potential zfs/vfs trouble in force umount

[Andriy Gapon]

I think that there is the following potentially troublesome scenario.
One thread does zil_commit and obtains a znode pointer using zfs_zget.  At this
point the thread doesn't have any locks on either the znode or its vnode.  the
only thing that is supposed to keep them around is a reference on the vnode.
If a force umount is going on in parallel, the one of the first things it does
is calling vflush(FORCECLOSE) (this happens before closing down zil).  vflush
force-reclaims all vnodes in this case (even when v_usecount > 0).  So the znode
in question gets destroyed.
Later, when the first thread tries to dereference the znode pointer it would crash.

-- 
Andriy Gapon