[ 28.702917] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.711080] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 28.720690] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 28.729952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.878927] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 28.900598] syz-executor.0 (7949) used greatest stack depth: 24280 bytes left [ 29.329390] can: request_module (can-proto-0) failed. [ 29.340074] can: request_module (can-proto-0) failed. [ 29.349187] can: request_module (can-proto-0) failed. [ 39.153524] unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 [ 49.180713] unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 Warning: Permanently added '10.128.10.53' (ECDSA) to the list of known hosts. [ 50.944662] overlayfs: failed to create directory ./file1/work (errno: 30); mounting read-only [ 50.954236] [ 50.955848] ===================================== [ 50.960675] WARNING: bad unlock balance detected! [ 50.965649] 4.14.272-syzkaller #0 Not tainted [ 50.970147] ------------------------------------- [ 50.975083] syz-executor399/8280 is trying to release lock (sb_writers) at: [ 50.982163] [] mnt_drop_write+0x36/0x40 [ 50.987669] but there are no more locks to release! [ 50.992742] [ 50.992742] other info that might help us debug this: [ 50.999375] 1 lock held by syz-executor399/8280: [ 51.004108] #0: (&type->s_umount_key#47/1){+.+.}, at: [] sget_userns+0x429/0xb40 [ 51.013633] [ 51.013633] stack backtrace: [ 51.018258] CPU: 0 PID: 8280 Comm: syz-executor399 Not tainted 4.14.272-syzkaller #0 [ 51.026120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 51.036490] Call Trace: [ 51.039060] dump_stack+0x14b/0x1e7 [ 51.042659] ? mnt_drop_write+0x36/0x40 [ 51.046617] print_unlock_imbalance_bug.cold.35+0x114/0x123 [ 51.052312] lock_release+0x61c/0x820 [ 51.056213] ? mnt_drop_write+0x36/0x40 [ 51.060340] ? lock_downgrade+0x7f0/0x7f0 [ 51.064462] __sb_end_write+0xa4/0xd0 [ 51.068241] mnt_drop_write+0x36/0x40 [ 51.072103] ovl_workdir_create.cold.6+0xea/0xf6 [ 51.076834] ? ovl_mount_dir+0x170/0x170 [ 51.080868] ? clone_mnt+0x331/0xef0 [ 51.084561] ? up_read+0x1a/0x40 [ 51.088003] ? clone_private_mount+0x17a/0x1e0 [ 51.092714] ovl_fill_super+0xf88/0x28b0 [ 51.096774] ? ovl_check_namelen.isra.2+0xe0/0xe0 [ 51.101595] ? up_write+0x1a/0x60 [ 51.105203] ? sget_userns+0x8d6/0xb40 [ 51.109068] ? get_anon_bdev+0x1a0/0x1a0 [ 51.113854] ? sget+0xbe/0x100 [ 51.117114] ? ovl_check_namelen.isra.2+0xe0/0xe0 [ 51.121942] mount_nodev+0x48/0xe0 [ 51.125456] ? mount_nodev+0x48/0xe0 [ 51.129337] ovl_mount+0x13/0x20 [ 51.132780] mount_fs+0x7f/0x270 [ 51.136554] vfs_kern_mount.part.9+0x58/0x3c0 [ 51.141128] do_mount+0x362/0x25b0 [ 51.144668] ? copy_mount_string+0x20/0x20 [ 51.149055] ? copy_mount_options+0x55/0x270 [ 51.153684] ? rcu_read_lock_sched_held+0x108/0x120 [ 51.158689] ? kmem_cache_alloc_trace+0x37c/0x3f0 [ 51.163592] ? copy_mount_options+0x55/0x270 [ 51.168145] SyS_mount+0xb1/0xd0 [ 51.171568] ? copy_mnt_ns+0xae0/0xae0 [ 51.175526] do_syscall_64+0x1c7/0x5b0 [ 51.179644] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 51.184488] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 51.189653] RIP: 0033:0x7f2801f95c19 [ 51.193557] RSP: 002b:0