namei() currently uses fd_getfile() without calling FREF()/FRELE() because it doesn't sleep before grabbing a reference on the vnode.
This won't be enough as soon as we start unlocking some syscalls, so add a FREF()/FRELE() dance. Ok? Index: kern/vfs_lookup.c =================================================================== RCS file: /cvs/src/sys/kern/vfs_lookup.c,v retrieving revision 1.65 diff -u -p -r1.65 vfs_lookup.c --- kern/vfs_lookup.c 29 Aug 2017 02:51:27 -0000 1.65 +++ kern/vfs_lookup.c 3 Apr 2018 13:33:35 -0000 @@ -190,12 +190,15 @@ fail: pool_put(&namei_pool, cnp->cn_pnbuf); return (EBADF); } + FREF(fp); dp = (struct vnode *)fp->f_data; if (fp->f_type != DTYPE_VNODE || dp->v_type != VDIR) { + FRELE(fp, p); pool_put(&namei_pool, cnp->cn_pnbuf); return (ENOTDIR); } vref(dp); + FRELE(fp, p); } for (;;) { if (!dp->v_mount) {