panic: amap_pp_adjref: negative reference count
Stopped at      db_enter+0x18:  addq    $0x8,%rsp
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
 440438  86018      0           0          0    1  syz-executor.0
*406286  44594      0           0  0x4000000    0K syz-executor.1
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:398
panic() at panic+0x15c sys/kern/subr_prf.c:207
amap_pp_adjref(fffffd805d1b3d48,e4,1df,1) at amap_pp_adjref+0x59e sys/uvm/uvm_amap.c:829
uvm_mapent_clone(ffff800000ce9c00,0,1df000,e4000,7,7) at uvm_mapent_clone+0x14c sys/uvm/uvm_map.c:3733
uvm_share(ffff800000ce9c00,0,7,fffffd807f00b450,20800000,200000) at uvm_share+0x4b4 uvm_mapent_share sys/uvm/uvm_map.c:3767 [inline]
uvm_share(ffff800000ce9c00,0,7,fffffd807f00b450,20800000,200000) at uvm_share+0x4b4 sys/uvm/uvm_map.c:3668
vm_impl_init_vmx(ffff800021fcb838,ffff800020ab0290) at vm_impl_init_vmx+0xf1 sys/arch/amd64/amd64/vmm.c:1270
vm_create() at vm_create+0x1a0 vm_impl_init sys/arch/amd64/amd64/vmm.c:1385 [inline]
vm_create() at vm_create+0x1a0 sys/arch/amd64/amd64/vmm.c:1174
VOP_IOCTL(fffffd8073ddda90,c5005601,ffff800000cd0800,1,fffffd807f7c6840,ffff800020ab0290) at VOP_IOCTL+0x88 sys/kern/vfs_vops.c:291
vn_ioctl(fffffd806ca3e860,c5005601,ffff800000cd0800,ffff800020ab0290) at vn_ioctl+0xb7 sys/kern/vfs_vnops.c:533
sys_ioctl(ffff800020ab0290,ffff800022713558,ffff8000227135a0) at sys_ioctl+0x5b9
syscall(ffff800022713620) at syscall+0x4a4 mi_syscall sys/sys/syscall_mi.h:92 [inline]
syscall(ffff800022713620) at syscall+0x4a4 sys/arch/amd64/amd64/trap.c:555
Xsyscall(6,0,ffffffffffffff59,0,3,f9557556010) at Xsyscall+0x128
end of kernel
end trace frame: 0xf977a17c670, count: 3
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.