==================================================================
BUG: KASAN: slab-out-of-bounds in btf_name_valid_section kernel/bpf/btf.c:829 [inline]
BUG: KASAN: slab-out-of-bounds in btf_datasec_check_meta+0x670/0x6e4 kernel/bpf/btf.c:4698
Read of size 1 at addr ffff0000154c89c7 by task syz.1.320/4373

CPU: 1 UID: 0 PID: 4373 Comm: syz.1.320 Not tainted 6.11.0-rc3-syzkaller-00221-g670c12ce09a8 #0
Hardware name: linux,dummy-virt (DT)
Call trace:
 dump_backtrace+0x9c/0x11c arch/arm64/kernel/stacktrace.c:317
 show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:324
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0xa4/0xf4 lib/dump_stack.c:119
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0xf4/0x5a4 mm/kasan/report.c:488
 kasan_report+0xc8/0x108 mm/kasan/report.c:601
 __asan_report_load1_noabort+0x20/0x2c mm/kasan/report_generic.c:378
 btf_name_valid_section kernel/bpf/btf.c:829 [inline]
 btf_datasec_check_meta+0x670/0x6e4 kernel/bpf/btf.c:4698
 btf_check_meta kernel/bpf/btf.c:5180 [inline]
 btf_check_all_metas kernel/bpf/btf.c:5204 [inline]
 btf_parse_type_sec kernel/bpf/btf.c:5340 [inline]
 btf_parse kernel/bpf/btf.c:5732 [inline]
 btf_new_fd+0x1078/0x3c14 kernel/bpf/btf.c:7650
 bpf_btf_load kernel/bpf/syscall.c:5035 [inline]
 __sys_bpf+0xe7c/0x30e8 kernel/bpf/syscall.c:5755
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __arm64_sys_bpf+0x70/0xa4 kernel/bpf/syscall.c:5815
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:49
 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:132
 do_el0_svc_compat+0x40/0x68 arch/arm64/kernel/syscall.c:157
 el0_svc_compat+0x4c/0x17c arch/arm64/kernel/entry-common.c:852
 el0t_32_sync_handler+0x98/0x13c arch/arm64/kernel/entry-common.c:862
 el0t_32_sync+0x194/0x198 arch/arm64/kernel/entry.S:603

Allocated by task 4373:
 kasan_save_stack+0x3c/0x64 mm/kasan/common.c:47
 kasan_save_track+0x20/0x3c mm/kasan/common.c:68
 kasan_save_alloc_info+0x40/0x54 mm/kasan/generic.c:565
 poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
 __kasan_kmalloc+0xb8/0xbc mm/kasan/common.c:387
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __do_kmalloc_node mm/slub.c:4158 [inline]
 __kmalloc_node_noprof+0x1e8/0x428 mm/slub.c:4164
 __kvmalloc_node_noprof+0x1c/0x1b4 mm/util.c:650
 btf_parse kernel/bpf/btf.c:5708 [inline]
 btf_new_fd+0x48c/0x3c14 kernel/bpf/btf.c:7650
 bpf_btf_load kernel/bpf/syscall.c:5035 [inline]
 __sys_bpf+0xe7c/0x30e8 kernel/bpf/syscall.c:5755
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __arm64_sys_bpf+0x70/0xa4 kernel/bpf/syscall.c:5815
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:49
 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:132
 do_el0_svc_compat+0x40/0x68 arch/arm64/kernel/syscall.c:157
 el0_svc_compat+0x4c/0x17c arch/arm64/kernel/entry-common.c:852
 el0t_32_sync_handler+0x98/0x13c arch/arm64/kernel/entry-common.c:862
 el0t_32_sync+0x194/0x198 arch/arm64/kernel/entry.S:603

The buggy address belongs to the object at ffff0000154c8980
 which belongs to the cache kmalloc-96 of size 96
The buggy address is located 0 bytes to the right of
 allocated 71-byte region [ffff0000154c8980, ffff0000154c89c7)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x554c8
ksm flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff)
page_type: 0xfdffffff(slab)
raw: 01ffc00000000000 ffff00000a001280 fffffdffc02e4f40 dead000000000007
raw: 0000000000000000 0000000080200020 00000001fdffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff0000154c8880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
 ffff0000154c8900: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
>ffff0000154c8980: 00 00 00 00 00 00 00 00 07 fc fc fc fc fc fc fc
                                           ^
 ffff0000154c8a00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
 ffff0000154c8a80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
==================================================================