Endless stream of useless audit messages from smbd

Thank you for taking the time to report this bug and helping to make Ubuntu better. You seem to have the apparmor-profiles packages installed, and the messages you see are hex-encoded due to 'unsafe' characters in the filename. Eg:
2F617263686976652F4D757369632F44617665204272756265636B2D4A617A7A20436F6C6C656374696F6E2028646973632031292F30392047656F72676961206F6E204D79204D696E642E666C6163

is:
/archive/Music/Dave Brubeck-Jazz Collection (disc 1)/09 Georgia on My Mind.flac

You need to update your profile for smbd in /etc/apparmor.d/usr.sbin.smbd to allow access to these files. If you would prefer not to confine smbd, you may alternatively disable the profile with:
$ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.smbd
$ sudo ln -s /etc/apparmor.d/usr.sbin.smbd /etc/apparmor.d/disable/usr.sbin.smbd

The first operation unloads the profile from the kernel and the second disables the profile on boot.

Thanks for the information. I think you misunderstand the problem. The problem is simply the messages; samba has no trouble reading and serving the file to clients. But while it does so, it produces these numerous audit messages. That's why the messages seem spurious to me.

I didn't misunderstand the problem. You seem to have apparmor-profiles installed. This installs a complain-mode only profile for smbd, which will allow access to the files but will complain for files not allowed in the profile. You must adjust the profile or disable it.

I note that silly defaults are not considered bugs over at Canonical.

This isn't a silly default. apparmor-profiles is a package in universe and is not installed by default. You must necessarily adjust the apparmor profile for it to work with your samba installation. None of the profiles in apparmor-profiles are in enforce mode. They are there for administrators to evaluate and decide if they want to use them on their machines. Feel free to adjust the profile, disable the profile or remove the package.

For more information on the different types of apparmor profiles, see https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/AppArmorProfiles.

I didn't install apparmor-profiles, ever. It got dragged in at some point by ntp or bind9. So you see your logic is not really true. I get the annoying behavior through no doing of my own.