==================================================================
BUG: KASAN: use-after-free in radix_tree_next_slot include/linux/radix-tree.h:422 [inline]
BUG: KASAN: use-after-free in idr_for_each+0xf4/0x160 lib/idr.c:202
Read of size 8 at addr ffffffe01102f9f8 by task syz-executor.1/5197

CPU: 0 PID: 5197 Comm: syz-executor.1 Not tainted 5.12.0-rc2-syzkaller-00467-g0d7588ab9ef9 #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffe0000096c0>] walk_stackframe+0x0/0x23c arch/riscv/kernel/traps.c:201

Allocated by task 5197:
(stack is not available)

Freed by task 97:
(stack is not available)

The buggy address belongs to the object at ffffffe01102f9c0
 which belongs to the cache radix_tree_node of size 576
The buggy address is located 56 bytes inside of
 576-byte region [ffffffe01102f9c0, ffffffe01102fc00)
The buggy address belongs to the page:
page:ffffffcf02448b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9122c
head:ffffffcf02448b00 order:2 compound_mapcount:0 compound_pincount:0
flags: 0x10200(slab|head)
raw: 0000000000010200 ffffffcf02448900 0000000200000002 ffffffe006e04a00
raw: 0000000000000000 0000000080170017 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffffffe01102f880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffffffe01102f900: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
>ffffffe01102f980: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
                                                                ^
 ffffffe01102fa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffffffe01102fa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================