panic: amap_pp_adjref: negative reference count
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*284911  84472      0           0  0x4000000    0  syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
amap_pp_adjref(fffffd803e400148,e4,200,1) at amap_pp_adjref+0x59e sys/uvm/uvm_amap.c:829
uvm_mapent_clone(ffff800000adcc00,0,200000,e4000,7,7) at uvm_mapent_clone+0x14c sys/uvm/uvm_map.c:3733
uvm_share(ffff800000adcc00,0,7,fffffd803f014220,20800000,200000) at uvm_share+0x4b4 uvm_mapent_share sys/uvm/uvm_map.c:3767 [inline]
uvm_share(ffff800000adcc00,0,7,fffffd803f014220,20800000,200000) at uvm_share+0x4b4 sys/uvm/uvm_map.c:3668
vm_impl_init_vmx(ffff80001487e828,ffff8000ffff84f8) at vm_impl_init_vmx+0xf1 sys/arch/amd64/amd64/vmm.c:1270
vm_create(ffff800000aa5000,ffff8000ffff84f8) at vm_create+0x193 vm_impl_init sys/arch/amd64/amd64/vmm.c:1385 [inline]
vm_create(ffff800000aa5000,ffff8000ffff84f8) at vm_create+0x193 sys/arch/amd64/amd64/vmm.c:1174
VOP_IOCTL(fffffd803b5ad750,c5005601,ffff800000aa5000,1,fffffd803f7c6960,ffff8000ffff84f8) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
vn_ioctl(fffffd802d482c40,c5005601,ffff800000aa5000,ffff8000ffff84f8) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:533
sys_ioctl(ffff8000ffff84f8,ffff800017966438,ffff800017966480) at sys_ioctl+0x5b9
syscall(ffff800017966500) at syscall+0x507 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff59,0,3,3e974648010) at Xsyscall+0x128
end of kernel
end trace frame: 0x3ec4f037b80, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.