From: NeilBrown <neilb@cse.unsw.edu.au>

nfs4_put_delegation() did a dprintk using a pointer that it had just called a
put() on.  This could cause a dereference of a pointer to freed memory in some
situations.

Signed-off-by: Andy Adamson <andros@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@cse.unsw.edu.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 25-akpm/fs/nfsd/nfs4callback.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

diff -puN fs/nfsd/nfs4callback.c~nfsd4-fix-use-after-put-in-cb_recall fs/nfsd/nfs4callback.c
--- 25/fs/nfsd/nfs4callback.c~nfsd4-fix-use-after-put-in-cb_recall	2005-03-21 22:49:52.000000000 -0800
+++ 25-akpm/fs/nfsd/nfs4callback.c	2005-03-21 22:49:52.000000000 -0800
@@ -541,7 +541,7 @@ out:
 		atomic_set(&clp->cl_callback.cb_set, 0);
 	/* Success or failure, now we're either waiting for lease expiration
 	 * or deleg_return. */
-	nfs4_put_delegation(dp);
 	dprintk("NFSD: nfs4_cb_recall: dp %p dl_flock %p dl_count %d\n",dp, dp->dl_flock, atomic_read(&dp->dl_count));
+	nfs4_put_delegation(dp);
 	return;
 }
_