Your program doing buffer overflow at runs time, by strcat(arr3, arr4) because arr3 size is just equals to length of "Mr." string , it has no extra memory space for extra chars (from arr4).

size of arr3 should be atlest string length of a "Mr. " + "Smith" + 1
(extra 1 for string termination \0 char)

My Suggestion is use dynamic memory allocation for sufficient size buffer, do something like code below:

char arr3[] = "Mr. ";
char arr4[] = "Smith";
length = strlen(arr3) + strlen(arr4) + 1;  //cal-length (sufficient long buffer)
char* new_arr = malloc(length);  // allocate memory 
strcpy(new_arr, arr3);  // copy first string 
strcat(new_arr, arr4);  // then check your function to concat strings

Reason of Core-Dump:

In your code :

char arr3[] = "Mr. ";

The size of arr2 is = length of string "Mr." length + 1 (1 because of \0) chars. The strcat() first moves temp pointers to point null in first while loop while(*tmp) ++tmp ;.

After that in second while loop while( (*tmp++ = *src++ ) != '\0') ; you are trying to accessing and assigning on memory that is not allocated ( my be out of your process control) and access a memory that you have not allocated is undefined behavior in C.

Edit:

In code arr3 is something like below in diagram, where temp points to arr3 array:

                arr3

   temp          5   6  7  8    
  +-----+      +--+--+--+---+
  | 5   +----->|M |r |. |\0 |
  +-----+      +--+--+--+---+

when loop while(*tmp) ++tmp ; breaks temp starts pointing to memory location 8 where null \0 is stored, like below diagram.

                arr3

   temp          5   6  7  8    
  +-----+      +--+--+--+---+
  | 8   |      |M |r |. |\0 |
  +-----+      +--+--+--+---+
     |                    ^
     +--------------------|

When you do temp++ in loop while( (*tmp++ = *src++ ) != '\0') ; , temp increment to point to memory location 9 and onwards, but access and assigning on memory 9, 10.. is illegal because its not allocated. This causes OS kernel send a signal core dump to the your process which caused the exception. (interesting to note: as OS detects memory right violation by a process -- An invalid access to valid memory gives: SIGSEGV And access to an invalid address gives: SIGBUS).

Program Error Signals:
When one of these program error signals terminates a process, it also writes a core dump file which records the state of the process at the time of termination. The core dump file is named `core' and is written in whichever directory is current in the process at the time. (On the GNU system, you can specify the file name for core dumps with the environment variable COREFILE.) The purpose of core dump files is so that you can examine them with a debugger to investigate what caused the error.

If you allocates extra memory (as @JerryCoffin and @Paul R suggested) then you can access memory beyond \0 (memory location 8) is no problem.

Note: If you not gives size at declaration then size of array will be equals to size of string e.g. in char arr3[] = "Mr. "; size is 5. But if you give size explicitly as char arr3[84] = "Mr. "; then size of aar3 will be 84 and initial memory contains Mr. then 0 in rest of all locations.

In my solution I completely allocate new memory blocks that is as large as both string arr3 and arr4 can be stored with null symbol using dynamic memory allocation (malloc() function). Additionally If you allocates dynamic memory using ptr = malloc() or ptr = calloc() then you should free memory explicitly when work done using free(ptr).

You haven't allocated any additional space in str3 so attempting to append characters using strcat will overflow the allocated storage - change your code to e.g.:

char arr3[80] = "Mr. "; // <<< allocate additional storage for appending more characters
char arr4[] = "Smith";
printf("Hello %s!", strcat(arr3, arr4));

The problem isn't with your strcat, but with how you're using/invoking it. You're writing past the end of the target array.

Change arr3 to something like char arr3[32] = "Mr. "; and all will be well.