BUG: unable to handle page fault for address: ffffc90000017000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 7c00067 P4D 7c00067 PUD 8471067 PMD 8473067 PTE 0
Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 1 PID: 1 Comm: systemd Tainted: G    B              6.0.0-rc4-next-20220909 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
RIP: 0010:_find_next_bit+0xdc/0x140
Code: 89 de 4c 89 ff 49 83 c5 08 e8 20 43 3c ff 49 39 df 74 42 e8 c6 46 3c ff 4c 89 e8 48 83 c3 01 48 c1 e8 03 42 80 3c 30 00 75 42 <49> 8b 6d 00 31 ff 48 89 ee e8 76 43 3c ff 48 85 ed 74 bd e8 9c 46
RSP: 0018:ffff88800853fa70 EFLAGS: 00010046
RAX: 1ffff92000002e00 RBX: 0000000000000010 RCX: 0000000000000000
RDX: ffff888008530000 RSI: ffffffff8209de6a RDI: 0000000000000006
RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000010
R10: 000000000000000f R11: 0000000000000001 R12: 0000000000000400
ieee80211 phy2201: Selected rate control algorithm 'minstrel_ht'
R13: ffffc90000017000 R14: dffffc0000000000 R15: 0000000000000010
FS:  00007f7f57124900(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90000017000 CR3: 0000000009732000 CR4: 0000000000350ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 pcpu_block_refresh_hint+0x1c2/0x2b0
 pcpu_block_update_hint_alloc+0x9d2/0xb70
 pcpu_alloc_area+0x452/0x840
 pcpu_alloc+0x4de/0x10d0
 mem_cgroup_css_alloc+0x263/0x14d0
 cgroup_apply_control_enable+0x445/0xa40
 cgroup_mkdir+0x78a/0x1110
 kernfs_iop_mkdir+0x14d/0x1e0
 vfs_mkdir+0x491/0x740
 do_mkdirat+0x17b/0x2f0
 __x64_sys_mkdir+0xf2/0x140
 do_syscall_64+0x3b/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f7f578f1b07
Code: 1f 40 00 48 8b 05 89 f3 0c 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 59 f3 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffe13297e48 EFLAGS: 00000206 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 000055a73c3869f0 RCX: 00007f7f578f1b07
RDX: 00007ffe13297ce0 RSI: 00000000000001ed RDI: 000055a73c381f20
RBP: 00007f7f57ce2351 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 000055a73c3869f0 R14: 0000000000000000 R15: 000055a73c41db50
 </TASK>
Modules linked in:
CR2: ffffc90000017000
---[ end trace 0000000000000000 ]---
RIP: 0010:_find_next_bit+0xdc/0x140
Code: 89 de 4c 89 ff 49 83 c5 08 e8 20 43 3c ff 49 39 df 74 42 e8 c6 46 3c ff 4c 89 e8 48 83 c3 01 48 c1 e8 03 42 80 3c 30 00 75 42 <49> 8b 6d 00 31 ff 48 89 ee e8 76 43 3c ff 48 85 ed 74 bd e8 9c 46
RSP: 0018:ffff88800853fa70 EFLAGS: 00010046
RAX: 1ffff92000002e00 RBX: 0000000000000010 RCX: 0000000000000000
RDX: ffff888008530000 RSI: ffffffff8209de6a RDI: 0000000000000006
RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000010
R10: 000000000000000f R11: 0000000000000001 R12: 0000000000000400
R13: ffffc90000017000 R14: dffffc0000000000 R15: 0000000000000010
FS:  00007f7f57124900(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90000017000 CR3: 0000000009732000 CR4: 0000000000350ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff4ff0 DR7: 0000000000000400
note: systemd[1] exited with preempt_count 1
----------------
Code disassembly (best guess):
   0:	89 de                	mov    %ebx,%esi
   2:	4c 89 ff             	mov    %r15,%rdi
   5:	49 83 c5 08          	add    $0x8,%r13
   9:	e8 20 43 3c ff       	callq  0xff3c432e
   e:	49 39 df             	cmp    %rbx,%r15
  11:	74 42                	je     0x55
  13:	e8 c6 46 3c ff       	callq  0xff3c46de
  18:	4c 89 e8             	mov    %r13,%rax
  1b:	48 83 c3 01          	add    $0x1,%rbx
  1f:	48 c1 e8 03          	shr    $0x3,%rax
  23:	42 80 3c 30 00       	cmpb   $0x0,(%rax,%r14,1)
  28:	75 42                	jne    0x6c
* 2a:	49 8b 6d 00          	mov    0x0(%r13),%rbp <-- trapping instruction
  2e:	31 ff                	xor    %edi,%edi
  30:	48 89 ee             	mov    %rbp,%rsi
  33:	e8 76 43 3c ff       	callq  0xff3c43ae
  38:	48 85 ed             	test   %rbp,%rbp
  3b:	74 bd                	je     0xfffffffa
  3d:	e8                   	.byte 0xe8
  3e:	9c                   	pushfq
  3f:	46                   	rex.RX