Last piece from my VFS unlock diff.  This one pushes the KERNEL_LOCK()
inside __realpath(2).

ok?

Index: kern/syscalls.master
===================================================================
RCS file: /cvs/src/sys/kern/syscalls.master,v
diff -u -p -r1.268 syscalls.master
--- kern/syscalls.master	29 Jan 2025 14:58:28 -0000	1.268
+++ kern/syscalls.master	29 Jan 2025 15:29:29 -0000
@@ -240,7 +240,7 @@
 113	UNIMPL		fktrace
 114	STD 		{ int sys_unveil(const char *path, \
 			    const char *permissions); }
-115	STD		{ int sys___realpath(const char *pathname, \
+115	STD NOLOCK	{ int sys___realpath(const char *pathname, \
 			    char *resolved); }
 116	STD NOLOCK	{ int sys_recvmmsg(int s, struct mmsghdr *mmsg, \
 			    unsigned int vlen, int flags, \
Index: kern/vfs_syscalls.c
===================================================================
RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v
diff -u -p -r1.372 vfs_syscalls.c
--- kern/vfs_syscalls.c	29 Jan 2025 14:57:19 -0000	1.372
+++ kern/vfs_syscalls.c	29 Jan 2025 15:29:30 -0000
@@ -894,8 +894,10 @@ sys___realpath(struct proc *p, void *v, 
 		bp = &cwdbuf[cwdlen - 1];
 		*bp = '\0';
 
+		KERNEL_LOCK();
 		error = vfs_getcwd_common(p->p_fd->fd_cdir, NULL, &bp, cwdbuf,
 		    cwdlen/2, GETCWD_CHECK_ACCESS, p);
+		KERNEL_UNLOCK();
 
 		if (error) {
 			free(cwdbuf, M_TEMP, cwdlen);
@@ -919,12 +921,16 @@ sys___realpath(struct proc *p, void *v, 
 
 	nd.ni_pledge = PLEDGE_RPATH;
 	nd.ni_unveil = UNVEIL_READ;
-	if ((error = namei(&nd)) != 0)
+	KERNEL_LOCK();
+	if ((error = namei(&nd)) != 0) {
+		KERNEL_UNLOCK();
 		goto end;
+	}
 
 	/* release reference from namei */
 	if (nd.ni_vp)
 		vrele(nd.ni_vp);
+	KERNEL_UNLOCK();
 
 	error = copyoutstr(nd.ni_cnd.cn_rpbuf, SCARG(uap, resolved),
 	    MAXPATHLEN, NULL);