diff --git a/pkg/sentry/socket/epsocket/epsocket.go b/pkg/sentry/socket/epsocket/epsocket.go
index 3e4887e16..18cb70c96 100644
--- a/pkg/sentry/socket/epsocket/epsocket.go
+++ b/pkg/sentry/socket/epsocket/epsocket.go
@@ -116,6 +116,7 @@ type SocketOperations struct {
 // New creates a new endpoint socket.
 func New(t *kernel.Task, family int, skType unix.SockType, queue *waiter.Queue, endpoint tcpip.Endpoint) *fs.File {
 	dirent := socket.NewDirent(t, epsocketDevice)
+	defer dirent.DecRef()
 	return fs.NewFile(t, dirent, fs.FileFlags{Read: true, Write: true}, &SocketOperations{
 		Queue:    queue,
 		family:   family,
diff --git a/pkg/sentry/socket/hostinet/socket.go b/pkg/sentry/socket/hostinet/socket.go
index 02fad1c60..8f901df6c 100644
--- a/pkg/sentry/socket/hostinet/socket.go
+++ b/pkg/sentry/socket/hostinet/socket.go
@@ -65,6 +65,7 @@ func newSocketFile(ctx context.Context, fd int, nonblock bool) (*fs.File, *syser
 		return nil, syserr.FromError(err)
 	}
 	dirent := socket.NewDirent(ctx, socketDevice)
+	defer dirent.DecRef()
 	return fs.NewFile(ctx, dirent, fs.FileFlags{NonBlocking: nonblock, Read: true, Write: true}, s), nil
 }
 
diff --git a/pkg/sentry/socket/netlink/provider.go b/pkg/sentry/socket/netlink/provider.go
index 36800da4d..e874216f4 100644
--- a/pkg/sentry/socket/netlink/provider.go
+++ b/pkg/sentry/socket/netlink/provider.go
@@ -89,6 +89,7 @@ func (*socketProvider) Socket(t *kernel.Task, stype unix.SockType, protocol int)
 	}
 
 	d := socket.NewDirent(t, netlinkSocketDevice)
+	defer d.DecRef()
 	return fs.NewFile(t, d, fs.FileFlags{Read: true, Write: true}, s), nil
 }
 
diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go
index f83156c8e..27bacbbc3 100644
--- a/pkg/sentry/socket/unix/unix.go
+++ b/pkg/sentry/socket/unix/unix.go
@@ -56,6 +56,7 @@ type SocketOperations struct {
 // New creates a new unix socket.
 func New(ctx context.Context, endpoint unix.Endpoint) *fs.File {
 	dirent := socket.NewDirent(ctx, unixSocketDevice)
+	defer dirent.DecRef()
 	return NewWithDirent(ctx, dirent, endpoint, fs.FileFlags{Read: true, Write: true})
 }