Bug 14853 - smbd doesn't detect closed sockets (sometimes), lingers and keeps locks...
Summary: smbd doesn't detect closed sockets (sometimes), lingers and keeps locks...
Status: RESOLVED DUPLICATE of bug 14816
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.14.5
Hardware: All FreeBSD
: P5 normal (vote)
Target Milestone: ---
Assignee: Ralph Böhme
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-01 19:05 UTC by Peter Eriksson
Modified: 2021-10-06 11:19 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Eriksson 2021-10-01 19:05:38 UTC
We've started noticing some Windows clients causing "hanging" SMB sessions to home directories (with locks taken) that prevent further logins for clients. This typically seems to happen when something goes wrong during login so the users reboots the computer. 
   

Here is an example:

root@filur03:/liu/sbin # /liu/bin/smbstatus -p | & egrep alfru
97470   alfru536     student-liu.se 2001:6b0:17:ac05:2000::435a (ipv6:2001:6b0:17:ac05:2000::435a:56289) SMB3_11           -                    AES-128-CMAC         



Checking the socket status indicates that the TCP connection actually is closed as far as the operating system:

root@filur03:/liu/sbin # netstat -AnW | egrep 435a
fffff829c7ddd7a0 tcp6    1616      0 2001:6b0:17:2400::8:43.445                    2001:6b0:17:ac05:2000::435a.56289             CLOSED



However, the smbd process lingers around and seems to keep some locks and thus prevents the user to login again untill we kill this smbd process:

