One of my smbd processes used 100% cpu. I straced the process and the
output follows:
washington:~# strace -p 3416
fcntl64(13, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=404, len=1},
0xbfffefa0) = 0
sendto(12,
"\3\0X\r\0\0&\0\0\0\0\0\0\0\'\374\f\0\0\0\0\0\16\0\0\0", 26,
0,
{sin_family=AF_INET, sin_port=htons(41373),
sin_addr=inet_addr("127.0.0.1")}}, 16) = 26
fcntl64(13, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=404, len=1},
0xbfffefa0) = 0
kill(3382, SIG_0) = 0
fcntl64(13, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=404, len=1},
0xbfffefa0) = 0
sendto(12,
"\3\0X\r\0\0&\0\0\0\0\0\0\0\'\374\f\0\0\0\0\0\16\0\0\0", 26,
0,
{sin_family=AF_INET, sin_port=htons(41373),
sin_addr=inet_addr("127.0.0.1")}}, 16) = 26
fcntl64(13, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=404, len=1},
0xbfffefa0) = 0
kill(3382, SIG_0) = 0
fcntl64(13, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=404, len=1},
0xbfffefa0) = 0
sendto(12,
"\3\0X\r\0\0&\0\0\0\0\0\0\0\'\374\f\0\0\0\0\0\16\0\0\0", 26,
0,
{sin_family=AF_INET, sin_port=htons(41373),
sin_addr=inet_addr("127.0.0.1")}}, 16) = 26
fcntl64(13, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=404, len=1},
0xbfffefa0) = 0
kill(3382, SIG_0) = 0
fcntl64(13, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=404, len=1},
0xbfffefa0) = 0
sendto(12,
"\3\0X\r\0\0&\0\0\0\0\0\0\0\'\374\f\0\0\0\0\0\16\0\0\0", 26,
0,
{sin_family=AF_INET, sin_port=htons(41373),
sin_addr=inet_addr("127.0.0.1")}}, 16) = 26
fcntl64(13, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=404, len=1},
0xbfffefa0) = 0
kill(3382, SIG_0) = 0
fcntl64(13, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=404, len=1},
0xbfffefa0) = 0
sendto(12,
"\3\0X\r\0\0&\0\0\0\0\0\0\0\'\374\f\0\0\0\0\0\16\0\0\0", 26,
0,
{sin_family=AF_INET, sin_port=htons(41373),
sin_addr=inet_addr("127.0.0.1")}}, 16) = 26
fcntl64(13, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=404, len=1},
0xbfffefa0) = 0
kill(3382, SIG_0) = 0
fcntl64(13, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=404, len=1},
0xbfffefa0) = 0
sendto(12,
"\3\0X\r\0\0&\0\0\0\0\0\0\0\'\374\f\0\0\0\0\0\16\0\0\0", 26,
0,
{sin_family=AF_INET, sin_port=htons(41373),
sin_addr=inet_addr("127.0.0.1")}}, 16) = 26
fcntl64(13, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=404, len=1},
0xbfffefa0) = 0
kill(3382, SIG_0) = 0
fcntl64(13, F_SETLKW64, {type=F_UNLCK, whence=SEEK_SET, start=404, len=1},
0xbfffefa0) = 0
sendto(12,
"\3\0X\r\0\0&\0\0\0\0\0\0\0\'\374\f\0\0\0\0\0\16\0\0\0", 26,
0,
{sin_family=AF_INET, sin_port=htons(41373),
sin_addr=inet_addr("127.0.0.1")}}, 16) = 26
fcntl64(13, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=404, len=1},
0xbfffefa0) = 0
Then comes the interesting part:
The process with 100% cpu utilization (pid 3416) is owned by UID 23347
while the process it tries to kill (pid 3382) is owned by UID 21194. Both
users are connected from the same TS.
We are running samba 2.2.5 using windows 2k DC for authentication with
security=domain. The server is running linux 2.4.18.
Is there anyone who has experienced something similar or who perhaps might
know what causes this problem?
--
Magnus Nordseth
echo
'[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' |
dc