In the Linux kernel, the following vulnerability has been resolved:
gfs2: Fix slab-use-after-free in gfs2qddealloc
In gfs2putsuper(), whether withdrawn or not, the quota should be cleaned up by gfs2quotacleanup().
Otherwise, struct gfs2sbd will be freed before gfs2qddealloc (rcu callback) has run for all gfs2quota_data objects, resulting in use-after-free.
Also, gfs2destroythreads() and gfs2quotacleanup() is already called by gfs2makefsro(), so in gfs2putsuper(), after calling gfs2makefsro(), there is no need to call them again.