root@filur03:/liu/sbin # lsof -p 97470
lsof: WARNING: compiled for FreeBSD release 12.2-RELEASE-p6; this is 12.2-RELEASE-p4.
lsof: WARNING: device cache mismatch: /dev/da12
COMMAND   PID USER   FD   TYPE                DEVICE  SIZE/OFF   NODE NAME
smbd    97470 root  cwd   VDIR 1493843930,1095097928     28526      4 /export/students
smbd    97470 root  rtd   VDIR  1775993446,568385231        34      4 /
smbd    97470 root    0u  VCHR                  0,19       0t0     19 /dev/null
smbd    97470 root    1u  VCHR                  0,19       0t0     19 /dev/null
smbd    97470 root    2w  VREG  1775993446,568385231   5120227 395499 /liu/var/samba/logs/log.smbd.old
smbd    97470 root    3uW VREG  1775993446,568385231        21 407692 /liu/var/samba/locks/msg.lock/97470
smbd    97470 root    4u  VREG  1775993446,568385231    430080 196043 / (zroot/ROOT/default)
smbd    97470 root    5u  unix    0xfffff80e22f32a38       0t0        /liu/etc/samba/private/msg.sock/97470
smbd    97470 root    6u  VREG  1775993446,568385231     12288 200395 / (zroot/ROOT/default)
smbd    97470 root    7u  IPv6    0xfffff829c7ddd7a0       0t0    TCP filur03.it.liu.se:microsoft-ds->tp5015-202.ad.liu.se:56289 (CLOSED)
smbd    97470 root    8u  unix    0xfffff855f5aed368       0t0        ->0xfffff8020a798a38
smbd    97470 root    9u  VCHR                  0,19       0t0     19 /dev/null
smbd    97470 root   10u  VCHR                  0,19       0t0     19 /dev/null
smbd    97470 root   11w  VREG  1775993446,568385231         6 352748 /liu/var/samba/run/smbd.pid
smbd    97470 root   12u  PIPE    0xfffff877997ff5f0     16384        ->0xfffff877997ff758
smbd    97470 root   13u  PIPE    0xfffff814372fe2f8     16384        ->0xfffff814372fe460
smbd    97470 root   14u  PIPE    0xfffff814372fe460      4096        ->0xfffff814372fe2f8
smbd    97470 root   15w  VREG  1775993446,568385231   5120227 395499 /liu/var/samba/logs/log.smbd.old
smbd    97470 root   16u  VREG  1775993446,568385231     16384 200210 /liu/var/samba/locks/smbXsrv_version_global.tdb
smbd    97470 root   17u  VREG  1775993446,568385231       696 200206 /liu/var/samba/locks/smbXsrv_client_global.tdb
smbd    97470 root   18u  VREG  1775993446,568385231   6225920 200396 / (zroot/ROOT/default)
smbd    97470 root   19u  VREG  1775993446,568385231    102400 200397 / (zroot/ROOT/default)
smbd    97470 root   20u  VREG  1775993446,568385231   1843200 200347 /liu/var/samba/locks/brlock.tdb
smbd    97470 root   21u  VREG  1775993446,568385231 127168512 352751 /liu/var/samba/locks/locking.tdb
smbd    97470 root   22u  VREG  1775993446,568385231    950272 200349 /liu/var/samba/locks/leases.tdb
smbd    97470 root   23u  VREG  1775993446,568385231    421888 200299 /liu/var/samba/state/share_info.tdb
smbd    97470 root   24r  VREG 3038895965,2811747918       282   4123 /export/students/alfru536/Downloads/desktop.ini
smbd    97470 root   25u  VREG  1775993446,568385231  42471424 336767 / (zroot/ROOT/default)
smbd    97470 root   26u  VREG  1775993446,568385231    425984 200297 /liu/var/samba/state/group_mapping.tdb
smbd    97470 root   27u  VREG  1775993446,568385231    421888 200296 /liu/var/samba/state/account_policy.tdb
smbd    97470 root   28u  VREG  1775993446,568385231    421888 196041 /liu/etc/samba/private/passdb.tdb
smbd    97470 root   29u  VREG  1775993446,568385231   1429504 200352 /liu/var/samba/locks/smbXsrv_open_global.tdb
smbd    97470 root   30u  unix    0xfffff81e3b2c26d0       0t0        /liu/var/samba/ncalrpc/np/mdssvc
smbd    97470 root   31u  unix    0xfffff840e02e6000       0t0        /liu/var/samba/ncalrpc/np/initshutdown
smbd    97470 root   32u  unix    0xfffff863ea6d4368       0t0        /liu/var/samba/ncalrpc/np/eventlog
smbd    97470 root   33u  unix    0xfffff8459ef2a000       0t0        /liu/var/samba/ncalrpc/np/plugplay
smbd    97470 root   34u  unix    0xfffff81943577000       0t0        /liu/var/samba/ncalrpc/np/ntsvcs
smbd    97470 root   35u  unix    0xfffff841c21c1a38       0t0        /liu/var/samba/ncalrpc/np/svcctl
smbd    97470 root   36u  unix    0xfffff863b9b5ba38       0t0        /liu/var/samba/ncalrpc/np/wkssvc
