab.h:557 [inline]
 kzalloc include/linux/slab.h:682 [inline]
 __register_sysctl_table+0x112/0x1090 fs/proc/proc_sysctl.c:1314
 __devinet_sysctl_register+0x156/0x280 net/ipv4/devinet.c:2571
 devinet_sysctl_register net/ipv4/devinet.c:2611 [inline]
 devinet_sysctl_register+0x160/0x230 net/ipv4/devinet.c:2601
 inetdev_init+0x225/0x4f0 net/ipv4/devinet.c:276
 inetdev_event+0xa4f/0x15c0 net/ipv4/devinet.c:1530
 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83
 call_netdevice_notifiers_info+0xb5/0x130 net/core/dev.c:2040
 call_netdevice_notifiers_extack net/core/dev.c:2052 [inline]
 call_netdevice_notifiers net/core/dev.c:2066 [inline]
 register_netdevice+0x1062/0x1620 net/core/dev.c:10066
 register_netdev+0x2d/0x50 net/core/dev.c:10166
 sit_init_net+0x3a4/0xac0 net/ipv6/sit.c:1914
 ops_init+0xaf/0x470 net/core/net_namespace.c:152
 setup_net+0x2de/0x850 net/core/net_namespace.c:342
 copy_net_ns+0x31e/0x760 net/core/net_namespace.c:483
 create_new_namespaces+0x3f6/0xb20 kernel/nsproxy.c:110
 unshare_nsproxy_namespaces+0xbd/0x1f0 kernel/nsproxy.c:226
 ksys_unshare+0x445/0x8e0 kernel/fork.c:2957
 __do_sys_unshare kernel/fork.c:3025 [inline]
 __se_sys_unshare kernel/fork.c:3023 [inline]
 __x64_sys_unshare+0x2d/0x40 kernel/fork.c:3023
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Last potentially related work creation:
 kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38
 kasan_record_aux_stack+0xc5/0xf0 mm/kasan/generic.c:344
 __call_rcu kernel/rcu/tree.c:2965 [inline]
 call_rcu+0xbb/0x700 kernel/rcu/tree.c:3038
 netlink_release+0xd43/0x1cf0 net/netlink/af_netlink.c:802
 __sock_release+0xcd/0x280 net/socket.c:597
 sock_close+0x18/0x20 net/socket.c:1256
 __fput+0x283/0x920 fs/file_table.c:280
 task_work_run+0xdd/0x190 kernel/task_work.c:140
 tracehook_notify_resume include/linux/tracehook.h:189 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
 exit_to_user_mode_prepare+0x249/0x250 kernel/entry/common.c:201
 __syscall_exit_to_user_mode_work kernel/entry/common.c:291 [inline]
 syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:302
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

The buggy address belongs to the object at ffff88802591e000
 which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 224 bytes to the right of
 2048-byte region [ffff88802591e000, ffff88802591e800)
The buggy address belongs to the page:
page:00000000b8c07013 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25918
head:00000000b8c07013 order:3 compound_mapcount:0 compound_pincount:0
flags: 0xfff00000010200(slab|head)
raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010042000
raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff88802591e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88802591e800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff88802591e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                                       ^
 ffff88802591e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff88802591e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================