bisecting cause commit starting from 1e1b28b936aed946122b4e0991e7144fdbbfd77e
building syzkaller on 744a39e220cece33e207035facce6c5ae161b775
testing commit 1e1b28b936aed946122b4e0991e7144fdbbfd77e
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2a18e678ffc5e9405677246da795df8cd760fa824a57a31ea039d6cc962d1dca
all runs: crashed: BUG: Bad rss-counter state
testing release v5.17
testing commit f443e374ae131c168a065ea1748feac6b2e76613
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 45b7063247746c91e5b3bdb5bc904e724605bb7644d0f69f18b0187d3a4e511b
all runs: OK
# git bisect start 1e1b28b936aed946122b4e0991e7144fdbbfd77e f443e374ae131c168a065ea1748feac6b2e76613
Bisecting: 13745 revisions left to test after this (roughly 14 steps)
[6a34fdcca452457a530980be2561dab06da3627f] Merge tag 'rtc-5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux

testing commit 6a34fdcca452457a530980be2561dab06da3627f
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f830a40eccfa89a3ef689ab612159e58dad3bfd224efb63aeb6168908d3451ef
all runs: OK
# git bisect good 6a34fdcca452457a530980be2561dab06da3627f
Bisecting: 6692 revisions left to test after this (roughly 13 steps)
[0bb07dcc1cb1d31559f9c88c88a075f36b0abc79] Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git

testing commit 0bb07dcc1cb1d31559f9c88c88a075f36b0abc79
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 752cf8c71f2f6fa2a9413e40ecd36040fd9ad1693bd6adf873368f0564cc38b2
all runs: OK
# git bisect good 0bb07dcc1cb1d31559f9c88c88a075f36b0abc79
Bisecting: 3419 revisions left to test after this (roughly 12 steps)
[4ac5b2ee4896c8c8642fbcd3a51bef6d340008e0] Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi.git

testing commit 4ac5b2ee4896c8c8642fbcd3a51bef6d340008e0
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 1d721f7980819163db5684476231467d53d0f8cf881d961d041d0bfb43c70983
all runs: OK
# git bisect good 4ac5b2ee4896c8c8642fbcd3a51bef6d340008e0
Bisecting: 1641 revisions left to test after this (roughly 11 steps)
[727c95e0b6089d942943a5930c445817ffeda5f7] Merge branch 'staging-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git

testing commit 727c95e0b6089d942943a5930c445817ffeda5f7
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3261d9229e6fcf547dabd67f505f479deaeb10e64fa0f0c90a24f75546f79cab
all runs: OK
# git bisect good 727c95e0b6089d942943a5930c445817ffeda5f7
Bisecting: 819 revisions left to test after this (roughly 10 steps)
[4e4a627322750fedb35552fa7fdee273a6c68f4d] Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git

testing commit 4e4a627322750fedb35552fa7fdee273a6c68f4d
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: b0363ab34afead9fe1aebc04bc586ccb2724b931bc59a1fa904a3908a57cbb9c
all runs: OK
# git bisect good 4e4a627322750fedb35552fa7fdee273a6c68f4d
Bisecting: 409 revisions left to test after this (roughly 9 steps)
[a00b390c298e0a14baa6216a1f37f88ade6a1912] mm/swap: print bad swap offset entry in get_swap_device

testing commit a00b390c298e0a14baa6216a1f37f88ade6a1912
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 3a2041310cfea8dc85db08801ac975f384e429e67de3305df3fdbabde43c0b1a
all runs: crashed: BUG: Bad rss-counter state
# git bisect bad a00b390c298e0a14baa6216a1f37f88ade6a1912
Bisecting: 204 revisions left to test after this (roughly 8 steps)
[69a947f20cf15d59025b003387ff8ba61460494a] mm/damon/sysfs: move targets setup code to a separated function

testing commit 69a947f20cf15d59025b003387ff8ba61460494a
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
mm/madvise.c:632:8: error: implicit declaration of function 'is_swapin_error_entry' [-Werror=implicit-function-declaration]
# git bisect skip 69a947f20cf15d59025b003387ff8ba61460494a
Bisecting: 204 revisions left to test after this (roughly 8 steps)
[8cb833ec7785570acc206b52fdf85fbc0b1fb976] mm/shmem: take care of UFFDIO_COPY_MODE_WP