smbd    97470 root   37u  unix    0xfffff874b29ac368       0t0        /liu/var/samba/ncalrpc/np/netdfs
smbd    97470 root   38u  unix    0xfffff84b65a2b368       0t0        /liu/var/samba/ncalrpc/np/samr
smbd    97470 root   39u  unix    0xfffff84bf148f000       0t0        /liu/var/samba/ncalrpc/np/lsass
smbd    97470 root   40u  unix    0xfffff84acc520000       0t0        /liu/var/samba/ncalrpc/np/lsarpc
smbd    97470 root   41u  unix    0xfffff863dc131a38       0t0        /liu/var/samba/ncalrpc/np/netlogon
smbd    97470 root   42u  unix    0xfffff8051b12a6d0       0t0        /liu/var/samba/ncalrpc/np/srvsvc
smbd    97470 root   43u  unix    0xfffff80e22f32368       0t0        /liu/var/samba/ncalrpc/DEFAULT
smbd    97470 root   44u  unix    0xfffff810beb73000       0t0        /liu/var/samba/ncalrpc/np/winreg
smbd    97470 root   45u  unix    0xfffff84acc5206d0       0t0        ->(none)
smbd    97470 root   46r  VREG 3038895965,2811747918       504   4115 /export/students/alfru536/Documents/My Pictures/desktop.ini
smbd    97470 root   47r  VREG 3038895965,2811747918       402   4121 /export/students/alfru536/Documents/desktop.ini
smbd    97470 root   48r  VREG 3038895965,2811747918       504   4120 /export/students/alfru536/Documents/My Music/desktop.ini
smbd    97470 root   49r  VREG 3038895965,2811747918       524   4122 /export/students/alfru536/Searches/desktop.ini
smbd    97470 root   50r  VREG 3038895965,2811747918       282   4103 /export/students/alfru536/Desktop/desktop.ini
smbd    97470 root   51u  VREG  1775993446,568385231     12288 200355 /liu/var/samba/locks/smbd_cleanupd.tdb
smbd    97470 root   52r  VREG 3038895965,2811747918       504   4114 /export/students/alfru536/Documents/My Videos/desktop.ini
smbd    97470 root   53r  VREG 3038895965,2811747918       412   4118 /export/students/alfru536/Contacts/desktop.ini
smbd    97470 root   54r  VREG 3038895965,2811747918       402   4119 /export/students/alfru536/Favorites/desktop.ini
smbd    97470 root   55r  VREG 3038895965,2811747918       504   4124 /export/students/alfru536/Links/desktop.ini
smbd    97470 root   56r  VREG 3038895965,2811747918       282   4125 /export/students/alfru536/Saved Games/desktop.ini
smbd    97470 root   57r  VREG 3038895965,2811747918       402  69975 /export/students/alfru536/desktop.ini
smbd    97470 root   58r  VDIR 3038895965,2811747918         6   4100 /export/students/alfru536/Documents/My Pictures
smbd    97470 root   59r  VDIR 3038895965,2811747918        13  80274 /export/students/alfru536/.zoom/data
smbd    97470 root   60r  VREG 3038895965,2811747918       504  69923 /export/students/alfru536/Videos/desktop.ini
smbd    97470 root   61r  VDIR 3038895965,2811747918         9     13 /export/students/alfru536/Desktop
smbd    97470 root   62r  VREG 3038895965,2811747918       504  69960 /export/students/alfru536/Music/desktop.ini
smbd    97470 root   63r  VDIR 3038895965,2811747918         9     13 /export/students/alfru536/Desktop
smbd    97470 root   64r  VREG 3038895965,2811747918       129   4199 /export/students/alfru536/$RECYCLE.BIN/desktop.ini
smbd    97470 root   65r  VDIR 3038895965,2811747918         6   4100 /export/students/alfru536/Documents/My Pictures
smbd    97470 root   66r  VREG 3038895965,2811747918       504  69933 /export/students/alfru536/Pictures/desktop.ini
smbd    97470 root   67r  VDIR 3038895965,2811747918        18     14 /export/students/alfru536/Documents
smbd    97470 root   68r  VDIR 3038895965,2811747918        18     14 /export/students/alfru536/Documents
smbd    97470 root   69r  VDIR 3038895965,2811747918        26     15 /export/students/alfru536/Downloads
smbd    97470 root   70r  VDIR 3038895965,2811747918        26     15 /export/students/alfru536/Downloads
smbd    97470 root   71r  VREG 3038895965,2811747918       129   4195 /export/students/alfru536/Pictures/$RECYCLE.BIN/desktop.ini
smbd    97470 root   72r  VREG 3038895965,2811747918        80   4113 /export/students/alfru536/Favorites/Links/desktop.ini
smbd    97470 root   73r  VREG 3038895965,2811747918       129   4140 /export/students/alfru536/Favorites/$RECYCLE.BIN/desktop.ini


