Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.213' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   28.132109] 
[   28.132111] ============================================
[   28.132112] WARNING: possible recursive locking detected
[   28.132116] 4.14.280-syzkaller #0 Not tainted
[   28.132117] --------------------------------------------
[   28.132120] syz-executor337/7995 is trying to acquire lock:
[   28.132121]  ((fb_notifier_list).rwsem){++++}, at: [<ffffffff8137bec3>] blocking_notifier_call_chain+0x63/0x90
[   28.132136] 
[   28.132136] but task is already holding lock:
[   28.132136]  ((fb_notifier_list).rwsem){++++}, at: [<ffffffff8137bec3>] blocking_notifier_call_chain+0x63/0x90
[   28.132144] 
[   28.132144] other info that might help us debug this:
[   28.132145]  Possible unsafe locking scenario:
[   28.132145] 
[   28.132146]        CPU0
[   28.132146]        ----
[   28.132147]   lock((fb_notifier_list).rwsem);
[   28.132149]   lock((fb_notifier_list).rwsem);
[   28.132152] 
[   28.132152]  *** DEADLOCK ***
[   28.132152] 
[   28.132153]  May be due to missing lock nesting notation
[   28.132153] 
[   28.132155] 3 locks held by syz-executor337/7995:
[   28.132156]  #0:  (console_lock){+.+.}, at: [<ffffffff83363d1a>] do_fb_ioctl+0x81a/0xa70
[   28.132163]  #1:  (&fb_info->lock){+.+.}, at: [<ffffffff83363d24>] do_fb_ioctl+0x824/0xa70
[   28.132169]  #2:  ((fb_notifier_list).rwsem){++++}, at: [<ffffffff8137bec3>] blocking_notifier_call_chain+0x63/0x90
[   28.132176] 
[   28.132176] stack backtrace:
[   28.132180] CPU: 0 PID: 7995 Comm: syz-executor337 Not tainted 4.14.280-syzkaller #0
[   28.132183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   28.132184] Call Trace:
[   28.132203]  dump_stack+0x1b2/0x281
[   28.132211]  __lock_acquire.cold+0x180/0x97c
[   28.132219]  ? retint_kernel+0x2d/0x2d
[   28.132224]  ? trace_hardirqs_on+0x10/0x10
[   28.132229]  ? check_preemption_disabled+0x35/0x240
[   28.132235]  ? delay_tsc+0x8a/0xb0
[   28.132239]  ? vga16fb_update_fix+0x2fe/0x470
[   28.132243]  ? memcpy+0x35/0x50
[   28.132247]  lock_acquire+0x170/0x3f0
[   28.132251]  ? blocking_notifier_call_chain+0x63/0x90
[   28.132254]  down_read+0x36/0x80
[   28.132258]  ? blocking_notifier_call_chain+0x63/0x90
[   28.132261]  blocking_notifier_call_chain+0x63/0x90
[   28.132267]  fb_set_var+0xbc8/0xdc0
[   28.132271]  ? fb_set_suspend+0x110/0x110
[   28.132277]  ? kfree+0xc9/0x250
[   28.132280]  ? vga16fb_imageblit+0x630/0x2140
[   28.132284]  ? fb_pad_aligned_buffer+0xbf/0x110
[   28.132290]  ? bit_cursor+0xfb8/0x1580
[   28.132293]  ? fb_videomode_to_var+0xf/0x610
[   28.132296]  fbcon_switch+0x3d9/0x19e0
[   28.132301]  ? fbcon_event_notify+0x1760/0x1760
[   28.132308]  redraw_screen+0x32c/0x790
[   28.132311]  ? get_color+0x1be/0x3a0
[   28.132314]  ? con_shutdown+0x90/0x90
[   28.132317]  ? bit_update_start+0x1f0/0x1f0
[   28.132320]  ? fbcon_cursor+0x48e/0x650
[   28.132324]  fbcon_blank+0x986/0xd50
[   28.132328]  ? con2fb_release_oldinfo.constprop.0+0x5a0/0x5a0
[   28.132332]  ? __lock_acquire+0x5fc/0x3f20
[   28.132336]  ? __lock_acquire+0x5fc/0x3f20
[   28.132340]  ? trace_hardirqs_on+0x10/0x10
[   28.132343]  ? __lock_acquire+0x5fc/0x3f20
[   28.132347]  do_unblank_screen+0x1fd/0x4e0
[   28.132351]  fbcon_event_notify+0x1445/0x1760
[   28.132356]  notifier_call_chain+0x108/0x1a0
[   28.132361]  blocking_notifier_call_chain+0x79/0x90
[   28.132364]  fb_blank+0x14c/0x190
[   28.132368]  ? fb_set_logocmap+0x450/0x450
[   28.132371]  ? do_fb_ioctl+0x81a/0xa70
[   28.132374]  do_fb_ioctl+0x894/0xa70
[   28.132377]  ? register_framebuffer+0x8e0/0x8e0
[   28.132380]  ? __kernel_text_address+0x9/0x30
[   28.132386]  ? unwind_get_return_address+0x51/0x90
[   28.132389]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   28.132394]  ? __save_stack_trace+0xa0/0x160
[   28.132397]  ? check_preemption_disabled+0x35/0x240
[   28.132401]  ? kasan_slab_free+0x12d/0x1a0
[   28.132404]  ? kasan_slab_free+0xc3/0x1a0
[   28.132408]  ? kmem_cache_free+0x7c/0x2b0
[   28.132412]  ? putname+0xcd/0x110
[   28.132415]  ? do_sys_open+0x203/0x410
[   28.132419]  ? do_syscall_64+0x1d5/0x640
[   28.132423]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   28.132426]  ? path_lookupat+0x780/0x780
[   28.132430]  ? debug_check_no_obj_freed+0x2c0/0x680
[   28.132434]  ? lock_acquire+0x170/0x3f0
[   28.132437]  ? lock_downgrade+0x740/0x740
[   28.132441]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[   28.132444]  ? debug_check_no_obj_freed+0x2c0/0x680
[   28.132448]  fb_ioctl+0xdd/0x130
[   28.132450]  ? do_fb_ioctl+0xa70/0xa70
[   28.132453]  do_vfs_ioctl+0x75a/0xff0
[   28.132458]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[   28.132462]  ? ioctl_preallocate+0x1a0/0x1a0
[   28.132465]  ? kmem_cache_free+0x23a/0x2b0
[   28.132468]  ? putname+0xcd/0x110
[   28.132472]  ? do_sys_open+0x208/0x410
[   28.132475]  ? filp_open+0x60/0x60
[   28.132480]  ? security_file_ioctl+0x83/0xb0
[   28.132484]  SyS_ioctl+0x7f/0xb0
[   28.132486]  ? do_vfs_ioctl+0xff0/0xff0
[   28.132490]  do_syscall_64+0x1d5/0x640
[   28.132494]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   28.132498] RIP: 0033:0x7fd3a6027239
[   28.132500] RSP: 002b:00007ffe8a0162f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   28.132504] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd3a6027239
[   28.132506] RDX: 0000000000000000 RSI: 0000000000004611 RDI: 0000000000000005
[   28.132508] RBP: 00007fd3a5feb220 R08: 0000000000000000 R09: 0000000000000000
[   28.132510] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd3a5