--- x/fs/super.c
+++ y/fs/super.c
@@ -451,7 +451,6 @@ void deactivate_locked_super(struct supe
 	struct file_system_type *fs = s->s_type;
 	if (atomic_dec_and_test(&s->s_active)) {
 		unregister_shrinker(&s->s_shrink);
-		fs->kill_sb(s);
 
 		/*
 		 * Since list_lru_destroy() may sleep, we cannot call it from
@@ -472,6 +471,7 @@ void deactivate_locked_super(struct supe
 		hlist_del_init(&s->s_instances);
 		spin_unlock(&sb_lock);
 
+		fs->kill_sb(s);
 		/*
 		 * Let concurrent mounts know that this thing is really dead.
 		 * We don't need @sb->s_umount here as every concurrent caller
--- x/fs/proc/root.c
+++ y/fs/proc/root.c
@@ -194,20 +194,31 @@ static int proc_fill_super(struct super_
 	root_inode = proc_get_inode(s, &proc_root);
 	if (!root_inode) {
 		pr_err("proc_fill_super: get root inode failed\n");
-		return -ENOMEM;
+		ret = -ENOMEM;
+		goto err;
 	}
 
 	s->s_root = d_make_root(root_inode);
 	if (!s->s_root) {
 		pr_err("proc_fill_super: allocate dentry failed\n");
-		return -ENOMEM;
+		ret = -ENOMEM;
+		goto err;
 	}
 
 	ret = proc_setup_self(s);
+	if (ret)
+		goto err;
+	ret = proc_setup_thread_self(s);
 	if (ret) {
-		return ret;
+		dput(fs_info->proc_self);
+		goto err;
 	}
-	return proc_setup_thread_self(s);
+	return 0;
+err:
+	s->s_fs_info = NULL;
+	put_pid_ns(fs_info->pid_ns);
+	kfree(fs_info);
+	return ret;
 }
 
 static int proc_reconfigure(struct fs_context *fc)