Seems the TCP connection is still "open" at file descriptor 7 so smbd doesn't seem to get to call close() on it for some reason.


GDB "bt" output:
(gdb) bt
#0  0x0000000804afae08 in _openat () from /lib/libc.so.7
#1  0x00000008015149be in ?? () from /lib/libthr.so.3
#2  0x0000000804a40d79 in openat () from /lib/libc.so.7
#3  0x00000008017fd754 in vfswrap_openat (handle=<optimized out>, dirfsp=0x812eedc60, smb_fname=<optimized out>, fsp=0x812f05660, flags=256, mode=<optimized out>)
    at ../../source3/modules/vfs_default.c:725
#4  0x000000080171dffe in smb_vfs_call_openat (handle=<optimized out>, dirfsp=<optimized out>, smb_fname=<optimized out>, fsp=fsp@entry=0x812f05660, 
    flags=flags@entry=256, mode=<optimized out>) at ../../source3/smbd/vfs.c:1830
#5  0x0000000813648ecf in smb_full_audit_openat (handle=0x80fd16cc0, dirfsp=<optimized out>, smb_fname=<optimized out>, fsp=0x812f05660, flags=256, mode=<optimized out>)
    at ../../source3/modules/vfs_full_audit.c:1100
#6  0x000000080171dffe in smb_vfs_call_openat (handle=<optimized out>, dirfsp=dirfsp@entry=0x812eedc60, smb_fname=smb_fname@entry=0x81b783610, fsp=fsp@entry=0x812f05660, 
    flags=flags@entry=256, mode=mode@entry=0) at ../../source3/smbd/vfs.c:1830
#7  0x0000000813a65d92 in shadow_copy2_openat (handle=0x80fd17260, dirfsp=0x812eedc60, smb_fname_in=0x81b783610, fsp=0x812f05660, flags=256, mode=<optimized out>)
    at ../../source3/modules/vfs_shadow_copy2.c:1364
#8  0x000000080171dffe in smb_vfs_call_openat (handle=<optimized out>, dirfsp=dirfsp@entry=0x812eedc60, smb_fname=<optimized out>, fsp=fsp@entry=0x812f05660, 
    flags=flags@entry=256, mode=mode@entry=0) at ../../source3/smbd/vfs.c:1830
#9  0x000000080170ccab in non_widelink_open (dirfsp=dirfsp@entry=0x812eedc60, fsp=fsp@entry=0x812f05660, smb_fname=smb_fname@entry=0x81b783610, flags=256, flags@entry=0, 
    mode=mode@entry=0, link_depth=link_depth@entry=0) at ../../source3/smbd/open.c:787
#10 0x000000080170f515 in fd_openat (dirfsp=dirfsp@entry=0x812eedc60, smb_fname=smb_fname@entry=0x81b783610, fsp=0x812f05660, flags=flags@entry=0, mode=mode@entry=0)
    at ../../source3/smbd/open.c:918
#11 0x00000008016b8da0 in openat_pathref_fsp (dirfsp=0x812eedc60, smb_fname=smb_fname@entry=0x81b783610) at ../../source3/smbd/files.c:497
#12 0x00000008016bc932 in smbd_dirptr_get_entry (ctx=ctx@entry=0x812eeaee0, dirptr=dirptr@entry=0x80fd3eea0, mask=mask@entry=0x812eeaca0 "*", dirtype=dirtype@entry=22, 
    dont_descend=dont_descend@entry=false, ask_sharemode=ask_sharemode@entry=true, get_dosmode_in=true, match_fn=0x8016ef416 <smbd_dirptr_lanman2_match_fn>, mode_fn=
    0x8016ef120 <smbd_dirptr_lanman2_mode_fn>, private_data=0x7fffffffe110, _fname=0x7fffffffe0e0, _smb_fname=0x7fffffffe0e8, _mode=0x7fffffffe0d4, 
    _prev_offset=0x7fffffffe0d8) at ../../source3/smbd/dir.c:888
#13 0x00000008016f4149 in smbd_dirptr_lanman2_entry (ctx=ctx@entry=0x812eeaee0, conn=0x80fcbc960, dirptr=0x80fd3eea0, flags2=<optimized out>, path_mask=<optimized out>, 
    dirtype=22, info_level=262, requires_resume_key=0, dont_descend=false, ask_sharemode=true, get_dosmode=true, align=8 '\b', do_pad=false, ppdata=0x812eeaf40, 
    base_data=0x81bb962a0 "p", end_data=0x81bba7297 "", space_remaining=65308, _smb_fname=0x7fffffffe270, got_exact_match=0x7fffffffe26e, _last_entry_off=0x812eeaf64, 
    name_list=0x0, file_id=0x7fffffffe280) at ../../source3/smbd/trans2.c:2550
#14 0x000000080175a9bb in smb2_query_directory_next_entry (req=req@entry=0x812eead30) at ../../source3/smbd/smb2_query_directory.c:555
#15 0x000000080175bf5b in smbd_smb2_query_directory_send (in_file_name=<optimized out>, in_output_buffer_length=<optimized out>, in_file_index=<optimized out>, 
    in_flags=<optimized out>, in_file_info_class=<optimized out>, fsp=0x812eedc60, smb2req=0x812eea8e0, ev=0x80fcb7060, mem_ctx=0x812eea8e0)
    at ../../source3/smbd/smb2_query_directory.c:523
#16 smbd_smb2_request_process_query_directory (req=req@entry=0x812eea8e0) at ../../source3/smbd/smb2_query_directory.c:129
#17 0x0000000801746484 in smbd_smb2_request_dispatch (req=req@entry=0x812eea8e0) at ../../source3/smbd/smb2_server.c:3368
#18 0x0000000801746f93 in smbd_smb2_io_handler (fde_flags=<optimized out>, xconn=0x80fcc94e0) at ../../source3/smbd/smb2_server.c:4913
#19 smbd_smb2_connection_handler (ev=<optimized out>, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>) at ../../source3/smbd/smb2_server.c:4951
#20 0x0000000802142ea9 in tevent_common_invoke_fd_handler (fde=fde@entry=0x80fcb4900, flags=<optimized out>, removed=removed@entry=0x0)
    at ../../lib/tevent/tevent_fd.c:138
#21 0x0000000802145485 in poll_event_loop_poll (tvalp=0x7fffffffe550, ev=0x80fcb7060) at ../../lib/tevent/tevent_poll.c:569
#22 poll_event_loop_once (ev=0x80fcb7060, location=<optimized out>) at ../../lib/tevent/tevent_poll.c:626
#23 0x000000080214267f in _tevent_loop_once (ev=ev@entry=0x80fcb7060, location=location@entry=0x8018734a0 "../../source3/smbd/process.c:4232") at ../../lib/tevent/tevent.c:772
#24 0x0000000802142856 in tevent_common_loop_wait (ev=0x80fcb7060, location=0x8018734a0 "../../source3/smbd/process.c:4232") at ../../lib/tevent/tevent.c:895
#25 0x00000008021428b2 in _tevent_loop_wait (ev=ev@entry=0x80fcb7060, location=location@entry=0x8018734a0 "../../source3/smbd/process.c:4232") at ../../lib/tevent/tevent.c:914
#26 0x00000008017349b5 in smbd_process (ev_ctx=ev_ctx@entry=0x80fcb7060, msg_ctx=msg_ctx@entry=0x80fcb0300, dce_ctx=dce_ctx@entry=0x80fca10c0, sock_fd=sock_fd@entry=7, interactive=interactive@entry=false) at ../../source3/smbd/process.c:4232
#27 0x000000000102dfbd in smbd_accept_connection (ev=0x80fcb7060, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>) at ../../source3/smbd/server.c:1020
#28 0x0000000802142ea9 in tevent_common_invoke_fd_handler (fde=fde@entry=0x80fcb4580, flags=<optimized out>, removed=removed@entry=0x0) at ../../lib/tevent/tevent_fd.c:138
#29 0x0000000802145485 in poll_event_loop_poll (tvalp=0x7fffffffe7b0, ev=0x80fcb7060) at ../../lib/tevent/tevent_poll.c:569
#30 poll_event_loop_once (ev=0x80fcb7060, location=<optimized out>) at ../../lib/tevent/tevent_poll.c:626
#31 0x000000080214267f in _tevent_loop_once (ev=ev@entry=0x80fcb7060, location=location@entry=0x1036550 "../../source3/smbd/server.c:1367") at ../../lib/tevent/tevent.c:772
#32 0x0000000802142856 in tevent_common_loop_wait (ev=0x80fcb7060, location=0x1036550 "../../source3/smbd/server.c:1367") at ../../lib/tevent/tevent.c:895
#33 0x00000008021428b2 in _tevent_loop_wait (ev=ev@entry=0x80fcb7060, location=location@entry=0x1036550 "../../source3/smbd/server.c:1367") at ../../lib/tevent/tevent.c:914
#34 0x000000000102fabb in smbd_parent_loop (parent=0x80fcb0760, ev_ctx=0x80fcb7060) at ../../source3/smbd/server.c:1367
#35 main (argc=<optimized out>, argv=<optimized out>) at ../../source3/smbd/server.c:2220
Comment 1 Jeremy Allison 2021-10-01 19:19:48 UTC
Once the TCP connection has gone, the fd should become readable to smbd and once it tries to read the next SMB2 request it should get a read failure and shutdown.

