No subject

    (gdb) bt
    #0  0xff21c840 in _libc_kill () from /usr/lib/libc.so.1
    #1  0xff1b5ab4 in abort () from /usr/lib/libc.so.1
    #2  0x11f770 in readdirname ()
    #3  0x10b61c in fault_report ()
    #4  0x10b670 in sig_fault ()
    #5  <signal handler called>
    #6  0x87a04 in cli_errstr ()
    #7  0x842d4 in attempt_netbios_session_request ()
    #8  0x3a364 in connect_to_domain_password_server ()
    #9  0x3abb0 in domain_client_validate ()
    #10 0x4f46c in check_domain_security ()
    #11 0x4ff64 in reply_sesssetup_and_X ()
    #12 0x73a64 in switch_message ()
    #13 0x73af0 in construct_reply ()
    #14 0x73d9c in process_smb ()
    #15 0x74798 in smbd_process ()
    #16 0x316b4 in main ()
    (gdb) frame 6
    #6  0x87a04 in cli_errstr ()
    (gdb) disass
    Dump of assembler code for function cli_errstr:
    0x879f8 <cli_errstr>:   save  %sp, -128, %sp
    0x879fc <cli_errstr+4>: mov  %i0, %l0
    0x87a00 <cli_errstr+8>: ld  [ %l0 + 0xd64 ], %o0
    0x87a04 <cli_errstr+12>:        ldub  [ %o0 + 0xe ], %o1
    0x87a08 <cli_errstr+16>:        ldub  [ %o0 + 0xf ], %o0
    0x87a0c <cli_errstr+20>:        sll  %o0, 8, %o0
    0x87a10 <cli_errstr+24>:        or  %o1, %o0, %o1
    0x87a14 <cli_errstr+28>:        ld  [ %l0 + 0xd6c ], %o0
    0x87a18 <cli_errstr+32>:        cmp  %o0, 0
    0x87a1c <cli_errstr+36>:        bne,a   0x87a44 <cli_errstr+76>
    
    ...
    
    (gdb) print $i0
    $71 = 2756632
    (gdb) print $l0
    $72 = 2756632
    (gdb) print $o0
    $73 = 11
    (gdb) print *($l0 + 0xd64)
    $74 = 0

It look as though 0x87a04 is in the middle of the
SVAL(cli->inbuf,smb_flg2) in the initialization of the local variable
flgs2.

My read of the assembly says that at 0x87a00 register o0 should have
been assigned the value 2760060 (2756632 + 0xd64), but that did not
happen.

FWIW, I have only seen this crash once.

Any ideas?
Mike