=====================================
WARNING: bad unlock balance detected!
syzkaller #0 Not tainted
-------------------------------------
sshd/5543 is trying to release lock (rcu_read_lock) at:
[<ffffffff8219432b>] do_pte_missing+0x125b/0x33f0
but there are no more locks to release!

other info that might help us debug this:
1 lock held by sshd/5543:
 #0: ffff888109268b08 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500

stack backtrace:
CPU: 0 UID: 0 PID: 5543 Comm: sshd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150
 print_unlock_imbalance_bug+0xdc/0xf0
 lock_release+0x248/0x3c0
 do_pte_missing+0x1fc4/0x33f0
 handle_mm_fault+0x1bd7/0x3170
 do_user_addr_fault+0xa73/0x1340
 exc_page_fault+0x6a/0xc0
 asm_exc_page_fault+0x26/0x30
RIP: 0033:0x7f33b05c4661
Code: 4c 8d 35 38 ca 01 00 41 55 41 54 41 bc 0c 00 00 00 55 53 48 8b 1f 4c 8b 6a 28 48 03 5a 10 49 29 dc 4a 8d 04 23 4c 39 e8 73 3b <8b> 2b 83 fd 04 75 1b 83 7b 08 05 75 15 48 8d 7b 0c ba 04 00 00 00
RSP: 002b:00007ffc134b6a50 EFLAGS: 00010283
RAX: 000000000000000c RBX: 00007f33b056d580 RCX: 00007f33b05e5350
RDX: 00007f33b04f9190 RSI: 0000000000000003 RDI: 00007f33b05b4500
RBP: 00007ffc134b6be0 R08: 000000006ffffdff R09: 000000006ffffeff
R10: 000000006fffff41 R11: 000000006ffffe35 R12: ffff80cc4fa92a8c
R13: 0000000000000030 R14: 00007f33b05e1076 R15: 00000000effffef5
 </TASK>
------------[ cut here ]------------
rrln < 0 || rrln > RCU_NEST_PMAX
WARNING: kernel/rcu/tree_plugin.h:443 at __rcu_read_unlock+0x79/0xe0, CPU#0: sshd/5543
Modules linked in:
CPU: 0 UID: 0 PID: 5543 Comm: sshd Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:__rcu_read_unlock+0x79/0xe0
Code: 75 66 41 83 3e 00 75 27 43 0f b6 04 3c 84 c0 75 41 8b 03 3d 00 00 00 40 73 0f 5b 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc cc 90 <0f> 0b 90 eb eb e8 6d 00 00 00 eb d2 89 d9 80 e1 07 80 c1 03 38 c1
RSP: 0000:ffffc90004377b10 EFLAGS: 00010286
RAX: 00000000ffffffff RBX: ffff8881694edd44 RCX: 0000000000000046
RDX: 0000000000000000 RSI: ffffffff8e218380 RDI: ffff8881694ed880
RBP: 0000000000000067 R08: 0000000000000003 R09: 0000000000000004
R10: dffffc0000000000 R11: fffffbfff1d06d14 R12: 1ffff1102d29dba8
R13: 0000000000000100 R14: 0000000000000074 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff88818dc90000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f33b056d580 CR3: 0000000113c00000 CR4: 00000000000006f0
Call Trace:
 <TASK>
 do_pte_missing+0x1fc9/0x33f0
 handle_mm_fault+0x1bd7/0x3170
 do_user_addr_fault+0xa73/0x1340
 exc_page_fault+0x6a/0xc0
 asm_exc_page_fault+0x26/0x30
RIP: 0033:0x7f33b05c4661
Code: 4c 8d 35 38 ca 01 00 41 55 41 54 41 bc 0c 00 00 00 55 53 48 8b 1f 4c 8b 6a 28 48 03 5a 10 49 29 dc 4a 8d 04 23 4c 39 e8 73 3b <8b> 2b 83 fd 04 75 1b 83 7b 08 05 75 15 48 8d 7b 0c ba 04 00 00 00
RSP: 002b:00007ffc134b6a50 EFLAGS: 00010283
RAX: 000000000000000c RBX: 00007f33b056d580 RCX: 00007f33b05e5350
RDX: 00007f33b04f9190 RSI: 0000000000000003 RDI: 00007f33b05b4500
RBP: 00007ffc134b6be0 R08: 000000006ffffdff R09: 000000006ffffeff
R10: 000000006fffff41 R11: 000000006ffffe35 R12: ffff80cc4fa92a8c
R13: 0000000000000030 R14: 00007f33b05e1076 R15: 00000000effffef5
 </TASK>
