page fault panic in scioctl and console-kit-daemon

Hi,

While starting console-kit-daemon (sysutils/consolekit 0.2.3) during 
boot or in single-user mode the system panics. If I start it post-boot 
it runs fine. This is on 8.0-CURRENT from about 12 hours ago, another 
user also reported the same on RELENG_7. Any other information I can 
provide ?

Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x4
fault code		= supervisor read, page not present
instruction pointer	= 0x20:0xc04d2ab4
stack pointer	        = 0x28:0xe6499b18
frame pointer	        = 0x28:0xe6499b80
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 134 (console-kit-daemon)
Physical memory: 1014 MB
Dumping 43 MB: 28 12

#0  doadump () at pcpu.h:195
195	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:195
#1  0xc0461c69 in db_fncall (dummy1=1, dummy2=0, dummy3=-1064824544,
     dummy4=0xe64998b0 "\200�\233�") at 
/usr/src/sys/ddb/db_command.c:514
#2  0xc046221a in db_command (last_cmdp=0xc084eaf4, cmd_table=0x0, 
dopager=1)
     at /usr/src/sys/ddb/db_command.c:411
#3  0xc0462335 in db_command_loop () at /usr/src/sys/ddb/db_command.c:464
#4  0xc0463e1c in db_trap (type=12, code=0) at 
/usr/src/sys/ddb/db_main.c:228
#5  0xc0577aa3 in kdb_trap (type=12, code=0, tf=0xe6499ad8)
     at /usr/src/sys/kern/subr_kdb.c:510
#6  0xc07a280f in trap_fatal (frame=0xe6499ad8, eva=4)
     at /usr/src/sys/i386/i386/trap.c:889
#7  0xc07a2abb in trap_pfault (frame=0xe6499ad8, usermode=0, eva=4)
     at /usr/src/sys/i386/i386/trap.c:811
#8  0xc07a34a2 in trap (frame=0xe6499ad8) at 
/usr/src/sys/i386/i386/trap.c:489
#9  0xc079183b in calltrap () at /usr/src/sys/i386/i386/exception.s:146
#10 0xc04d2ab4 in scioctl (dev=0xc3b20d00, cmd=537163270,
     data=0xe6499c70 "\002", flag=1, td=0xc3d3c880)
     at /usr/src/sys/dev/syscons/syscons.c:1073
#11 0xc051ed1a in giant_ioctl (dev=0xc3b20d00, cmd=537163270,
     data=0xe6499c70 "\002", fflag=1, td=0xc3d3c880)
     at /usr/src/sys/kern/kern_conf.c:349
#12 0xc0598194 in cnioctl (dev=0xc3b20d00, cmd=537163270,
     data=0xe6499c70 "\002", flag=1, td=0xc3d3c880)
---Type <return> to continue, or q <return> to quit---
     at /usr/src/sys/kern/tty_cons.c:521
#13 0xc051ed1a in giant_ioctl (dev=0xc39bf900, cmd=537163270,
     data=0xe6499c70 "\002", fflag=1, td=0xc3d3c880)
     at /usr/src/sys/kern/kern_conf.c:349
#14 0xc04f1127 in devfs_ioctl_f (fp=0xc3ce0dd0, com=537163270,
     data=0xe6499c70, cred=0xc39a0900, td=0xc3d3c880)
     at /usr/src/sys/fs/devfs/devfs_vnops.c:494
#15 0xc05845f8 in kern_ioctl (td=0xc3d3c880, fd=9, com=537163270,
     data=0xe6499c70 "\002") at file.h:254
#16 0xc058476f in ioctl (td=0xc3d3c880, uap=0xe6499cfc)
     at /usr/src/sys/kern/sys_generic.c:677
#17 0xc07a2e25 in syscall (frame=0xe6499d38)
     at /usr/src/sys/i386/i386/trap.c:1034
#18 0xc07918a0 in Xint0x80_syscall () at 
/usr/src/sys/i386/i386/exception.s:203
#19 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) f 10
#10 0xc04d2ab4 in scioctl (dev=0xc3b20d00, cmd=537163270,
     data=0xe6499c70 "\002", flag=1, td=0xc3d3c880)
     at /usr/src/sys/dev/syscons/syscons.c:1073
1073		scp = sc_get_stat(SC_DEV(sc, i));
(kgdb) p sc
$1 = (sc_softc_t *) 0xc0881120
(kgdb) p *sc
$2 = {unit = 0, config = 768, flags = 65536, keyboard = 1, kbd = 
0xc39fd800,
   adapter = 0, adp = 0xc087c3e0, initial_mode = 24, first_vty = 0, vtys 
= 16,
   dev = 0xc0862320, cur_scp = 0xc08621e0, new_scp = 0x0, old_scp = 0x0,
   delayed_next_scr = 0, font_loading_in_progress = 0 '\0',
   switch_in_progress = 0 '\0', write_in_progress = 0 '\0',
   blink_in_progress = 0 '\0', video_mtx = {lock_object = {
       lo_name = 0xc07dc198 "syscons video lock",
       lo_type = 0xc07dc198 "syscons video lock", lo_flags = 196608,
       lo_witness_data = {lod_list = {stqe_next = 0x0}, lod_witness = 
0x0}},
     mtx_lock = 4, mtx_recurse = 0}, scrn_time_stamp = 459, 
dflt_curs_attr = {
     flags = 0, base = 3, height = 2}, curs_attr = {flags = 0, base = 3,
     height = 2},
   scr_map = 
"\000\001\002\003\004\005\006\a\b\t\n\v\f\r\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037 
!\"#$%&'()*+,-./0123456789:;<=>?_at_ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\177\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232\233\234\235\236\237&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;"..., 

