I found the "ping dumps core" bug, and no, I was not imagining it!
I have done a "send-pr" but don't no the number yet.

I only saw the problem because I have a version of bash, compiled under
SunOS, which I use pretty much as the default shell.

It turns out that when a SunOs compatability mode process exec's
another process it leaves the MDP_STACKADJ flag set. This flag is
never set or cleared by a native NetBSD process and is inherited by
any children. If a native NetBSD process has a system call interrupted
(EINTR is set), then its stack will wrongly be adjusted as if it were
a SunOs process. Once the stack is corrupted anything may happen (but
most likely a core dump sooner or later).

So, obscure failures in all sorts of programs could be due to this
problem --- if there is a compatability mode process somewhere in its
ancestry. Ping is especially repeatable because it is always in a
recvfrom system call when it gets its SIGALRM, but other processes
could fail apparently at random.

The fix is fairly simple:

The following patch ensures that the MDP_STACKADJ flag is cleared before
the system call completes. Since this applies to the exec system call
as well, native NetBSD processes will never inherit the MDP_STACKADJ
flag.

--- ../../../../../src/sys/arch/sun3/sun3/trap.c        Tue Oct 15 01:56:00 1996
+++ trap.c      Sat Dec 14 18:13:15 1996
@@ -690,6 +690,7 @@
        /* need new p-value for this */
        if (error == ERESTART && (p->p_md.md_flags & MDP_STACKADJ))
                frame.f_regs[SP] -= sizeof (int);
+       p->p_md.md_flags &= ~MDP_STACKADJ;
 #endif
        userret(p, &frame, sticks, (u_int)0, 0);
 #ifdef KTRACE



Ian