panic: amap_pp_adjref: negative reference count
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
*204944  72778      0           0  0x4000000    0K syz-executor.1
  94652  43794      0         0x2      0x480    1  syz-executor.0
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
amap_pp_adjref(fffffd8063d5b7d8,7f0,200,1) at amap_pp_adjref+0x59e sys/uvm/uvm_amap.c:829
uvm_mapent_clone(ffff800000b7ea00,0,200000,7f0000,7,7) at uvm_mapent_clone+0x14c sys/uvm/uvm_map.c:3733
uvm_share(ffff800000b7ea00,0,7,fffffd807f00ab80,20800000,200000) at uvm_share+0x4b4 uvm_mapent_share sys/uvm/uvm_map.c:3767 [inline]
uvm_share(ffff800000b7ea00,0,7,fffffd807f00ab80,20800000,200000) at uvm_share+0x4b4 sys/uvm/uvm_map.c:3668
vm_impl_init_vmx(ffff800020ab0af0,ffff800020abec70) at vm_impl_init_vmx+0xf1 sys/arch/amd64/amd64/vmm.c:1270
vm_create() at vm_create+0x1a0 vm_impl_init sys/arch/amd64/amd64/vmm.c:1385 [inline]
vm_create() at vm_create+0x1a0 sys/arch/amd64/amd64/vmm.c:1174
VOP_IOCTL(fffffd806e1c69c0,c5005601,ffff800000b35800,1,fffffd807f7c6900,ffff800020abec70) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
vn_ioctl(fffffd80726b2020,c5005601,ffff800000b35800,ffff800020abec70) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:533
sys_ioctl(ffff800020abec70,ffff800022d81118,ffff800022d81160) at sys_ioctl+0x5b9
syscall(ffff800022d811e0) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800022d811e0) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff59,0,3,ca4ad0b7010) at Xsyscall+0x128
end of kernel
end trace frame: 0xca72b0eb7c0, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.