program:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = dup(r0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r1, 0x2c9ab000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x409, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x4}}}]}, 0x3c}}, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil})

[   85.281114][   T46] Bluetooth: hci0: command tx timeout
[   85.423909][ T5342] 
[   85.425144][ T5342] ======================================================
[   85.428622][ T5342] WARNING: possible circular locking dependency detected
[   85.431759][ T5342] syzkaller #0 Not tainted
[   85.433748][ T5342] ------------------------------------------------------
[   85.437016][ T5342] syz.0.0/5342 is trying to acquire lock:
[   85.439456][ T5342] ffff888032371ea8 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_read_iter+0x2f8/0x440
[   85.443974][ T5342] 
[   85.443974][ T5342] but task is already holding lock:
[   85.447141][ T5342] ffff8880115506c8 (vm_lock){++++}-{0:0}, at: lock_next_vma+0x129/0xe60
[   85.450888][ T5342] 
[   85.450888][ T5342] which lock already depends on the new lock.
[   85.450888][ T5342] 
[   85.455561][ T5342] 
[   85.455561][ T5342] the existing dependency chain (in reverse order) is:
[   85.459588][ T5342] 
[   85.459588][ T5342] -> #2 (vm_lock){++++}-{0:0}:
[   85.462639][ T5342]        __vma_enter_locked+0x243/0x710
[   85.465097][ T5342]        __vma_start_write+0x23/0x140
[   85.467511][ T5342]        mprotect_fixup+0x5e1/0xa50
[   85.469841][ T5342]        setup_arg_pages+0x565/0xae0
[   85.472220][ T5342]        load_elf_binary+0xc5e/0x2980
[   85.474812][ T5342]        bprm_execve+0x93d/0x1410
[   85.477048][ T5342]        kernel_execve+0x8ef/0x9e0
[   85.479172][ T5342]        try_to_run_init_process+0x13/0x60
[   85.481583][ T5342]        kernel_init+0xad/0x1d0
[   85.483808][ T5342]        ret_from_fork+0x51b/0xa40
[   85.486168][ T5342]        ret_from_fork_asm+0x1a/0x30
[   85.488191][ T5342] 
[   85.488191][ T5342] -> #1 (&mm->mmap_lock){++++}-{4:4}:
[   85.491021][ T5342]        __might_fault+0xcb/0x130
[   85.492906][ T5342]        _copy_to_iter+0xf9/0x17d0
[   85.495482][ T5342]        copy_page_to_iter+0x10c/0x1c0
[   85.498215][ T5342]        filemap_read+0x811/0x1230
[   85.500544][ T5342]        blkdev_read_iter+0x30a/0x440
[   85.503027][ T5342]        vfs_read+0x582/0xa70
[   85.505188][ T5342]        ksys_read+0x150/0x270
[   85.507316][ T5342]        do_syscall_64+0xe2/0xf80
[   85.509483][ T5342]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.512366][ T5342] 
[   85.512366][ T5342] -> #0 (&sb->s_type->i_mutex_key#10){++++}-{4:4}:
[   85.516038][ T5342]        __lock_acquire+0x15a5/0x2cf0
[   85.518437][ T5342]        lock_acquire+0x106/0x330
[   85.520726][ T5342]        down_read+0x47/0x2e0
[   85.522783][ T5342]        blkdev_read_iter+0x2f8/0x440
[   85.525251][ T5342]        __kernel_read+0x504/0x9b0
[   85.527663][ T5342]        freader_fetch+0x1cb/0xa00
[   85.530047][ T5342]        __build_id_parse+0x168/0x870
[   85.532483][ T5342]        procfs_procmap_ioctl+0x7ae/0xd50
[   85.535155][ T5342]        __se_sys_ioctl+0xfc/0x170
[   85.537522][ T5342]        do_syscall_64+0xe2/0xf80
[   85.539858][ T5342]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.542766][ T5342] 
[   85.542766][ T5342] other info that might help us debug this:
[   85.542766][ T5342] 
[   85.547386][ T5342] Chain exists of:
[   85.547386][ T5342]   &sb->s_type->i_mutex_key#10 --> &mm->mmap_lock --> vm_lock
[   85.547386][ T5342] 
[   85.553293][ T5342]  Possible unsafe locking scenario:
