I noticed this while reading over my source tree, which is relatively
old.  Normally I'd check this against -current before talking about it
here, but cvs.netbsd.org seems to be inaccessible to ssh, though it's
pingable; the newest source tree I have on hand is from last May, and
it appears to still have these problems.

It looks to me as though there are bugs in asynchronous I/O.  In
particular, it appears that fcntl(F_SETOWN) on anything but a socket
interprets a process ID (positive arg) as meaning "send SIGIO to the
whole process group this process belongs to", not the documented
behavior of sending SIGIO to (just) that process.

There also appears to be a bug in the Sun keyboard/mouse event input
processing (sys/dev/sun/{event_var.h,kbd.c}.  It looks to me as though

	process opens /dev/kbd
	process sets async mode
	process forks
	parent exits
	input event arrives

will cause the event input code to psignal() a stale proc *, with who
knows what results.  ISTM it should save the pgid instead and gsignal()
that, though even that could send the signal to the wrong processes if
all processes in the group have exited and the group ID reused since.
(I'm not sure whether this is better than likely panicking in psignal.)
This group ID reuse can happen without the driver close routine being
called; as a simple example, consider sending the open fd to a
completely unrelated process through an AF_LOCAL socket.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B