==================================================================
BUG: KASAN: use-after-free in radix_tree_next_slot include/linux/radix-tree.h:422 [inline]
BUG: KASAN: use-after-free in idr_for_each+0xf4/0x160 lib/idr.c:202
Read of size 8 at addr ffffffe010c00878 by task syz-executor.1/4828

CPU: 0 PID: 4828 Comm: syz-executor.1 Not tainted 5.12.0-rc2-syzkaller-00467-g0d7588ab9ef9 #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffe0000096c0>] walk_stackframe+0x0/0x23c arch/riscv/kernel/traps.c:201

Allocated by task 4828:
(stack is not available)

Freed by task 4473:
(stack is not available)

The buggy address belongs to the object at ffffffe010c00840
 which belongs to the cache radix_tree_node of size 576
The buggy address is located 56 bytes inside of
 576-byte region [ffffffe010c00840, ffffffe010c00a80)
The buggy address belongs to the page:
page:ffffffcf02438000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x90e00
head:ffffffcf02438000 order:2 compound_mapcount:0 compound_pincount:0
flags: 0x10200(slab|head)
raw: 0000000000010200 0000000000000100 0000000000000122 ffffffe006e04a00
raw: 0000000000000000 0000000080170017 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffffffe010c00700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffffffe010c00780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
>ffffffe010c00800: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
                                                                ^
 ffffffe010c00880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffffffe010c00900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================