Date: Mon, 9 Feb 2026 14:09:10 -0800 From: Rick Macklem <rick.macklem@gmail.com> To: "freebsd-net@FreeBSD.org" <freebsd-net@freebsd.org> Subject: RFC: socket refcnt bug related to PR#292884? Message-ID: <CAM5tNy4vSFSxU=MxsphGO%2BVB8A_ukr5Jn-g5ydg7MAb-G9-eMA@mail.gmail.com>
index | next in thread | raw e-mail
Hi,
If you look at bugzilla PR#292884, you'll see
crashes that occur for NFS TCP sockets get
released prematurely.
I put a patch in this PR that acquires/releases
an extra refcnt on the socket and that appears
to *fix* the crashes.
But, I don't see why an extra refcnt should be needed
(the code without the extra refcnt has worked for at
least a decade) and the patch just paves over the
real bug.
So, does anyone have any insight into what might
have changed (since FreeBSD-14, it appears) that
would result in a premature soclose()/soabort()/..
which would cause this?
--> Unfortunately, the way sorele() is implemented
implies that an extra call to it will not be checked,
if I read the code correctly?
(Put another way, the patch I put on the PR might
result in an extra sorele(), but that won't affect the
outcome. Nice, in the sense that it means the
patch is safe to use, but not so nice in that there
won't be any panic() if there is an extra sorele()
happening somewhere.)
Any help with this will be appreciated, rick
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM5tNy4vSFSxU=MxsphGO%2BVB8A_ukr5Jn-g5ydg7MAb-G9-eMA>