From 1412bdc6c29228e258dacdc777787f7778076ec1 Mon Sep 17 00:00:00 2001 From: rmacklem <64620010+rmacklem@users.noreply.github.com> Date: Tue, 10 Feb 2026 06:29:37 -0800 Subject: [PATCH] zfs_vnops_os.c: Move a vput() to after zfs_setattr_dir() Without this patch, the following crash can occur when a file system is configured with "xattr=dir". VNASSERT failed: locked not true at /posix-acl/freebsd-rdma/sys/kern/vfs_subr.c:5786 (assert_vop_locked) hold count flags () flags () lock type zfs: UNLOCKED panic: zfs_dirent_lookup: vnode is not locked but should be cpuid = 3 time = 1770520763 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b vpanic() at vpanic+0x136/frame 0xfffffe00914c8270 panic() at panic+0x43/frame 0xfffffe00914c82d0 assert_vop_locked() at assert_vop_locked+0x78 zfs_dirent_lookup() at zfs_dirent_lookup+0x41 zfs_setattr_dir() at zfs_setattr_dir+0x123 zfs_setattr() at zfs_setattr+0x1389 zfs_freebsd_setattr() at zfs_freebsd_setattr+0x56b VOP_SETATTR_APV() at VOP_SETATTR_APV+0x5d setfown() at setfown+0xb1 kern_fchownat() at kern_fchownat+0x192 This patch fixes the problem by moving the vput() call for attrzp to after the zfs_setattr_dir() call that takes it as an argument. Reviewed-by: Alexander Motin Reviewed-by: Brian Behlendorf Signed-off-by: Rick Macklem Closes: #18188 --- module/os/freebsd/zfs/zfs_vnops_os.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/module/os/freebsd/zfs/zfs_vnops_os.c b/module/os/freebsd/zfs/zfs_vnops_os.c index c2f5eee7d..1e8d6eb1b 100644 --- a/module/os/freebsd/zfs/zfs_vnops_os.c +++ b/module/os/freebsd/zfs/zfs_vnops_os.c @@ -2983,9 +2983,6 @@ out: ASSERT0(err2); } - if (attrzp) - vput(ZTOV(attrzp)); - if (aclp) zfs_acl_free(aclp); @@ -2996,12 +2993,15 @@ out: if (err) { dmu_tx_abort(tx); + if (attrzp) + vput(ZTOV(attrzp)); } else { err2 = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx); dmu_tx_commit(tx); if (attrzp) { if (err2 == 0 && handle_eadir) err = zfs_setattr_dir(attrzp); + vput(ZTOV(attrzp)); } }