testing commit 8cb833ec7785570acc206b52fdf85fbc0b1fb976
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d8e62c813a4887afa71498fed25c189aaeded1b80509a413ea3ba80b239e644d
all runs: OK
# git bisect good 8cb833ec7785570acc206b52fdf85fbc0b1fb976
Bisecting: 95 revisions left to test after this (roughly 7 steps)
[996927eebdae86436b19ea172c206d4d77bf9643] mm/memory-failure.c: simplify num_poisoned_pages_inc/dec

testing commit 996927eebdae86436b19ea172c206d4d77bf9643
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d0420ff9f255217268876d8a92d85a8cfc40e3f80f4d1771733e641e8409d4db
all runs: OK
# git bisect good 996927eebdae86436b19ea172c206d4d77bf9643
Bisecting: 47 revisions left to test after this (roughly 6 steps)
[e3477428a889bcaa85cad7edeb8d39b643078989] mm/mmap: move mmap_region() below do_munmap()

testing commit e3477428a889bcaa85cad7edeb8d39b643078989
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 2c6c42b8e160728f6665fb5a56e48fcba6731fb7158c7c0f76a4cff7bb32b65c
all runs: OK
# git bisect good e3477428a889bcaa85cad7edeb8d39b643078989
Bisecting: 23 revisions left to test after this (roughly 5 steps)
[65032e661e28c599fe8109a1bff0f9dd1e8a77d2] mm/gup: use maple tree navigation instead of linked list

testing commit 65032e661e28c599fe8109a1bff0f9dd1e8a77d2
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d4d85416ed10f89319aa7bb62f195ee0ccb6873a0f459a73fec82c0ab5e90d73
all runs: OK
# git bisect good 65032e661e28c599fe8109a1bff0f9dd1e8a77d2
Bisecting: 11 revisions left to test after this (roughly 4 steps)
[87ae09dbdd3b93e313723f9a1b4409d884527798] mm/swapfile: use vma iterator instead of vma linked list

testing commit 87ae09dbdd3b93e313723f9a1b4409d884527798
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: d2467d22a40c526d28a7f25871afbaaae8a6638f68bc4bf844351c858ae71bd8
all runs: OK
# git bisect good 87ae09dbdd3b93e313723f9a1b4409d884527798
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[5b5e05795dbc20e59b7995853e330b90b74ba201] mm/mmap.c: pass in mapping to __vma_link_file()

testing commit 5b5e05795dbc20e59b7995853e330b90b74ba201
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 0cbf4613260d0b4320b473a4d8c4691e33f70c22cb9e865665852a80ba997da8
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM
run #1: crashed: BUG: Bad rss-counter state
run #2: crashed: BUG: Bad rss-counter state
run #3: crashed: BUG: Bad rss-counter state
run #4: crashed: BUG: Bad rss-counter state
run #5: crashed: BUG: Bad rss-counter state
run #6: crashed: BUG: Bad rss-counter state
run #7: crashed: BUG: Bad rss-counter state
run #8: crashed: BUG: Bad rss-counter state
run #9: crashed: BUG: Bad rss-counter state
# git bisect bad 5b5e05795dbc20e59b7995853e330b90b74ba201
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[080a6a788a3ca1f4f5606615b2bb7a2697d08c84] riscv: use vma iterator for vdso

testing commit 080a6a788a3ca1f4f5606615b2bb7a2697d08c84
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f3d3f76b61875f1013d7494b91ff4def5b4061a5bc423cab4d625d27e9b6990f
run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: failed to write control pipe: write |NUM: broken pipe
run #1: OK
run #2: OK
run #3: OK
run #4: OK
run #5: OK
run #6: OK
run #7: OK
run #8: OK
run #9: OK
# git bisect good 080a6a788a3ca1f4f5606615b2bb7a2697d08c84
Bisecting: 0 revisions left to test after this (roughly 1 step)
[05cf8039e4e9b91fe0359d631a6fc9ce7554cf02] mm/mmap: drop range_has_overlap() function

