Bug 82350

With a recurring switching from DATA to FAX mode of a modem, attached
through USB-COM connector, the kernel panics. Panic occures with a period
of about 5 days:

putc to a clist with no reserved cblocks
putc to a clist with no reserved cblocks
putc to a clist with no reserved cblocks
putc to a clist with no reserved cblocks
putc to a clist with no reserved cblocks
putc to a clist with no reserved cblocks
putc to a clist with no reserved cblocks
putc to a clist with no reserved cblocks
putc to a clist with no reserved cblocks
putc to a clist with no reserved cblocks
putc to a clist with no reserved cblocks
putc to a clist with no reserved cblocks
ucom0: read start failed


Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0x4c
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xc048170d
stack pointer	        = 0x10:0xd69649f4
frame pointer	        = 0x10:0xd6964a1c
code segment		= base rx0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 33074 (chat)
trap number		= 12
panic: page fault
Uptime: 5d3h1m35s
Dumping 510 MB
 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496

kernel backtrace:
#0  doadump () at pcpu.h:160
160             __asm __volatile("movl %%fs:0,%0" : "=r" (td));
(kgdb) bt
#0  doadump () at pcpu.h:160
During symbol reading, Incomplete CFI data; unspecified registers at 0xc04c64f0.
#1  0xc04c6bae in boot (howto=0x104) at /usr/src/sys/kern/kern_shutdown.c:410
#2  0xc04c6eb5 in panic (fmt=0xc0616267 "%s") at /usr/src/sys/kern/kern_shutdown.c:566
#3  0xc05efc38 in trap_fatal (frame=0xd69649b4, eva=0x0) at /usr/src/sys/i386/i386/trap.c:817
#4  0xc05ef95b in trap_pfault (frame=0xd69649b4, usermode=0x0, eva=0x4c) at /usr/src/sys/i386/i386/trap.c:735
#5  0xc05ef544 in trap (frame=
      {tf_fs = 0xc1a40018, tf_es = 0xd6960010, tf_ds = 0xc0470010, tf_edi = 0x0, tf_esi = 0xc2464280, tf_ebp = 0xd6964a1c, tf_isp = 0xd69649e0, tf_ebx = 0xc1a4c000, tf_edx = 0x0, tf_ecx = 0xc16e9f80, tf_eax = 0x0, tf_trapno = 0xc, tf_err = 0x0, tf_eip = 0xc048170d, tf_cs = 0x8, tf_eflags = 0x10246, tf_esp = 0xc16e7000, tf_ss = 0xd6964a10})
	      at /usr/src/sys/i386/i386/trap.c:425
#6  0xc05de8ca in calltrap () at /usr/src/sys/i386/i386/exception.s:140
#7  0xc1a40018 in ?? ()
#8  0xd6960010 in ?? ()
#9  0xc0470010 in ugen_do_read (sc=0xc2464280, endpt=0x0, uio=0xc04727b3, flag=0xc34bd100)
	      at /usr/src/sys/dev/usb/ugen.c:824
#10 0xc0472ad4 in uhci_abort_xfer (xfer=0xc1a4c000, status=USBD_NORMAL_COMPLETION) at /usr/src/sys/dev/usb/uhci.c:2022
#11 0xc0472937 in uhci_device_bulk_abort (xfer=0x0) at /usr/src/sys/dev/usb/uhci.c:1921
#12 0xc0481625 in usbd_ar_pipe (pipe=0xc2464280) at /usr/src/sys/dev/usb/usbdi.c:762
#13 0xc048134b in usbd_abort_pipe (pipe=0x0) at /usr/src/sys/dev/usb/usbdi.c:556
#14 0xc0744134 in ?? ()
#15 0xc2464280 in ?? ()
#16 0xd6964aa4 in ?? ()
#17 0xc0743956 in ?? ()
#18 0xc1742700 in ?? ()
#19 0x00000000 in ?? ()
#20 0xc04fcf19 in ttyioctl (dev=0x0, cmd=0x0, data=0xc04fcf19 "\203ûý¸\031", flag=0xc1743a00, td=0x0)
      at /usr/src/sys/kern/tty.c:2918
	  Previous frame inner to this frame (corrupt stack?)

Fix: 

Unknown
How-To-Repeat: Attach modem through USB-COM connector, and execute AT-commands in cycle
with chat(8). After some time, kernel will panic.