From nobody Mon Feb 9 22:09:10 2026 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f8zPk0Mzvz6QcfK for ; Mon, 09 Feb 2026 22:09:30 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4f8zPj2tC7z3nkR for ; Mon, 09 Feb 2026 22:09:29 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b="DuVPSjB/"; dmarc=pass (policy=none) header.from=gmail.com; arc=pass ("google.com:s=arc-20240605:i=1"); spf=pass (mx1.freebsd.org: domain of rick.macklem@gmail.com designates 2a00:1450:4864:20::52e as permitted sender) smtp.mailfrom=rick.macklem@gmail.com Received: by mail-ed1-x52e.google.com with SMTP id 4fb4d7f45d1cf-658cc45847cso264062a12.0 for ; Mon, 09 Feb 2026 14:09:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1770674963; cv=none; d=google.com; s=arc-20240605; b=SsmqrU0wJBGarq9pmlQ+hQolUwQ+qtnaeaLG+jeFQ2LB6pIForNieNssoDMDUh2wcD IqkgWTZnv/xvL+awuzdUZYCi/XyNq4H8vODyn2OHH1jilKd+105JGREW/7k8OlvUxtxJ Jx1UNNYU5cKNu7x31cEtCsaeRz7gwlvBO0AYfSAXc+8xwY69N4quQVmWGeulIVocX19w UYJGKltPihy7YtlUzu472jvyZB7KwML4R4NwlaM1eW+JfNB0G7fCiKJXBfL3+mlNECNV 0hhKNbD3wf/N3Ly0WlBeCqSCFKXMtyob9yimGV4zIhbxMrDHsx8CVEXrAIwH24/uZCxU Xl7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:mime-version:dkim-signature; bh=wQlL/3qSeseevyqN5jgyPdR5HgUBPc70XO284tG09JY=; fh=81N5VNJeMaaPTzrvTwK2NZeUhhexDl4ajDeGIG8v1Yg=; b=K5i11jAMu7pJ9iyIv0y9OKbrHfgHWruqGnq/b1/Qr4n3G5VzDnTEZTVv+TeB91FTol sUJ3229Ao7pPN1V0qfYNPVBwHyQ/kkeoKQLOrFIUfpq9WnLMYqxHlT2XwhbwvKmXN/y2 GrYZbEK/d/OV/a2RZKyAnnUN7oiYEwSstzhdgAr27Ol8bIRZqr5pqg3rIYx1sYFY5+uj 3+6TM/tFzApJ6uz8Tfb2w7PwHd8lBcP1snCpxKf13PlHegAtogNTf6IS2RF6qC0j1dNq fCBDcTY0ei4FIYO/nr+Mrg4mxoOnHXwWFj/OOokDjfOBuwgqDKfTyMOikV/gS4uWOg5L J5Ww==; darn=freebsd.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770674963; x=1771279763; darn=freebsd.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=wQlL/3qSeseevyqN5jgyPdR5HgUBPc70XO284tG09JY=; b=DuVPSjB/Q0H1P2jWKDt6mZ7elorJm5lF5Q8qFMmxGonhWvoiaoYnYnfRyHhLDYlGqi Qm+7exAZZvcNrcHHrlP/GpdoDT6A6SmlkCXgpNtOGz1ck0DgrPVvsx16V+aeY3sCI5gm gi7wIN1SyV4Tooaooqs6z4uN7ldExAp8FWShFQhOGtI1NXV5ikMHNswp5igUVz3j9NYH 5ms2w9xmQXl+apEiWhQpw+uGAaYQtODF2qepsadU5ftG8IVlXZMW+PaQcuyajGjj4ENG h7sjKWBa5QTEAdAtUHJVa1ZjxPsFZNWjpG0iknvLVaZKFhfTo4BcaakvABZcnVub+zko T6sg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770674963; x=1771279763; h=to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=wQlL/3qSeseevyqN5jgyPdR5HgUBPc70XO284tG09JY=; b=E+8U0WIm7yIIMIf5jS36alQbk8GnTkn5hMgUxREBIkyEMeXXmTva/MyV+LEike7Jbl dtzietEad70vve38eIXYNTq2XyBTkiMxEBseCWHRjGWzm81USECWJ19Ur1aYPNzZr0Y+ lqemUfue+qqtn8D2zsnoe8vx7kATbwsiBPYdmRomUAu+M3hgeKC4UIYL6czQqXxLwvmd /ZcMGL/skMejxAaabD1wiMruFOPDVbVmFNy1lGZz73alJIyJpeVB2C4aIR6C6NeOviIy