==================================================================
kasan: CONFIG_KASAN_INLINE enabled
BUG: KASAN: stack-out-of-bounds in atomic_read include/asm-generic/atomic-instrumented.h:21 [inline]
BUG: KASAN: stack-out-of-bounds in refcount_inc_not_zero_checked+0x97/0x2f0 lib/refcount.c:120
Read of size 4 at addr ffff8881da9c0bf0 by task syz-executor0/17743
kasan: GPF could be caused by NULL-ptr deref or user memory access

general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 17743 Comm: syz-executor0 Not tainted 4.20.0-rc3+ #312
CPU: 0 PID: 16760 Comm: syz-executor1 Not tainted 4.20.0-rc3+ #312
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
RIP: 0010:vmalloc_fault+0x426/0x770 arch/x86/mm/fault.c:405
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x244/0x39d lib/dump_stack.c:113
Code: e0 e8 5e 27 47 00 48 b8 00 00 00 00 80 88 ff ff 48 ba 00 00 00 00 00 fc ff df 48 01 c3 4d 21 e5 4c 01 eb 48 89 d9 48 c1 e9 03 <80> 3c 11 00 0f 85 b2 02 00 00 48 8b 1b 31 ff 49 89 dc 49 83 e4 9f
RSP: 0018:ffff8881da966208 EFLAGS: 00010002
RAX: ffff888000000000 RBX: 000f887f86bf3ff0 RCX: 0001f10ff0d7e7fe
RDX: dffffc0000000000 RSI: ffffffff81386392 RDI: 0000000000000007
 print_address_description.cold.7+0x9/0x1ff mm/kasan/report.c:256
RBP: ffff8881da966238 R08: ffff8881b9340640 R09: 0000000000000000
 kasan_report_error mm/kasan/report.c:354 [inline]
 kasan_report.cold.8+0x242/0x309 mm/kasan/report.c:412
R10: 0000000000000000 R11: 0000000000000000 R12: 000ffffffffff000
R13: 000fffff86bf3000 R14: ffffe8ffffc8db10 R15: 1ffffffff12a3f90
 check_memory_region_inline mm/kasan/kasan.c:260 [inline]
 check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267
FS:  00007f94a477d700(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000
 kasan_check_read+0x11/0x20 mm/kasan/kasan.c:272
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 atomic_read include/asm-generic/atomic-instrumented.h:21 [inline]
 refcount_inc_not_zero_checked+0x97/0x2f0 lib/refcount.c:120
CR2: ffffe8ffffc8db10 CR3: 00000001d8866000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 refcount_inc_checked+0x15/0x70 lib/refcount.c:153
Modules linked in:
 kref_get include/linux/kref.h:47 [inline]
 aa_get_label security/apparmor/include/label.h:387 [inline]
 aa_get_newest_label security/apparmor/include/label.h:441 [inline]
 aa_get_newest_cred_label security/apparmor/include/cred.h:53 [inline]
 apparmor_capable+0x2ec/0x6c0 security/apparmor/lsm.c:184
---[ end trace 960867bfb742eda0 ]---
RIP: 0010:vmalloc_fault+0x426/0x770 arch/x86/mm/fault.c:405
Code: e0 e8 5e 27 47 00 48 b8 00 00 00 00 80 88 ff ff 48 ba 00 00 00 00 00 fc ff df 48 01 c3 4d 21 e5 4c 01 eb 48 89 d9 48 c1 e9 03 <80> 3c 11 00 0f 85 b2 02 00 00 48 8b 1b 31 ff 49 89 dc 49 83 e4 9f
RSP: 0018:ffff8881da966208 EFLAGS: 00010002
RAX: ffff888000000000 RBX: 000f887f86bf3ff0 RCX: 0001f10ff0d7e7fe
RDX: dffffc0000000000 RSI: ffffffff81386392 RDI: 0000000000000007
 security_capable+0x65/0xc0 security/security.c:300
RBP: ffff8881da966238 R08: ffff8881b9340640 R09: 0000000000000000
 ns_capable_common+0xf1/0x170 kernel/capability.c:375
R10: 0000000000000000 R11: 0000000000000000 R12: 000ffffffffff000
 ns_capable+0x22/0x30 kernel/capability.c:397
R13: 000fffff86bf3000 R14: ffffe8ffffc8db10 R15: 1ffffffff12a3f90
 do_ip6t_get_ctl+0xf6/0xbf0 net/ipv6/netfilter/ip6_tables.c:1703
FS:  00007f94a477d700(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffe8ffffc8db10 CR3: 00000001d8866000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400