Unable to handle kernel paging request at virtual address fbd529d5a000014e
KASAN: maybe wild-memory-access in range [0xdead4ead00000a70-0xdead4ead00000a77]
Mem abort info:
  ESR = 0x0000000096000004
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x04: level 0 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[fbd529d5a000014e] address between user and kernel address ranges
Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 6194 Comm: kworker/1:3 Not tainted 6.6.0-rc7-syzkaller-gc41a7afa00be #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
Workqueue: events l2cap_info_timeout
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : hci_send_acl+0x60/0xc48 net/bluetooth/hci_core.c:3231
lr : hci_send_acl+0x3c/0xc48 net/bluetooth/hci_core.c:3230
sp : ffff8000972576f0
x29: ffff800097257760 x28: dfff800000000000 x27: ffff0000e81de70e
x26: ffff0000e81de70c x25: dfff800000000000 x24: 1fffe0001a725ec3
x23: dead4ead00000a70 x22: ffff0000d392f618 x21: 0000000000000002
x20: ffff0000d392f600 x19: ffff0000d7b723c0 x18: ffff800097257200
x17: ffff80008990be78 x16: ffff800080516600 x15: 0000000000000001
x14: 1fffe0001d03bce2 x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000
x8 : 1bd5a9d5a000014e x7 : 0000000000000000 x6 : 0000000000400023
x5 : ffff0000e81de714 x4 : ffff800097257864 x3 : ffff80008990c024
x2 : 0000000000000002 x1 : ffff0000d7b723c0 x0 : ffff0000d392f600
Call trace:
 hci_send_acl+0x60/0xc48 net/bluetooth/hci_core.c:3231
 l2cap_send_cmd+0x52c/0x76c net/bluetooth/l2cap_core.c:977
 l2cap_send_conn_req+0x188/0x2c4 net/bluetooth/l2cap_core.c:1286
 l2cap_start_connection+0x118/0x2fc net/bluetooth/l2cap_core.c:1514
 l2cap_conn_start+0x928/0xd8c net/bluetooth/l2cap_core.c:1661
 l2cap_info_timeout+0x68/0xb8 net/bluetooth/l2cap_core.c:1807
 process_one_work+0x694/0x1204 kernel/workqueue.c:2630
 process_scheduled_works kernel/workqueue.c:2703 [inline]
 worker_thread+0x938/0xef4 kernel/workqueue.c:2784
 kthread+0x288/0x310 kernel/kthread.c:388
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:857
Code: 979ac8cc f94002c8 9129c117 d343fee8 (38796908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	979ac8cc 	bl	0xfffffffffe6b2330
   4:	f94002c8 	ldr	x8, [x22]
   8:	9129c117 	add	x23, x8, #0xa70
   c:	d343fee8 	lsr	x8, x23, #3
* 10:	38796908 	ldrb	w8, [x8, x25] <-- trapping instruction