   scr_rmap = 
"\000\001\002\003\004\005\006\a\b\t\n\v\f\r\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037 
!\"#$%&'()*+,-./0123456789:;<=>?_at_ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\177\200\201\202\203\204\205\206\207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232\233\234\235\236\237&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;"...---Type 
<return> to continue, or q <return> to quit---
,
   palette = 
"\000\000\000\000\000&#65533;\000&#65533;\000\000&#65533;&#65533;&#65533;\000\000&#65533;\000&#65533;&#65533;&#65533;\000&#65533;&#65533;&#65533;\000\000T\000\000&#65533;\000&#65533;T\000&#65533;&#65533;&#65533;\000T&#65533;\000&#65533;&#65533;&#65533;T&#65533;&#65533;&#65533;\000T\000\000T&#65533;\000&#65533;\000\000&#65533;&#65533;&#65533;T\000&#65533;T&#65533;&#65533;&#65533;\000&#65533;&#65533;&#65533;\000TT\000T&#65533;\000&#65533;T\000&#65533;&#65533;&#65533;TT&#65533;T&#65533;&#65533;&#65533;T&#65533;&#65533;&#65533;T\000\000T\000&#65533;T&#65533;\000T&#65533;&#65533;&#65533;\000\000&#65533;\000&#65533;&#65533;&#65533;\000&#65533;&#65533;&#65533;T\000TT\000&#65533;T&#65533;TT&#65533;&#65533;&#65533;\000T&#65533;\000&#65533;&#65533;&#65533;T&#65533;&#65533;&#65533;TT\000TT&#65533;T&#65533;\000T&#65533;&#65533;&#65533;T\000&#65533;T&#65533;&#65533;&#65533;\000&#65533;&#65533;&#65533;TTTTT&#65533;T&#65533;TT&#65533;&#65533;&#65533;TT&#65533;T&#65533;&#65533;&#65533;T&#655
33;&#65533;&#65533;", 
'\0' <repeats 52 times>..., fonts_loaded = 8,
   font_8 = 0xc0852f60 "", font_14 = 0xc0852160 "", font_16 = 0xc0851160 
"",
   font_22 = 0x0, cursor_char = 7 '\a', mouse_char = 208 '&#65533;'}
(kgdb) list
1068		s = spltty();
1069		error = sc_clean_up(sc->cur_scp);
1070		splx(s);
1071		if (error)
1072		    return error;
1073		scp = sc_get_stat(SC_DEV(sc, i));
1074		if (scp == scp->sc->cur_scp)
1075		    return 0;
1076		error = tsleep(&scp->smode, PZERO | PCATCH, "waitvt", 0);
1077		return error;
(kgdb) p i
$3 = 1
(kgdb) p sc->dev
$4 = (struct cdev **) 0xc0862320
(kgdb) p *sc->dev
$5 = (struct cdev *) 0xc3b20700
(kgdb) p **sc->dev
$6 = {si_priv = 0xc3b20700, si_flags = 4, si_atime = {tv_sec = 0,
     tv_nsec = 0}, si_ctime = {tv_sec = 0, tv_nsec = 0}, si_mtime = {
     tv_sec = 0, tv_nsec = 0}, si_uid = 0, si_gid = 0, si_mode = 384,
   si_cred = 0x0, si_drv0 = 0, si_refcount = 1, si_list = {le_next = 0x0,
     le_prev = 0xc3b20638}, si_clone = {le_next = 0x0, le_prev = 0x0},
   si_children = {lh_first = 0x0}, si_siblings = {le_next = 0x0,
     le_prev = 0x0}, si_parent = 0x0, si_name = 0xc3b20778 "ttyv0",
   si_drv1 = 0xc08621e0, si_drv2 = 0x0, si_devsw = 0xc0815320,
   si_iosize_max = 0, si_usecount = 0, si_threadcount = 0, __si_u = {
     __sit_tty = 0xc3b2a400, __sid_snapdata = 0xc3b2a400},
   __si_namebuf = "ttyv0", '\0' <repeats 58 times>}
(kgdb) p sc->first_vty
$7 = 0

-- 
Pawel