Can you instrument smbd_smb2_io_handler() with debugs and find out why this code:

        ret = recvmsg(xconn->transport.sock, &msg, 0);
        if (ret == 0) {
                /* propagate end of file */
                status = NT_STATUS_END_OF_FILE;
                smbXsrv_connection_disconnect_transport(xconn,
                                                        status);
                return status;
        }
        err = socket_error_from_errno(ret, errno, &retry);
        if (retry) {
                /* retry later */
                TEVENT_FD_READABLE(xconn->transport.fde);
                return NT_STATUS_OK;
        }
        if (err != 0) {
                status = map_nt_error_from_unix_common(err);
                smbXsrv_connection_disconnect_transport(xconn,
                                                        status);
                return status;
        }

doesn't seem to be doing what it should ? Should be easy to instrument as you only need to add debugs in the fail or exception cases.
Comment 2 Peter Eriksson 2021-10-06 09:58:20 UTC
Yes, however I'm wondering if it gets stuck somewhere else. Looking at the GDB backtrace it seems to be blocking at:

smbd_dirptr_get_entry ->
openat_pathref_fsp ->
fd_openat ->
non_widelink_open ->
smb_vfs_call_openat ->
shadow_copy2_openat -> 
smb_vfs_call_openat -> 
smb_full_audit_openat -> 
smb_vfs_call_openat -> 
vfswrap_openat -> 
openat

for some reason. Unfortunately I've not been able to reproduce it (yet) on our test servers, and it only happens now and then on the production servers...

