Index: sys/i386/i386/db_trace.c
===================================================================
--- sys/i386/i386/db_trace.c
+++ sys/i386/i386/db_trace.c
@@ -297,7 +297,6 @@
 {
 	struct trapframe *tf;
 	int frame_type;
-	int narg;
 	int eip, esp, ebp;
 	db_expr_t offset;
 	c_db_sym_t sym;
@@ -317,14 +316,6 @@
 	 */
 	frame_type = NORMAL;
 
-	/*
-	 * This is the number of arguments that a syscall / trap / interrupt
-	 * service routine passes to its callee.  This number is used only for
-	 * special frame types.  In most cases there is one argument: the trap
-	 * frame address.
-	 */
-	narg = 1;
-
 	if (eip >= PMAP_TRM_MIN_ADDRESS) {
 		sym = db_search_symbol(eip - 1 - setidt_disp, DB_STGY_ANY,
 		    &offset);
@@ -338,8 +329,6 @@
 			frame_type = TRAP;
 		else if (strncmp(name, "Xatpic_intr", 11) == 0 ||
 		    strncmp(name, "Xapic_isr", 9) == 0) {
-			/* Additional argument: vector number. */
-			narg = 2;
 			frame_type = INTERRUPT;
 		} else if (strcmp(name, "Xlcall_syscall") == 0 ||
 		    strcmp(name, "Xint0x80_syscall") == 0)
@@ -352,7 +341,6 @@
 		    strcmp(name, "Xrendezvous") == 0 ||
 		    strcmp(name, "Xipi_intr_bitmap_handler") == 0) {
 			/* No arguments. */
-			narg = 0;
 			frame_type = INTERRUPT;
 		}
 	}
@@ -386,12 +374,18 @@
 	}
 
 	/*
-	 * Point to base of trapframe which is just above the
-	 * current frame.  Note that struct i386_frame already accounts for one
-	 * argument.
+	 * Point to base of trapframe which is just above the current
+	 * frame.  Pointer to it was put into %ebp by the kernel entry
+	 * code.
 	 */
-	tf = (struct trapframe *)((char *)*fp + sizeof(struct i386_frame) +
-	    4 * (narg - 1));
+	tf = (struct trapframe *)(*fp)->f_frame;
+
+	/* E.g. fork_trampoline, last frame of a kernel thread. */
+	if (tf == NULL) {
+		*ip = 0;
+		*fp = 0;
+		return;
+	}
 
 	esp = get_esp(tf);
 	eip = tf->tf_eip;
@@ -412,16 +406,12 @@
 	}
 	db_printf(", eip = %#r, esp = %#r, ebp = %#r ---\n", eip, esp, ebp);
 
-	switch (frame_type) {
-	case TRAP:
-	case INTERRUPT:
-		if ((tf->tf_eflags & PSL_VM) != 0 ||
-		    (tf->tf_cs & SEL_RPL_MASK) != 0)
-			ebp = 0;
-		break;
-	case SYSCALL:
+	if (((frame_type == TRAP || frame_type == INTERRUPT) &&
+	    ((tf->tf_eflags & PSL_VM) != 0 ||
+	    (tf->tf_cs & SEL_RPL_MASK) != 0)) ||
+	    frame_type == SYSCALL) {
 		ebp = 0;
-		break;
+		eip = 0;
 	}
 
 	*ip = (db_addr_t) eip;
@@ -574,9 +564,12 @@
 		 * after printing the pc if it is the kernel.
 		 */
 		if (frame == NULL || frame <= actframe) {
-			sym = db_search_symbol(pc, DB_STGY_ANY, &offset);
-			db_symbol_values(sym, &name, NULL);
-			db_print_stack_entry(name, 0, 0, 0, pc, frame);
+			if (pc != 0) {
+				sym = db_search_symbol(pc, DB_STGY_ANY,
+				    &offset);
+				db_symbol_values(sym, &name, NULL);
+				db_print_stack_entry(name, 0, 0, 0, pc, frame);
+			}
 			break;
 		}
 	}
Index: sys/i386/include/asmacros.h
===================================================================
--- sys/i386/include/asmacros.h
+++ sys/i386/include/asmacros.h
@@ -157,6 +157,7 @@
 	movw	%es,(%esp)
 	pushl	$0
 	movw	%fs,(%esp)
+	movl	%esp,%ebp
 	.endm
 
 	.macro	PUSH_FRAME