It looks like the RA setup by setup_frame and setup_rt_frame in
arch/mips64/kernel/signal.c and signal32.c can be wrong.  Same for
arch/mips/kernel/signal.c

signal32.c, 32-bit signal.c: sa_restorer is overriden
signal.c: regs->regs[31] is pointed at the sigframe's code, even though
there isn't code in the frame, and a comment says that sa_restorer is
always used.

Patch for 2.4 attached.

Kip