Index: sys/kern/vfs_default.c
===================================================================
--- sys/kern/vfs_default.c
+++ sys/kern/vfs_default.c
@@ -587,6 +587,7 @@
 	} */ *ap;
 {
 	struct mount *mp;
+	struct vnode *vp;
 
 	/*
 	 * XXX Since this is called unlocked we may be recycled while
@@ -595,14 +596,17 @@
 	 * returning with a ref to an incorrect mountpoint.  It is not
 	 * harmful to return with a ref to our previous mountpoint.
 	 */
-	mp = ap->a_vp->v_mount;
-	if (mp != NULL) {
-		vfs_ref(mp);
-		if (mp != ap->a_vp->v_mount) {
-			vfs_rel(mp);
-			mp = NULL;
-		}
+	vp = ap->a_vp;
+	mp = vp->v_mount;
+	MNT_ILOCK(mp);
+	if (mp != vp->v_mount) {
+		MNT_IUNLOCK(mp);
+		mp = NULL;
+		goto out;
 	}
+	MNT_REF(mp);
+	MNT_IUNLOCK(mp);
+out:
 	*(ap->a_mpp) = mp;
 	return (0);
 }