[   85.553293][ T5342] 
[   85.556735][ T5342]        CPU0                    CPU1
[   85.559244][ T5342]        ----                    ----
[   85.561748][ T5342]   rlock(vm_lock);
[   85.563394][ T5342]                                lock(&mm->mmap_lock);
[   85.566103][ T5342]                                lock(vm_lock);
[   85.568664][ T5342]   rlock(&sb->s_type->i_mutex_key#10);
[   85.570972][ T5342] 
[   85.570972][ T5342]  *** DEADLOCK ***
[   85.570972][ T5342] 
[   85.574371][ T5342] 1 lock held by syz.0.0/5342:
[   85.576393][ T5342]  #0: ffff8880115506c8 (vm_lock){++++}-{0:0}, at: lock_next_vma+0x129/0xe60
[   85.580301][ T5342] 
[   85.580301][ T5342] stack backtrace:
[   85.582946][ T5342] CPU: 0 UID: 0 PID: 5342 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.582961][ T5342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.582968][ T5342] Call Trace:
[   85.582976][ T5342]  <TASK>
[   85.582982][ T5342]  dump_stack_lvl+0xe8/0x150
[   85.583002][ T5342]  print_circular_bug+0x2e1/0x300
[   85.583019][ T5342]  check_noncircular+0x12e/0x150
[   85.583033][ T5342]  __lock_acquire+0x15a5/0x2cf0
[   85.583049][ T5342]  ? is_bpf_text_address+0x26/0x2b0
[   85.583067][ T5342]  ? look_up_lock_class+0x57/0x110
[   85.583083][ T5342]  ? blkdev_read_iter+0x2f8/0x440
[   85.583094][ T5342]  lock_acquire+0x106/0x330
[   85.583103][ T5342]  ? blkdev_read_iter+0x2f8/0x440
[   85.583118][ T5342]  down_read+0x47/0x2e0
[   85.583134][ T5342]  ? blkdev_read_iter+0x2f8/0x440
[   85.583145][ T5342]  ? blkdev_read_iter+0x177/0x440
[   85.583158][ T5342]  blkdev_read_iter+0x2f8/0x440
[   85.583172][ T5342]  __kernel_read+0x504/0x9b0
[   85.583189][ T5342]  ? __pfx___kernel_read+0x10/0x10
[   85.583207][ T5342]  ? __lock_acquire+0x6b5/0x2cf0
[   85.583219][ T5342]  ? mas_find+0xa7d/0xd30
[   85.583233][ T5342]  freader_fetch+0x1cb/0xa00
[   85.583246][ T5342]  ? reacquire_held_locks+0x104/0x190
[   85.583257][ T5342]  ? lock_next_vma+0x129/0xe60
[   85.583270][ T5342]  ? __pfx_freader_fetch+0x10/0x10
[   85.583284][ T5342]  __build_id_parse+0x168/0x870
[   85.583296][ T5342]  ? __pfx___build_id_parse+0x10/0x10
[   85.583312][ T5342]  procfs_procmap_ioctl+0x7ae/0xd50
[   85.583327][ T5342]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[   85.583341][ T5342]  ? __fget_files+0x2a/0x420
[   85.583352][ T5342]  ? __fget_files+0x2a/0x420
[   85.583363][ T5342]  ? __fget_files+0x3a0/0x420
[   85.583373][ T5342]  ? __fget_files+0x2a/0x420
[   85.583383][ T5342]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.583392][ T5342]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[   85.583404][ T5342]  __se_sys_ioctl+0xfc/0x170
[   85.583420][ T5342]  do_syscall_64+0xe2/0xf80
[   85.583442][ T5342]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.583452][ T5342]  ? trace_irq_disable+0x37/0x100
[   85.583467][ T5342]  ? clear_bhb_loop+0x60/0xb0
[   85.583478][ T5342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.583488][ T5342] RIP: 0033:0x7f5baed9acb9
[   85.583500][ T5342] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.583511][ T5342] RSP: 002b:00007f5bafb7e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.583524][ T5342] RAX: ffffffffffffffda RBX: 00007f5baf015fa0 RCX: 00007f5baed9acb9
[   85.583534][ T5342] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000008
[   85.583542][ T5342] RBP: 00007f5baee08bf7 R08: 0000000000000000 R09: 0000000000000000
[   85.583549][ T5342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.583555][ T5342] R13: 00007f5baf016038 R14: 00007f5baf015fa0 R15: 00007ffd71e8a988
[   85.583567][ T5342]  </TASK>