The details of hashes are known, because the kernel source is public.
So why can't someone precompute carefully constructed directory entries that will cause a collision, even with 63 bit hashes? Once you have those, drop them somewhere and wait for the infinite loop. Do believe that is called 'denial of service' Is there a good reason these puppies can't be injected in all sorts of places? How many Linux mail servers unpack zipped attachments to perform malware detection? Is everyone CERTAIN none will ever traverse the unpacked directory in a way that will trigger this?
No, this is bogus. Designing a filesystem that will work most of the time isn't any way to write code for production use.