Eric Biggers wrote:
> > I'm not following, since generic_shutdown_super() only calls ->put_super() if
> > ->s_root is set, which only happens at the end of shmem_fill_super(). Isn't the
> > real problem that s_shrink is registered too early, causing super_cache_count()
> > and shmem_unused_huge_count() to potentially run before shmem_fill_super() has
> > completed? Or alternatively, the problem is that super_cache_count() doesn't
> > check for SB_ACTIVE.
> >
>
> Coincidentally, this is already going to be fixed by commit 79f546a696bff259
> ("fs: don't scan the inode cache before SB_BORN is set") in vfs/for-linus.
Indeed. This is use before initialisation bug which will be fixed by commit 79f546a696bff259.
#syz fix: fs: don't scan the inode cache before SB_BORN is set
