WARNING: bad unlock balance in mnt_drop

overlayfs: failed to create directory ./file1\/work (errno: 30); mounting read-only
overlayfs: unrecognized mount option "permit_directio" or missing value
=====================================
WARNING: bad unlock balance detected!
4.14.170-syzkaller #0 Not tainted
-------------------------------------
syz-executor.0/16418 is trying to release lock (sb_writers) at:
[<ffffffff8196cd5e>] sb_end_write include/linux/fs.h:1500 [inline]
[<ffffffff8196cd5e>] mnt_drop_write+0x3e/0x50 fs/namespace.c:532
but there are no more locks to release!

other info that might help us debug this:
1 lock held by syz-executor.0/16418:
 #0:  (&type->s_umount_key#60/1){+.+.}, at: [<ffffffff818ffe51>] alloc_super fs/super.c:251 [inline]
 #0:  (&type->s_umount_key#60/1){+.+.}, at: [<ffffffff818ffe51>] sget_userns+0x551/0xc30 fs/super.c:516

stack backtrace:
CPU: 0 PID: 16418 Comm: syz-executor.0 Not tainted 4.14.170-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 print_unlock_imbalance_bug kernel/locking/lockdep.c:3548 [inline]
 print_unlock_imbalance_bug.cold+0x114/0x123 kernel/locking/lockdep.c:3525
 __lock_release kernel/locking/lockdep.c:3765 [inline]
 lock_release+0x616/0x940 kernel/locking/lockdep.c:4013
 percpu_up_read_preempt_enable include/linux/percpu-rwsem.h:102 [inline]
 percpu_up_read include/linux/percpu-rwsem.h:108 [inline]
 __sb_end_write+0xc1/0x100 fs/super.c:1329
 sb_end_write include/linux/fs.h:1500 [inline]
 mnt_drop_write+0x3e/0x50 fs/namespace.c:532
 ovl_workdir_create.cold+0x101/0x10d fs/overlayfs/super.c:546
 ovl_fill_super+0x100c/0x2660 fs/overlayfs/super.c:988
 mount_nodev+0x52/0xf0 fs/super.c:1180
 ovl_mount+0x2d/0x40 fs/overlayfs/super.c:1204
 mount_fs+0x97/0x2a1 fs/super.c:1237
 vfs_kern_mount.part.0+0x5e/0x3d0 fs/namespace.c:1046
 vfs_kern_mount fs/namespace.c:1036 [inline]
 do_new_mount fs/namespace.c:2549 [inline]
 do_mount+0x417/0x27d0 fs/namespace.c:2879
 SYSC_mount fs/namespace.c:3095 [inline]
 SyS_mount+0xab/0x120 fs/namespace.c:3072
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45b399
RSP: 002b:00007ff9400c4c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ff9400c56d4 RCX: 000000000045b399
RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 000000000040000f
RBP: 000000000075bf20 R08: 0000000020000100 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000000750 R14: 00000000004c8c25 R15: 000000000075bf2c
------------[ cut here ]------------
WARNING: CPU: 0 PID: 18335 at fs/namespace.c:1178 cleanup_mnt+0x104/0x150 fs/namespace.c:1178

Time	Kernel	Commit	Syzkaller	Config	Log	Report	Manager
2020/02/08 15:34	linux-4.14.y	e0f8b8a65a47	06150bf1	.config	console log	report	ci2-linux-4-14
2020/02/08 06:56	linux-4.14.y	e0f8b8a65a47	06150bf1	.config	console log	report	ci2-linux-4-14
2020/01/14 03:56	linux-4.14.y	6d0c334a400d	32881205	.config	console log	report	ci2-linux-4-14
2020/01/05 00:01	linux-4.14.y	84f5ad468100	68256974	.config	console log	report	ci2-linux-4-14
2019/12/06 13:57	linux-4.14.y	a844dc4c5442	12c3b6cd	.config	console log	report	ci2-linux-4-14
2019/12/03 14:05	linux-4.14.y	fbc5fe7a54d0	ab342da3	.config	console log	report	ci2-linux-4-14
2019/11/15 00:59	linux-4.14.y	775d01b65b5d	048f2d49	.config	console log	report	ci2-linux-4-14
2019/08/10 16:44	linux-4.14.y	3ffe1e79c174	acb51638	.config	console log	report	ci2-linux-4-14
2019/07/25 04:19	linux-4.14.y	ff33472c282e	32329ceb	.config	console log	report	ci2-linux-4-14