==================================================================
BUG: KASAN: slab-out-of-bounds in btf_name_valid_section kernel/bpf/btf.c:829 [inline]
BUG: KASAN: slab-out-of-bounds in btf_datasec_check_meta+0x670/0x6e4 kernel/bpf/btf.c:4698
Read of size 1 at addr ffff00000c32f1a7 by task syz.0.919/5445

CPU: 0 UID: 0 PID: 5445 Comm: syz.0.919 Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0
Hardware name: linux,dummy-virt (DT)
Call trace:
 dump_backtrace+0x9c/0x11c arch/arm64/kernel/stacktrace.c:317
 show_stack+0x18/0x24 arch/arm64/kernel/stacktrace.c:324
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0xa4/0xf4 lib/dump_stack.c:119
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0xf4/0x5a4 mm/kasan/report.c:488
 kasan_report+0xc8/0x108 mm/kasan/report.c:601
 __asan_report_load1_noabort+0x20/0x2c mm/kasan/report_generic.c:378
 btf_name_valid_section kernel/bpf/btf.c:829 [inline]
 btf_datasec_check_meta+0x670/0x6e4 kernel/bpf/btf.c:4698
 btf_check_meta kernel/bpf/btf.c:5180 [inline]
 btf_check_all_metas kernel/bpf/btf.c:5204 [inline]
 btf_parse_type_sec kernel/bpf/btf.c:5340 [inline]
 btf_parse kernel/bpf/btf.c:5732 [inline]
 btf_new_fd+0x1078/0x3c14 kernel/bpf/btf.c:7650
 bpf_btf_load kernel/bpf/syscall.c:5035 [inline]
 __sys_bpf+0xe7c/0x30e8 kernel/bpf/syscall.c:5755
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __arm64_sys_bpf+0x70/0xa4 kernel/bpf/syscall.c:5815
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:49
 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x50/0x180 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598

Allocated by task 5445:
 kasan_save_stack+0x3c/0x64 mm/kasan/common.c:47
 kasan_save_track+0x20/0x3c mm/kasan/common.c:68
 kasan_save_alloc_info+0x40/0x54 mm/kasan/generic.c:565
 poison_kmalloc_redzone mm/kasan/common.c:370 [inline]
 __kasan_kmalloc+0xb8/0xbc mm/kasan/common.c:387
 kasan_kmalloc include/linux/kasan.h:211 [inline]
 __do_kmalloc_node mm/slub.c:4158 [inline]
 __kmalloc_node_noprof+0x1e8/0x428 mm/slub.c:4164
 __kvmalloc_node_noprof+0x1c/0x1b4 mm/util.c:650
 btf_parse kernel/bpf/btf.c:5708 [inline]
 btf_new_fd+0x48c/0x3c14 kernel/bpf/btf.c:7650
 bpf_btf_load kernel/bpf/syscall.c:5035 [inline]
 __sys_bpf+0xe7c/0x30e8 kernel/bpf/syscall.c:5755
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __arm64_sys_bpf+0x70/0xa4 kernel/bpf/syscall.c:5815
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x6c/0x258 arch/arm64/kernel/syscall.c:49
 el0_svc_common.constprop.0+0xac/0x230 arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x40/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x50/0x180 arch/arm64/kernel/entry-common.c:712
 el0t_64_sync_handler+0x100/0x12c arch/arm64/kernel/entry-common.c:730
 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598

The buggy address belongs to the object at ffff00000c32f180
 which belongs to the cache kmalloc-64 of size 64
The buggy address is located 0 bytes to the right of
 allocated 39-byte region [ffff00000c32f180, ffff00000c32f1a7)

The buggy address belongs to the physical page:
page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c32f
flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff)
page_type: 0xfdffffff(slab)
raw: 01ffc00000000000 ffff00000a0018c0 fffffdffc02ca480 dead000000000006
raw: 0000000000000000 0000000080200020 00000001fdffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff00000c32f080: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
 ffff00000c32f100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
>ffff00000c32f180: 00 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc
                               ^
 ffff00000c32f200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
 ffff00000c32f280: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
==================================================================