==================================================================
BUG: KASAN: global-out-of-bounds in instrument_atomic_read include/linux/instrumented.h:71 [inline]
BUG: KASAN: global-out-of-bounds in test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
BUG: KASAN: global-out-of-bounds in __lock_acquire+0xdee/0x6100 kernel/locking/lockdep.c:4985
Read of size 8 at addr ffffffff8fadeaf0 by task kworker/1:9/27666

CPU: 1 PID: 27666 Comm: kworker/1:9 Not tainted 5.14.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events l2cap_chan_timeout
Call Trace:
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x1ae/0x29f lib/dump_stack.c:105
 print_address_description+0x66/0x3b0 mm/kasan/report.c:233
 __kasan_report mm/kasan/report.c:419 [inline]
 kasan_report+0x163/0x210 mm/kasan/report.c:436
 check_region_inline mm/kasan/generic.c:135 [inline]
 kasan_check_range+0x2b5/0x2f0 mm/kasan/generic.c:189
 instrument_atomic_read include/linux/instrumented.h:71 [inline]
 test_bit include/asm-generic/bitops/instrumented-non-atomic.h:134 [inline]
 __lock_acquire+0xdee/0x6100 kernel/locking/lockdep.c:4985
 lock_acquire+0x182/0x4a0 kernel/locking/lockdep.c:5625
 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
 _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:175
 spin_lock_bh include/linux/spinlock.h:359 [inline]
 lock_sock_nested+0x48/0x110 net/core/sock.c:3162
 l2cap_sock_teardown_cb+0x76/0x360 net/bluetooth/l2cap_sock.c:1528
 l2cap_chan_del+0xaf/0x610 net/bluetooth/l2cap_core.c:622
 l2cap_chan_timeout+0x12c/0x280 net/bluetooth/l2cap_core.c:436
 process_one_work+0x833/0x10c0 kernel/workqueue.c:2276
 worker_thread+0xac1/0x1320 kernel/workqueue.c:2422
 kthread+0x453/0x480 kernel/kthread.c:319
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

The buggy address belongs to the variable:
 chainhash_table+0x9fdf0/0xa0000

Memory state around the buggy address:
 ffffffff8fade980: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
 ffffffff8fadea00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
>ffffffff8fadea80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
                                                             ^
 ffffffff8fadeb00: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
 ffffffff8fadeb80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
==================================================================