> Date: Mon, 13 Aug 2018 12:05:10 +0000
> From: Taylor R Campbell <campbell+netbsd-tech-k...@mumble.net>
>
> > Date: Sun, 12 Aug 2018 20:59:07 +0200
> > From: Edgar Fuß <e...@math.uni-bonn.de>
> >
> > OK, I hit my new panic in soput(). The call chain is
> > breakpoint<-vpanic<-printf_nolog<-soqinsque<-soclose<-soo_close<-closef<-fd_close<-syscall.
>
> That's weird. soclose doesn't call soqinsque.
>
> I don't have a hypothesis for how the rest of this could happen but
> I'm travelling right now with limited time to think.
If you are running with DIAGNOSTIC off, then KASSERT(fp->f_count != 0)
in unp_gc in netbsd-6 will never panic; instead it may attempt to
regain a reference too late to a socket file that another thread is in
the process of closing. This is PR 39918, and the fix/workaround was
pulled up to -7 but not to -6. You could test this hypothesis by
explicitly writing `if (fp->f_count != 0) panic("...")' there.