xFIpI5y82PDTuYoiKktq6ZwP7Qa0bVQFpH7M11K5WvhXCbD6YemdgcHosoP77NdSCZig psrg== X-Gm-Message-State: AOJu0Yx/uf6ViQDmxwV8IVTaHmKgp1ixILXsFmUv69NaefKA3sEWb/AG lktIj1tt17u+AkaN0Pyj58f6Wy7YtZTXM6Trs6HpzQzMaZkPkwEk/p+EZWnzYeP0l1MG3jtjv8r gx1sHeDdQ9auyFuxjVa8ci4/7gYVjKuT8 X-Gm-Gg: AZuq6aLMyFh6T50/MLeouycvxEgXDbWyhK9jfmQzr9/+q4oLBXn1QoLHYT1GFn0P+qS sqmLQ3b39FdBfBtkfwh15NPqCmf845RR01ChiABD/PyPzx1YVpvFgRZhmwHIPgxLvkIzE51BZHL wGf5W65cPygBW7xrezue3TXQ05Q73Zi692DZeNM0GAkVHkuxUeI1Q34waRV7lh9R1gvEGRSK8KM n1qamjBvHBYpMtuhG6P3K3NqccQAHbx7ZweVRxmchXrr1ywTYOAiGiFpXomlRx3JMBqgRH8QelB I6MrzzcpC/bYGVDF23ZUcs5MNyNi/4xpwS+9zQ== X-Received: by 2002:a05:6402:1ed3:b0:659:3671:137 with SMTP id 4fb4d7f45d1cf-65984119321mr5726180a12.1.1770674963028; Mon, 09 Feb 2026 14:09:23 -0800 (PST) List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 From: Rick Macklem Date: Mon, 9 Feb 2026 14:09:10 -0800 X-Gm-Features: AZwV_QjucfrTOFbF45JQWsHv42gKPqDMrgVkE-u1GBGGLt-ANzV5GKCBGYAqNbQ Message-ID: Subject: RFC: socket refcnt bug related to PR#292884? To: "freebsd-net@FreeBSD.org" Content-Type: text/plain; charset="UTF-8" X-Spamd-Result: default: False [-4.00 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; ARC_ALLOW(-1.00)[google.com:s=arc-20240605:i=1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; TAGGED_FROM(0.00)[]; TO_DN_EQ_ADDR_ALL(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_FROM(0.00)[gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; FROM_HAS_DN(0.00)[]; MISSING_XM_UA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::52e:from] X-Rspamd-Queue-Id: 4f8zPj2tC7z3nkR X-Spamd-Bar: --- Hi, If you look at bugzilla PR#292884, you'll see crashes that occur for NFS TCP sockets get released prematurely. I put a patch in this PR that acquires/releases an extra refcnt on the socket and that appears to *fix* the crashes. But, I don't see why an extra refcnt should be needed (the code without the extra refcnt has worked for at least a decade) and the patch just paves over the real bug. So, does anyone have any insight into what might have changed (since FreeBSD-14, it appears) that would result in a premature soclose()/soabort()/.. which would cause this? --> Unfortunately, the way sorele() is implemented implies that an extra call to it will not be checked, if I read the code correctly? (Put another way, the patch I put on the PR might result in an extra sorele(), but that won't affect the outcome. Nice, in the sense that it means the patch is safe to use, but not so nice in that there won't be any panic() if there is an extra sorele() happening somewhere.) Any help with this will be appreciated, rick