==================================================================
BUG: KASAN: use-after-free in radix_tree_next_slot include/linux/radix-tree.h:422 [inline]
BUG: KASAN: use-after-free in idr_for_each+0xf4/0x160 lib/idr.c:202
Read of size 8 at addr ffffffe00d0adc88 by task syz-executor.0/3577

CPU: 0 PID: 3577 Comm: syz-executor.0 Not tainted 5.12.0-rc2-syzkaller-00467-g0d7588ab9ef9 #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffe0000096c0>] walk_stackframe+0x0/0x23c arch/riscv/kernel/traps.c:201

Allocated by task 3573:
(stack is not available)

Freed by task 3384:
(stack is not available)

The buggy address belongs to the object at ffffffe00d0adb80
 which belongs to the cache radix_tree_node of size 576
The buggy address is located 264 bytes inside of
 576-byte region [ffffffe00d0adb80, ffffffe00d0addc0)
The buggy address belongs to the page:
page:ffffffcf0234ab00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8d2ac
head:ffffffcf0234ab00 order:2 compound_mapcount:0 compound_pincount:0
flags: 0xffe000000010200(slab|head)
raw: 0ffe000000010200 0000000000000100 0000000000000122 ffffffe005604a00
raw: 0000000000000000 0000000080170017 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffffffe00d0adb80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffffffe00d0adc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffffffe00d0adc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                      ^
 ffffffe00d0add00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ffffffe00d0add80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
==================================================================