syzbot

uvm_fault(0xffffffff83a66ec0, 0xffff8000261d2000, 0, 1) -> d
kernel: page fault trap, code=0
Stopped at      ffs2_balloc+0xa0a:      movq    0(%rcx,%rax,8),%r14
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*323571  80222      0           0  0x4000000    0  syz-executor
ffs2_balloc(fffff2006a37d400,30001,40,fffff20007ffd7b8,1,ffff80002a79b338) at ffs2_balloc+0xa0a sys/ufs/ffs/ffs_balloc.c:614
ffs_write(ffff80002a79b3c0) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffff20066d0c7c0,ffff80002a79b470,3,fffff20007ffd7b8) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
ktrwriteraw(ffff80002a751cb0,fffff20066d0c7c0,fffff20007ffd7b8,ffff80002a79b528,0) at ktrwriteraw+0x19b sys/kern/kern_ktrace.c:692
doktrace(fffff20066d0c7c0,4,1b08,0,ffff80002a751cb0) at doktrace+0x88c ktrstart sys/kern/kern_ktrace.c:150 [inline]
doktrace(fffff20066d0c7c0,4,1b08,0,ffff80002a751cb0) at doktrace+0x88c sys/kern/kern_ktrace.c:485
sys_ktrace(ffff80002a751cb0,ffff80002a79b7f0,ffff80002a79b740) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:559
syscall(ffff80002a79b7f0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a79b7f0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3c67fa374b0, count: 7
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb> 
ddb> set $lines = 0
ddb> set $maxwidth = 0
ddb> show panic
*cpu0: uvm_fault(0xffffffff83a66ec0, 0xffff8000261d2000, 0, 1) -> d
ddb> trace
ffs2_balloc(fffff2006a37d400,30001,40,fffff20007ffd7b8,1,ffff80002a79b338) at ffs2_balloc+0xa0a sys/ufs/ffs/ffs_balloc.c:614
ffs_write(ffff80002a79b3c0) at ffs_write+0x4f9 sys/ufs/ffs/ffs_vnops.c:345
VOP_WRITE(fffff20066d0c7c0,ffff80002a79b470,3,fffff20007ffd7b8) at VOP_WRITE+0x101 sys/kern/vfs_vops.c:245
ktrwriteraw(ffff80002a751cb0,fffff20066d0c7c0,fffff20007ffd7b8,ffff80002a79b528,0) at ktrwriteraw+0x19b sys/kern/kern_ktrace.c:692
doktrace(fffff20066d0c7c0,4,1b08,0,ffff80002a751cb0) at doktrace+0x88c ktrstart sys/kern/kern_ktrace.c:150 [inline]
doktrace(fffff20066d0c7c0,4,1b08,0,ffff80002a751cb0) at doktrace+0x88c sys/kern/kern_ktrace.c:485
sys_ktrace(ffff80002a751cb0,ffff80002a79b7f0,ffff80002a79b740) at sys_ktrace+0x11c sys/kern/kern_ktrace.c:559
syscall(ffff80002a79b7f0) at syscall+0x962 mi_syscall sys/sys/syscall_mi.h:-1 [inline]
syscall(ffff80002a79b7f0) at syscall+0x962 sys/arch/amd64/amd64/trap.c:783
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x3c67fa374b0, count: -8
ddb> show registers
rdi                                0
rsi                                0
rbp               0xffff80002a79b2e0
rbx               0xfffff2006a37d400
rdx                                0
rcx               0xffff8000261d2000
rax                                0
r8                0xffffffffffffffff
r9                0xffff80002a79b338
r10               0x5bc51dfacd2baf7e
r11               0xd0a0e8b2e9655b0c
r12                              0x1
r13               0xffff800000c47800
r14               0xffff80002a79b180
r15               0xfffff2006f580240
rip               0xffffffff82b05e9a    ffs2_balloc+0xa0a
cs                               0x8
rflags                       0x10246    __ALIGN_SIZE+0xf246
rsp               0xffff80002a79b170
ss                              0x10
ffs2_balloc+0xa0a:      movq    0(%rcx,%rax,8),%r14
ddb>