BUG: unable to handle page fault for address: ffffed10170c3801
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 13ffee067 P4D 13ffee067 PUD 5fff6067 PMD 0 
Oops: Oops: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 2299 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Workqueue: cgroup_destroy css_free_rwork_fn
RIP: 0010:css_rstat_flush+0x582/0x1890
Code: e4 16 07 00 eb 05 e8 dd 16 07 00 4c 8b 7c 24 08 4c 03 7c 24 10 4d 8d 77 08 4d 89 f5 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df <41> 80 7c 05 00 00 74 08 4c 89 f7 e8 fe 7f 6a 00 49 83 3e 00 0f 84
RSP: 0018:ffffc9000b017848 EFLAGS: 00010802
RAX: dffffc0000000000 RBX: ffff88811b74f108 RCX: ffff88801edfd640
RDX: 0000000000000000 RSI: ffffffff8be332e0 RDI: ffff88804b040f88
RBP: ffffffff8dbded10 R08: ffffffff8fa37e37 R09: 1ffffffff1f46fc6
R10: dffffc0000000000 R11: fffffbfff1f46fc7 R12: ffff88804b040f88
R13: 1ffff110170c3801 R14: ffff8880b861c008 R15: ffff8880b861c000
FS:  0000000000000000(0000) GS:ffff8880b861c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed10170c3801 CR3: 000000011d3c6000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 css_rstat_exit+0xa9/0x320
 css_free_rwork_fn+0x90/0xb80
 process_scheduled_works+0xae1/0x17b0
 worker_thread+0x8a0/0xda0
 kthread+0x711/0x8a0
 ret_from_fork+0x3fc/0x770
 ret_from_fork_asm+0x1a/0x30
 </TASK>
Modules linked in:
CR2: ffffed10170c3801
---[ end trace 0000000000000000 ]---
RIP: 0010:css_rstat_flush+0x582/0x1890
Code: e4 16 07 00 eb 05 e8 dd 16 07 00 4c 8b 7c 24 08 4c 03 7c 24 10 4d 8d 77 08 4d 89 f5 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df <41> 80 7c 05 00 00 74 08 4c 89 f7 e8 fe 7f 6a 00 49 83 3e 00 0f 84
RSP: 0018:ffffc9000b017848 EFLAGS: 00010802
RAX: dffffc0000000000 RBX: ffff88811b74f108 RCX: ffff88801edfd640
RDX: 0000000000000000 RSI: ffffffff8be332e0 RDI: ffff88804b040f88
RBP: ffffffff8dbded10 R08: ffffffff8fa37e37 R09: 1ffffffff1f46fc6
R10: dffffc0000000000 R11: fffffbfff1f46fc7 R12: ffff88804b040f88
R13: 1ffff110170c3801 R14: ffff8880b861c008 R15: ffff8880b861c000
FS:  0000000000000000(0000) GS:ffff8880b861c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed10170c3801 CR3: 000000011d3c6000 CR4: 00000000000006f0
