> Is it possible you're attempting to use the child's stack, to call
> the function ...
>       error = (*vmc.ev_proc)(p2, &vmc);
> before the stack has been mapped?

I checked a lot of things. By calling Debugger() the first time I enter
postsig() after a fork1(), I am able to see where the SIGSEGV is comming
from.

The bad things happen in user mode. The child makes a fault in the libc
stub for sproc, before going to the child entry point in my program
(remember there is a child entry argument to sproc).  

GP = 0x0fb582f0 SP = 0x7bffe900 PC = 0x0fa5c344

 0xfa5c330:     lui     gp,0x10
 0xfa5c334:     addiu   gp,gp,-16448
 0xfa5c338:     addu    gp,gp,s2
 0xfa5c33c:     lw      t9,-29592(gp)
 0xfa5c340:     addiu   sp,sp,-64
 0xfa5c344:     sw      gp,44(sp)
 0xfa5c348:     jalr    t9

As far as I understand, accessing stack at 0x7bffe944 causes a 
fault. The way I map memory is wrong.

The exec_vmcmd parameters are addr = 0x79ffe000, len = 0x02000000. This
maps a stack between 0x79ffe000 and 0x7bffe000, and 0x7bffe944 is
outside the stack.

-- 
Emmanuel Dreyfus.
Si la reponse est NT, c'est probablement 
que vous n'avez pas compris la question.
manu@netbsd.org