testing commit 05cf8039e4e9b91fe0359d631a6fc9ce7554cf02
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: 84d5b41e22cb2b3ee01991e2702f7b5233bca984dd59c7b7949887d4cefcfae7
all runs: crashed: BUG: Bad rss-counter state
# git bisect bad 05cf8039e4e9b91fe0359d631a6fc9ce7554cf02
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[b7d0f898f5ce328ad809417f2e728b58153d52d1] mm: remove the vma linked list

testing commit b7d0f898f5ce328ad809417f2e728b58153d52d1
compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2
kernel signature: f82aceb2633c8febbaebfb0a9e9777abb53bd004caed0f1ec86148b24e1cd2b7
all runs: crashed: BUG: Bad rss-counter state
# git bisect bad b7d0f898f5ce328ad809417f2e728b58153d52d1
b7d0f898f5ce328ad809417f2e728b58153d52d1 is the first bad commit
commit b7d0f898f5ce328ad809417f2e728b58153d52d1
Author: Liam R. Howlett <Liam.Howlett@Oracle.com>
Date:   Thu May 12 21:15:44 2022 -0700

    mm: remove the vma linked list
    
    Replace any vm_next use with vma_find().
    
    Update free_pgtables(), unmap_vmas(), and zap_page_range() to use the
    maple tree.
    
    Use the new free_pgtables() and unmap_vmas() in do_mas_align_munmap().  At
    the same time, alter the loop to be more compact.
    
    Now that free_pgtables() and unmap_vmas() take a maple tree as an
    argument, rearrange do_mas_align_munmap() to use the new tree to hold the
    vmas to remove.
    
    Remove __vma_link_list() and __vma_unlink_list() as they are exclusively
    used to update the linked list
    
    Drop linked list update from __insert_vm_struct().
    
    Rework validation of tree as it was depending on the linked list.
    
    Link: https://lkml.kernel.org/r/20220504011345.662299-52-Liam.Howlett@oracle.com
    Signed-off-by: Liam R. Howlett <Liam.Howlett@Oracle.com>
    Cc: Catalin Marinas <catalin.marinas@arm.com>
    Cc: David Howells <dhowells@redhat.com>
    Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org>
    Cc: SeongJae Park <sj@kernel.org>
    Cc: Vlastimil Babka <vbabka@suse.cz>
    Cc: Will Deacon <will@kernel.org>
    Cc: Davidlohr Bueso <dave@stgolabs.net>
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

 include/linux/mm.h       |   5 +-
 include/linux/mm_types.h |   4 -
 kernel/fork.c            |  19 +-
 mm/debug.c               |  14 +-
 mm/internal.h            |   8 +-
 mm/memory.c              |  33 +++-
 mm/mmap.c                | 439 ++++++++++++++++++++---------------------------
 mm/nommu.c               |   5 -
 mm/util.c                |  40 -----
 9 files changed, 223 insertions(+), 344 deletions(-)

culprit signature: f82aceb2633c8febbaebfb0a9e9777abb53bd004caed0f1ec86148b24e1cd2b7
parent  signature: f3d3f76b61875f1013d7494b91ff4def5b4061a5bc423cab4d625d27e9b6990f
revisions tested: 17, total time: 3h50m11.690335173s (build: 1h49m8.133451127s, test: 1h59m14.994992141s)
first bad commit: b7d0f898f5ce328ad809417f2e728b58153d52d1 mm: remove the vma linked list
recipients (to): ["akpm@linux-foundation.org" "akpm@linux-foundation.org" "liam.howlett@oracle.com" "linux-mm@kvack.org"]
recipients (cc): ["arnd@arndb.de" "ccross@google.com" "david@redhat.com" "ebiederm@xmission.com" "linux-kernel@vger.kernel.org" "vbabka@suse.cz" "willy@infradead.org"]
crash: BUG: Bad rss-counter state
BUG: Bad rss-counter state mm:ffff888076ea2b80 type:MM_FILEPAGES val:174
BUG: Bad rss-counter state mm:ffff888076ea2b80 type:MM_ANONPAGES val:99
BUG: Bad rss-counter state mm:ffff888076ea2b80 type:MM_SHMEMPAGES val:2