exfat_alloc_inode() does not initialize the cache_lru list head of
struct exfat_inode_info.

If an inode is evicted before its cache structures are properly
initialized (e.g., during a forced unmount), the cleanup
path in __exfat_cache_inval_inode() may observe an uninitialized
list head.

The check:

    while (!list_empty(&ei->cache_lru))

may incorrectly succeed when stale pointers remain from a reused
slab object. Subsequent list traversal can then operate on invalid
entries, potentially leading to a NULL pointer dereference or
memory corruption.

Initialize cache_lru, cache_lru_lock, nr_caches, and cache_valid_id
in exfat_alloc_inode() to ensure a well-defined state at allocation
time.

Signed-off-by: Yang Wen <anmuxixixi@gmail.com>
---
 fs/exfat/super.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fs/exfat/super.c b/fs/exfat/super.c
index 83396fd265cd..0c4a22b8d5fa 100644
--- a/fs/exfat/super.c
+++ b/fs/exfat/super.c
@@ -195,6 +195,10 @@ static struct inode *exfat_alloc_inode(struct super_block *sb)
 	if (!ei)
 		return NULL;
 
+	spin_lock_init(&ei->cache_lru_lock);
+	ei->nr_caches = 0;
+	ei->cache_valid_id = EXFAT_CACHE_VALID + 1;
+	INIT_LIST_HEAD(&ei->cache_lru);
 	init_rwsem(&ei->truncate_lock);
 	return &ei->vfs_inode;
 }
-- 
2.43.0