!!!! control_disable control_disable ss name pids
!!!! control_disable kill_css(ffff888102fdd800) 
!!!! IN kill css_get(ffff888102fdd800) 
!!!! IN kill css_get(ffff888100125c00) 
general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 0 PID: 436 Comm: syz-executor.0 Not tainted 5.10.110-syzkaller-00174-g7bf0dde2d9b6 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:percpu_ref_kill_and_confirm+0x3a/0x200 lib/percpu-refcount.c:382
Code: f7 49 89 fc 49 bd 00 00 00 00 00 fc ff df e8 fd 7a 20 ff 48 c7 c7 20 90 91 86 e8 f1 bf 46 02 48 89 45 d0 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 07 41 5a ff 4d 8b 34 24 4c 89 f6
RSP: 0018:ffffc900010878b8 EFLAGS: 00010002
RAX: 0000000000000246 RBX: 0000000000000002 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90001087820
RBP: ffffc900010878e8 R08: dffffc0000000000 R09: 0000000000000003
R10: fffff52000210f05 R11: 1ffff92000210f04 R12: 0000000000000010
R13: dffffc0000000000 R14: ffff888100125c54 R15: ffffffff8165dd50
FS:  00007f4ce2de7700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4ce2dc5ff8 CR3: 000000010f918000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 kill_css+0x1b5/0x200 kernel/cgroup/cgroup.c:5577
 cgroup_apply_control_disable kernel/cgroup/cgroup.c:3165 [inline]
 cgroup_finalize_control+0xb0d/0x10d0 kernel/cgroup/cgroup.c:3229
 cgroup_subtree_control_write+0xd29/0x1310 kernel/cgroup/cgroup.c:3358
 cgroup_file_write+0x28e/0x590 kernel/cgroup/cgroup.c:3800
 kernfs_fop_write_iter+0x2d0/0x410 fs/kernfs/file.c:296
 call_write_iter include/linux/fs.h:1947 [inline]
 new_sync_write fs/read_write.c:518 [inline]
 vfs_write+0xc1c/0xf40 fs/read_write.c:605
 ksys_write+0x198/0x2c0 fs/read_write.c:658
 __do_sys_write fs/read_write.c:670 [inline]
 __se_sys_write fs/read_write.c:667 [inline]
 __x64_sys_write+0x7b/0x90 fs/read_write.c:667
 do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f4ce2e710e9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4ce2de7168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f4ce2f83f60 RCX: 00007f4ce2e710e9
RDX: 0000000000000006 RSI: 0000000020000100 RDI: 0000000000000004
RBP: 00007f4ce2ecb08d R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd756f23ef R14: 00007f4ce2de7300 R15: 0000000000022000
Modules linked in:
---[ end trace 29fe92a4c4e7351f ]---
RIP: 0010:percpu_ref_kill_and_confirm+0x3a/0x200 lib/percpu-refcount.c:382
Code: f7 49 89 fc 49 bd 00 00 00 00 00 fc ff df e8 fd 7a 20 ff 48 c7 c7 20 90 91 86 e8 f1 bf 46 02 48 89 45 d0 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 07 41 5a ff 4d 8b 34 24 4c 89 f6
RSP: 0018:ffffc900010878b8 EFLAGS: 00010002
RAX: 0000000000000246 RBX: 0000000000000002 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90001087820
RBP: ffffc900010878e8 R08: dffffc0000000000 R09: 0000000000000003
R10: fffff52000210f05 R11: 1ffff92000210f04 R12: 0000000000000010
R13: dffffc0000000000 R14: ffff888100125c54 R15: ffffffff8165dd50
FS:  00007f4ce2de7700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4ce2dc5ff8 CR3: 000000010f918000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	49 89 fc             	mov    %rdi,%r12
   3:	49 bd 00 00 00 00 00 	movabs $0xdffffc0000000000,%r13
   a:	fc ff df
   d:	e8 fd 7a 20 ff       	callq  0xff207b0f
  12:	48 c7 c7 20 90 91 86 	mov    $0xffffffff86919020,%rdi
  19:	e8 f1 bf 46 02       	callq  0x246c00f
  1e:	48 89 45 d0          	mov    %rax,-0x30(%rbp)
  22:	4c 89 e3             	mov    %r12,%rbx
  25:	48 c1 eb 03          	shr    $0x3,%rbx
* 29:	42 80 3c 2b 00       	cmpb   $0x0,(%rbx,%r13,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	4c 89 e7             	mov    %r12,%rdi
  33:	e8 07 41 5a ff       	callq  0xff5a413f
  38:	4d 8b 34 24          	mov    (%r12),%r14
  3c:	4c 89 f6             	mov    %r14,%rsi