BUG: unable to handle page fault for address: ffffffffffffff00
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 5029067 P4D 5029067 PUD 502b067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 1 PID: 303 Comm: kworker/u5:1 Not tainted 5.16.0-rc6-next-20211224 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Workqueue: hci3 hci_rx_work
RIP: 0010:hci_inquiry_result_with_rssi_evt+0xb1/0x850 net/bluetooth/hci_event.c:4519
Code: b8 00 00 00 00 00 fc ff df 4c 8b 65 00 4c 89 e2 48 c1 ea 03 0f b6 04 02 4c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 69 06 00 00 <45> 0f b6 24 24 31 ff 44 89 e6 e8 70 3d a8 fd 45 84 e4 75 49 e8 86
RSP: 0018:ffff888017eb7ae8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888017fb4000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff839ae514 RDI: ffff888017fb4000
RBP: ffff888009aac00b R08: 000000000000003b R09: 0000000000000000
R10: ffffffff839cdf70 R11: 0000000000000000 R12: ffffffffffffff00
R13: ffff88804b81b500 R14: 0000000000000000 R15: 0000000000000022
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffff00 CR3: 000000004a60e000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 hci_event_func net/bluetooth/hci_event.c:6838 [inline]
 hci_event_packet+0x7b6/0xdd0 net/bluetooth/hci_event.c:6887
 hci_rx_work+0x22e/0xb70 net/bluetooth/hci_core.c:3817
 process_one_work+0xa2a/0x16d0 kernel/workqueue.c:2307
 worker_thread+0x628/0x1310 kernel/workqueue.c:2454
 kthread+0x2f0/0x3a0 kernel/kthread.c:377
 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Modules linked in:
CR2: ffffffffffffff00
---[ end trace 0000000000000000 ]---
RIP: 0010:hci_inquiry_result_with_rssi_evt+0xb1/0x850 net/bluetooth/hci_event.c:4519
Code: b8 00 00 00 00 00 fc ff df 4c 8b 65 00 4c 89 e2 48 c1 ea 03 0f b6 04 02 4c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 69 06 00 00 <45> 0f b6 24 24 31 ff 44 89 e6 e8 70 3d a8 fd 45 84 e4 75 49 e8 86
RSP: 0018:ffff888017eb7ae8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff888017fb4000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff839ae514 RDI: ffff888017fb4000
RBP: ffff888009aac00b R08: 000000000000003b R09: 0000000000000000
R10: ffffffff839cdf70 R11: 0000000000000000 R12: ffffffffffffff00
R13: ffff88804b81b500 R14: 0000000000000000 R15: 0000000000000022
FS:  0000000000000000(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffff00 CR3: 000000004a60e000 CR4: 0000000000350ee0
----------------
Code disassembly (best guess):
   0:	b8 00 00 00 00       	mov    $0x0,%eax
   5:	00 fc                	add    %bh,%ah
   7:	ff                   	(bad)
   8:	df 4c 8b 65          	fisttps 0x65(%rbx,%rcx,4)
   c:	00 4c 89 e2          	add    %cl,-0x1e(%rcx,%rcx,4)
  10:	48 c1 ea 03          	shr    $0x3,%rdx
  14:	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax
  18:	4c 89 e2             	mov    %r12,%rdx
  1b:	83 e2 07             	and    $0x7,%edx
  1e:	38 d0                	cmp    %dl,%al
  20:	7f 08                	jg     0x2a
  22:	84 c0                	test   %al,%al
  24:	0f 85 69 06 00 00    	jne    0x693
* 2a:	45 0f b6 24 24       	movzbl (%r12),%r12d <-- trapping instruction
  2f:	31 ff                	xor    %edi,%edi
  31:	44 89 e6             	mov    %r12d,%esi
  34:	e8 70 3d a8 fd       	callq  0xfda83da9
  39:	45 84 e4             	test   %r12b,%r12b
  3c:	75 49                	jne    0x87
  3e:	e8                   	.byte 0xe8
  3f:	86                   	.byte 0x86