I wrote a simple perl script that checks all active SMB session (smbstatus -p) with the output from netstat -anW looking for CLOSED sockets so it'll be easier to detect hanging sessions and we won't have to wait for users to log problem reports.

I tried to "kill" a hanging smbd process but nothing happens so it seems to require a "kill -9":

# ./deadsmbdetector 
548 SMB sessions loaded
SUSPECT: pid=24394 user=henat106 from=2001:6b0:17:ac01:2000::40.52905
7 CLOSED TCP connections found

# /liu/bin/smbstatus -p|egrep henat106
24394   henat106     student-liu.se 2001:6b0:17:ac01:2000::40 (ipv6:2001:6b0:17:ac01:2000::40:52905) SMB3_11           -                    AES-128-CMAC         

# ps auxwww|egrep 24394
root     24394    0.0  0.0  247056  202968  -  I    Mon18         0:10.26 /liu/sbin/smbd --daemon --configfile=/liu/etc/samba/smb.conf
root     34767    0.0  0.0   11504    2848  1  S+   11:46         0:00.00 egrep 24394

# kill 24394

# ps auxwww | egrep 24394
root     24394    0.0  0.0  247056  202968  -  S    Mon18         0:10.26 /liu/sbin/smbd --daemon --configfile=/liu/etc/samba/smb.conf

