In winbind, we do multiple events in one select round. This needs fixing, but as long as we're still using it, for efficiency reasons we need to do that. What can happen is the following: We have outgoing data pending for a client, thus state->fd_event.flags == EVENT_FD_WRITE Now a new client comes in, we go through the list of clients to find an idle one. The detection for idle clients in remove_idle_client does not take the pending data into account. We close the socket that has pending outgoing data, the accept(2) one syscall later gives us the same socket. In new_connection(), we do a setup_async_read, setting up a read fde. The select from before however had found the socket (that we had already closed!!) to be writable. In rw_callback we only want to see a readable flag, and we panic in the SMB_ASSERT(flags == EVENT_FD_READ).
Created attachment 4206 [details] Patch for 3.2
Created attachment 4207 [details] Patch for 3.3
Oh, this is bad! We definitely need this for 3.3 and 3.2. The patch is correct and necessary even without the crashes: We should only drop those client connections that we are awaiting new requests from, not those that are still waiting for our answer... Michael
Pushed, thanks! Closing out bug report.