From d71db895a16fceae6f7f7323da3e4525e8d1369a Mon Sep 17 00:00:00 2001
From: Stian Ellingsen <stian@plaimi.net>
Date: Thu, 6 Oct 2016 19:53:27 +0200
Subject: [PATCH] Fix use after free in zfsctl_snapshot_unmount()

---
 module/zfs/zfs_ctldir.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/module/zfs/zfs_ctldir.c b/module/zfs/zfs_ctldir.c
index 05d841d4bb..1b7c5af501 100644
--- a/module/zfs/zfs_ctldir.c
+++ b/module/zfs/zfs_ctldir.c
@@ -1032,10 +1032,10 @@ zfsctl_snapshot_unmount(char *snapname, int flags)
 
 	argv[2] = kmem_asprintf(SET_UNMOUNT_CMD,
 	    flags & MNT_FORCE ? "-f " : "", se->se_path);
-	zfsctl_snapshot_rele(se);
 	dprintf("unmount; path=%s\n", se->se_path);
 	error = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC);
 	strfree(argv[2]);
+	zfsctl_snapshot_rele(se);
 
 
 	/*