# gcore 24394

# gdb /liu/sbin/smbd core.24394 
GNU gdb (GDB) 10.1 [GDB v10.1 for FreeBSD]
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd12.2".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /liu/sbin/smbd...
[New LWP 108196]
Core was generated by `/liu/sbin/smbd --daemon --configfile=/liu/etc/samba/smb.conf'.
#0  0x0000000804afae08 in _openat () from /lib/libc.so.7
(gdb) bt
#0  0x0000000804afae08 in _openat () from /lib/libc.so.7
#1  0x00000008015149be in ?? () from /lib/libthr.so.3
#2  0x0000000804a40d79 in openat () from /lib/libc.so.7
#3  0x00000008017fd754 in vfswrap_openat (handle=<optimized out>, 
    dirfsp=0x812fb9260, smb_fname=<optimized out>, fsp=0x812fb9460, flags=256, 
    mode=<optimized out>) at ../../source3/modules/vfs_default.c:725
#4  0x000000080171dffe in smb_vfs_call_openat (handle=<optimized out>, 
    dirfsp=<optimized out>, smb_fname=<optimized out>, 
    fsp=fsp@entry=0x812fb9460, flags=flags@entry=256, mode=<optimized out>)
    at ../../source3/smbd/vfs.c:1830
#5  0x000000081352decf in smb_full_audit_openat (handle=0x80fd16900, 
    dirfsp=<optimized out>, smb_fname=<optimized out>, fsp=0x812fb9460, 
    flags=256, mode=<optimized out>)
    at ../../source3/modules/vfs_full_audit.c:1100
#6  0x000000080171dffe in smb_vfs_call_openat (handle=<optimized out>, 
    dirfsp=dirfsp@entry=0x812fb9260, smb_fname=smb_fname@entry=0x81c349ca0, 
    fsp=fsp@entry=0x812fb9460, flags=flags@entry=256, mode=mode@entry=0)
    at ../../source3/smbd/vfs.c:1830
#7  0x0000000813945d92 in shadow_copy2_openat (handle=0x80fd171c0, 
    dirfsp=0x812fb9260, smb_fname_in=0x81c349ca0, fsp=0x812fb9460, flags=256, 
    mode=<optimized out>) at ../../source3/modules/vfs_shadow_copy2.c:1364
#8  0x000000080171dffe in smb_vfs_call_openat (handle=<optimized out>, 
    dirfsp=dirfsp@entry=0x812fb9260, smb_fname=<optimized out>, 
--Type <RET> for more, q to quit, c to continue without paging--
    812fb9460, flags=flags@entry=256, mode=mode@entry=0) at ../../source3/smbd/vfs.c:1830
#9  0x000000080170ccab in non_widelink_open (dirfsp=dirfsp@entry=0x812fb9260, fsp=fsp@entry=0x812fb9460, 
    smb_fname=smb_fname@entry=0x81c349ca0, flags=256, flags@entry=0, mode=mode@entry=0, link_depth=link_depth@entry=0)
    at ../../source3/smbd/open.c:787
#10 0x000000080170f515 in fd_openat (dirfsp=dirfsp@entry=0x812fb9260, smb_fname=smb_fname@entry=0x81c349ca0, fsp=0x812fb9460, 
    flags=flags@entry=0, mode=mode@entry=0) at ../../source3/smbd/open.c:918
#11 0x00000008016b8da0 in openat_pathref_fsp (dirfsp=0x812fb9260, smb_fname=smb_fname@entry=0x81c349ca0)
    at ../../source3/smbd/files.c:497
#12 0x00000008016bc932 in smbd_dirptr_get_entry (ctx=ctx@entry=0x80fce39a0, dirptr=dirptr@entry=0x80fdbf6e0, 
    mask=mask@entry=0x80fce3760 "*", dirtype=dirtype@entry=22, dont_descend=dont_descend@entry=false, 
    ask_sharemode=ask_sharemode@entry=true, get_dosmode_in=true, match_fn=0x8016ef416 <smbd_dirptr_lanman2_match_fn>, mode_fn=
    0x8016ef120 <smbd_dirptr_lanman2_mode_fn>, private_data=0x7fffffffe110, _fname=0x7fffffffe0e0, _smb_fname=0x7fffffffe0e8, 
    _mode=0x7fffffffe0d4, _prev_offset=0x7fffffffe0d8) at ../../source3/smbd/dir.c:888
#13 0x00000008016f4149 in smbd_dirptr_lanman2_entry (ctx=ctx@entry=0x80fce39a0, conn=0x80fcbc960, dirptr=0x80fdbf6e0, 
    flags2=<optimized out>, path_mask=<optimized out>, dirtype=22, info_level=260, requires_resume_key=0, dont_descend=false, 
    ask_sharemode=true, get_dosmode=true, align=8 '\b', do_pad=false, ppdata=0x80fce3a00, base_data=0x81c38c060 "h", 
    end_data=0x81c38e057 "", space_remaining=3872, _smb_fname=0x7fffffffe270, got_exact_match=0x7fffffffe26e, 
    _last_entry_off=0x80fce3a24, name_list=0x0, file_id=0x7fffffffe280) at ../../source3/smbd/trans2.c:2550
#14 0x000000080175a9bb in smb2_query_directory_next_entry (req=req@entry=0x80fce37f0)
    at ../../source3/smbd/smb2_query_directory.c:555
#15 0x000000080175bf5b in smbd_smb2_query_directory_send (in_file_name=<optimized out>, in_output_buffer_length=<optimized out>, 
    in_file_index=<optimized out>, in_flags=<optimized out>, in_file_info_class=<optimized out>, fsp=0x812fb9260, 
    smb2req=0x80fce33a0, ev=0x80fcb7060, mem_ctx=0x80fce33a0) at ../../source3/smbd/smb2_query_directory.c:523
#16 smbd_smb2_request_process_query_directory (req=req@entry=0x80fce33a0) at ../../source3/smbd/smb2_query_directory.c:129
#17 0x0000000801746484 in smbd_smb2_request_dispatch (req=req@entry=0x80fce33a0) at ../../source3/smbd/smb2_server.c:3368
#18 0x0000000801746f93 in smbd_smb2_io_handler (fde_flags=<optimized out>, xconn=0x80fcc94e0)
    at ../../source3/smbd/smb2_server.c:4913
#19 smbd_smb2_connection_handler (ev=<optimized out>, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>)
    at ../../source3/smbd/smb2_server.c:4951
#20 0x0000000802142ea9 in tevent_common_invoke_fd_handler (fde=fde@entry=0x80fcb4900, flags=<optimized out>, 
    removed=removed@entry=0x0) at ../../lib/tevent/tevent_fd.c:138
#21 0x0000000802145485 in poll_event_loop_poll (tvalp=0x7fffffffe550, ev=0x80fcb7060) at ../../lib/tevent/tevent_poll.c:569
#22 poll_event_loop_once (ev=0x80fcb7060, location=<optimized out>) at ../../lib/tevent/tevent_poll.c:626
#23 0x000000080214267f in _tevent_loop_once (ev=ev@entry=0x80fcb7060, 
    location=location@entry=0x8018734a0 "../../source3/smbd/process.c:4232") at ../../lib/tevent/tevent.c:772
#24 0x0000000802142856 in tevent_common_loop_wait (ev=0x80fcb7060, location=0x8018734a0 "../../source3/smbd/process.c:4232")
    at ../../lib/tevent/tevent.c:895
#25 0x00000008021428b2 in _tevent_loop_wait (ev=ev@entry=0x80fcb7060, 
    location=location@entry=0x8018734a0 "../../source3/smbd/process.c:4232") at ../../lib/tevent/tevent.c:914
#26 0x00000008017349b5 in smbd_process (ev_ctx=ev_ctx@entry=0x80fcb7060, msg_ctx=msg_ctx@entry=0x80fcb0300, 
    dce_ctx=dce_ctx@entry=0x80fca10c0, sock_fd=sock_fd@entry=50, interactive=interactive@entry=false)
    at ../../source3/smbd/process.c:4232
#27 0x000000000102dfbd in smbd_accept_connection (ev=0x80fcb7060, fde=<optimized out>, flags=<optimized out>, 
    private_data=<optimized out>) at ../../source3/smbd/server.c:1020
#28 0x0000000802142ea9 in tevent_common_invoke_fd_handler (fde=fde@entry=0x80fcb4580, flags=<optimized out>, 
--Type <RET> for more, q to quit, c to continue without paging--
    removed=removed@entry=0x0) at ../../lib/tevent/tevent_fd.c:138
#29 0x0000000802145485 in poll_event_loop_poll (tvalp=0x7fffffffe7b0, ev=0x80fcb7060) at ../../lib/tevent/tevent_poll.c:569
#30 poll_event_loop_once (ev=0x80fcb7060, location=<optimized out>) at ../../lib/tevent/tevent_poll.c:626
#31 0x000000080214267f in _tevent_loop_once (ev=ev@entry=0x80fcb7060, 
    location=location@entry=0x1036550 "../../source3/smbd/server.c:1367") at ../../lib/tevent/tevent.c:772
#32 0x0000000802142856 in tevent_common_loop_wait (ev=0x80fcb7060, location=0x1036550 "../../source3/smbd/server.c:1367")
    at ../../lib/tevent/tevent.c:895
#33 0x00000008021428b2 in _tevent_loop_wait (ev=ev@entry=0x80fcb7060, 
    location=location@entry=0x1036550 "../../source3/smbd/server.c:1367") at ../../lib/tevent/tevent.c:914
#34 0x000000000102fabb in smbd_parent_loop (parent=0x80fcb0760, ev_ctx=0x80fcb7060) at ../../source3/smbd/server.c:1367
#35 main (argc=<optimized out>, argv=<optimized out>) at ../../source3/smbd/server.c:2220
(gdb) q
Comment 3 Peter Eriksson 2021-10-06 11:15:43 UTC
Output from "procstat -kk" for that process:

