syzbot

uvm_fault(0xffffffff839971a8, 0xffff8000298b20f0, 0, 1) -> d
kernel: page fault trap, code=0
Stopped at      ffs2_balloc+0xa0d:      movq    0(%rcx,%rax,8),%r14
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
  32763  12927      0           0          0    1  syz-executor
*209218  50318      0         0x2        0x1    0  syz-executor
ffs2_balloc(fffffd806dae9840,ab843,50,fffffd80097fd3a8,1,ffff80002a350298) at ffs2_balloc+0xa0d sys/ufs/ffs/ffs_balloc.c:614
ffs_write(ffff80002a350320) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffffd80606e47d8,ffff80002a3503d0,3,fffffd80097fd3a8) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
ktrwriteraw(ffff80002a231240,fffffd80606e47d8,fffffd80097fd3a8,ffff80002a3504a0,ffff80002a350480) at ktrwriteraw+0x1be sys/kern/kern_ktrace.c:691
ktrsysret(ffff80002a231240,5b,0,ffff80002a350570) at ktrsysret+0x192 ktrwrite2 sys/kern/kern_ktrace.c:-1 [inline]
ktrsysret(ffff80002a231240,5b,0,ffff80002a350570) at ktrsysret+0x192 sys/kern/kern_ktrace.c:209
syscall(ffff80002a350620) at syscall+0xa51 mi_syscall_return sys/sys/syscall_mi.h:204 [inline]
syscall(ffff80002a350620) at syscall+0xa51 sys/arch/amd64/amd64/trap.c:804
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6fc9b3ea5370, count: 8
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb{0}> 
ddb{0}> set $lines = 0
ddb{0}> set $maxwidth = 0
ddb{0}> show panic
*cpu0: uvm_fault(0xffffffff839971a8, 0xffff8000298b20f0, 0, 1) -> d
ddb{0}> trace
ffs2_balloc(fffffd806dae9840,ab843,50,fffffd80097fd3a8,1,ffff80002a350298) at ffs2_balloc+0xa0d sys/ufs/ffs/ffs_balloc.c:614
ffs_write(ffff80002a350320) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffffd80606e47d8,ffff80002a3503d0,3,fffffd80097fd3a8) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
ktrwriteraw(ffff80002a231240,fffffd80606e47d8,fffffd80097fd3a8,ffff80002a3504a0,ffff80002a350480) at ktrwriteraw+0x1be sys/kern/kern_ktrace.c:691
ktrsysret(ffff80002a231240,5b,0,ffff80002a350570) at ktrsysret+0x192 ktrwrite2 sys/kern/kern_ktrace.c:-1 [inline]
ktrsysret(ffff80002a231240,5b,0,ffff80002a350570) at ktrsysret+0x192 sys/kern/kern_ktrace.c:209
syscall(ffff80002a350620) at syscall+0xa51 mi_syscall_return sys/sys/syscall_mi.h:204 [inline]
syscall(ffff80002a350620) at syscall+0xa51 sys/arch/amd64/amd64/trap.c:804
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x6fc9b3ea5370, count: -7
ddb{0}> show registers
rdi                                0
rsi                                0
rbp               0xffff80002a350240
rbx                                0
rdx                                0
rcx               0xffff8000298b2000
rax                             0x1e
r8                0xffffffffffffffff
r9                0xffff80002a350298
r10               0x51d67e20c1cc304d
r11               0xdca333c9dc582382
r12                              0x1
r13               0xffff800000c31800
r14               0xffff80002a3500d0
r15               0xfffffd8067696b10
rip               0xffffffff81f069dd    ffs2_balloc+0xa0d
cs                               0x8
rflags                       0x10246    __ALIGN_SIZE+0xf246
rsp               0xffff80002a3500c0
ss                              0x10
ffs2_balloc+0xa0d:      movq    0(%rcx,%rax,8),%r14
ddb{0}>