==================================================================
BUG: KASAN: slab-out-of-bounds in j1939_session_tx_dat net/can/j1939/transport.c:790 [inline]
BUG: KASAN: slab-out-of-bounds in j1939_xtp_txnext_transmiter net/can/j1939/transport.c:847 [inline]
BUG: KASAN: slab-out-of-bounds in j1939_tp_txtimer+0x1e64/0x3780 net/can/j1939/transport.c:1095
Read of size 7 at addr ffff888048d3163a by task ksoftirqd/1/16

CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.8.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1f0/0x31e lib/dump_stack.c:118
 print_address_description+0x66/0x5a0 mm/kasan/report.c:383
 __kasan_report mm/kasan/report.c:513 [inline]
 kasan_report+0x132/0x1d0 mm/kasan/report.c:530
 check_memory_region_inline mm/kasan/generic.c:183 [inline]
 check_memory_region+0x2b5/0x2f0 mm/kasan/generic.c:192
 memcpy+0x25/0x60 mm/kasan/common.c:105
 j1939_session_tx_dat net/can/j1939/transport.c:790 [inline]
 j1939_xtp_txnext_transmiter net/can/j1939/transport.c:847 [inline]
 j1939_tp_txtimer+0x1e64/0x3780 net/can/j1939/transport.c:1095
 __run_hrtimer kernel/time/hrtimer.c:1520 [inline]
 __hrtimer_run_queues+0x47f/0x930 kernel/time/hrtimer.c:1584
 hrtimer_run_softirq+0x15a/0x1b0 kernel/time/hrtimer.c:1601
 __do_softirq+0x268/0x80c kernel/softirq.c:292
 run_ksoftirqd+0x60/0xf0 kernel/softirq.c:630
 smpboot_thread_fn+0x572/0x970 kernel/smpboot.c:165
 kthread+0x37e/0x3a0 drivers/block/aoe/aoecmd.c:1234
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293

Allocated by task 9942:
 save_stack mm/kasan/common.c:48 [inline]
 set_track mm/kasan/common.c:56 [inline]
 __kasan_kmalloc+0x103/0x140 mm/kasan/common.c:494
 __do_kmalloc mm/slab.c:3656 [inline]
 __kmalloc_track_caller+0x249/0x320 mm/slab.c:3671
 kmemdup+0x21/0x50 mm/util.c:127
 __devinet_sysctl_register+0x4b/0x2d0 net/ipv4/devinet.c:2560
 devinet_sysctl_register+0x139/0x1a0 net/ipv4/devinet.c:2612
 inetdev_init+0x241/0x450 net/ipv4/devinet.c:276
 inetdev_event+0x22f/0x13b0 net/ipv4/devinet.c:1531
 notifier_call_chain kernel/notifier.c:83 [inline]
 __raw_notifier_call_chain kernel/notifier.c:361 [inline]
 raw_notifier_call_chain+0xe7/0x170 kernel/notifier.c:368
 call_netdevice_notifiers_info net/core/dev.c:2027 [inline]
 call_netdevice_notifiers_extack net/core/dev.c:2039 [inline]
 call_netdevice_notifiers net/core/dev.c:2053 [inline]
 register_netdevice+0x1593/0x1b80 net/core/dev.c:9545
 macvlan_common_newlink+0xc56/0x1240 drivers/net/macvlan.c:1477
 macvtap_newlink+0x150/0x1d0 drivers/net/macvtap.c:109
 __rtnl_newlink net/core/rtnetlink.c:3339 [inline]
 rtnl_newlink+0x143e/0x1bf0 net/core/rtnetlink.c:3397
 rtnetlink_rcv_msg+0x889/0xd40 net/core/rtnetlink.c:5460
 netlink_rcv_skb+0x190/0x3a0 net/netlink/af_netlink.c:2469
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x786/0x940 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0xa57/0xd70 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0x519/0x800 net/socket.c:2352
 ___sys_sendmsg net/socket.c:2406 [inline]
 __sys_sendmsg+0x2b1/0x360 net/socket.c:2439
 do_syscall_64+0x73/0xe0 arch/x86/entry/common.c:359
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

Freed by task 3880:
 save_stack mm/kasan/common.c:48 [inline]
 set_track mm/kasan/common.c:56 [inline]
 kasan_set_free_info mm/kasan/common.c:316 [inline]
 __kasan_slab_free+0x114/0x170 mm/kasan/common.c:455
 __cache_free mm/slab.c:3426 [inline]
 kfree+0x10a/0x220 mm/slab.c:3757
 tomoyo_realpath_from_path+0x5e1/0x630 security/tomoyo/realpath.c:291
 tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
 tomoyo_path_perm+0x17d/0x740 security/tomoyo/file.c:822
 security_inode_getattr+0xc0/0x140 security/security.c:1278
 vfs_getattr fs/stat.c:121 [inline]
 vfs_statx+0x118/0x380 fs/stat.c:206
 vfs_lstat include/linux/fs.h:3301 [inline]
 __do_sys_newlstat fs/stat.c:374 [inline]
 __se_sys_newlstat fs/stat.c:368 [inline]
 __x64_sys_newlstat+0x81/0xd0 fs/stat.c:368
 do_syscall_64+0x73/0xe0 arch/x86/entry/common.c:359
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

The buggy address belongs to the object at ffff888048d30000
 which belongs to the cache kmalloc-4k of size 4096
The buggy address is located 1594 bytes to the right of
 4096-byte region [ffff888048d30000, ffff888048d31000)
The buggy address belongs to the page:
page:ffffea0001234c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 head:ffffea0001234c00 order:1 compound_mapcount:0
flags: 0xfffe0000010200(slab|head)
raw: 00fffe0000010200 ffffea00014d2988 ffffea000239c388 ffff8880aa402000
raw: 0000000000000000 ffff888048d30000 0000000100000001 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff888048d31500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888048d31580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff888048d31600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                                        ^
 ffff888048d31680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff888048d31700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================