24394 108196 smbd                -                   mi_switch+0xd4 sleepq_catch_signals+0x403 sleepq_wait_sig+0xf _sleep+0x1de fifo_open+0x1b1 VOP_OPEN_APV+0x75 vn_open_vnode+0x1b7 vn_open_cred+0x35c kern_openat+0x213 amd64_syscall+0x387 fast_syscall_common+0xf8 

Hmm.. fifo_open?? 

# find . -type p -print0 |xargs -0 ls -l
prwxr--r--+ 1 henat106  student-liu.se  0 Oct  1  2020 ./.zoom/data/com.zoom.ipc.assistantapp__req
prwxr--r--+ 1 henat106  student-liu.se  0 Oct  1  2020 ./.zoom/data/com.zoom.ipc.assistantapp__res
prwxr--r--+ 1 henat106  student-liu.se  0 Oct  1  2020 ./.zoom/data/com.zoom.ipc.confapp__req
prwxr--r--+ 1 henat106  student-liu.se  0 Oct  1  2020 ./.zoom/data/com.zoom.ipc.confapp__res

In the output from "smbstatus -s" I notice that there is a reference to the ".zoom/data" subdirectory:

24394        1000068430  DENY_NONE  0x100081    RDONLY     NONE             /export/students   henat106/.zoom/data   Mon Oct  4 18:55:06 2021


Could it be that the smbd process tries to open the fifo and blocks?
Comment 4 Ralph Böhme 2021-10-06 11:19:19 UTC
Oh, that's was just fixed in:

https://bugzilla.samba.org/show_bug.cgi?id=14816

*** This bug has been marked as a duplicate of bug 14816 ***