program:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = dup(r0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r1, 0x2c9ab000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x409, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x4}}}]}, 0x3c}}, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil})

[   74.913831][ T4686] Bluetooth: hci0: command tx timeout
[   74.990433][ T5339] 
[   74.991506][ T5339] ======================================================
[   74.994383][ T5339] WARNING: possible circular locking dependency detected
[   74.997362][ T5339] syzkaller #0 Not tainted
[   74.999437][ T5339] ------------------------------------------------------
[   75.002509][ T5339] syz.0.0/5339 is trying to acquire lock:
[   75.005004][ T5339] ffff888031f69ea8 (&sb->s_type->i_mutex_key#10){++++}-{4:4}, at: blkdev_read_iter+0x2f8/0x440
[   75.009763][ T5339] 
[   75.009763][ T5339] but task is already holding lock:
[   75.012778][ T5339] ffff888041cf1588 (vm_lock){++++}-{0:0}, at: lock_next_vma+0x129/0xe60
[   75.016117][ T5339] 
[   75.016117][ T5339] which lock already depends on the new lock.
[   75.016117][ T5339] 
[   75.020159][ T5339] 
[   75.020159][ T5339] the existing dependency chain (in reverse order) is:
[   75.023853][ T5339] 
[   75.023853][ T5339] -> #2 (vm_lock){++++}-{0:0}:
[   75.027153][ T5339]        __vma_enter_locked+0x243/0x710
[   75.029649][ T5339]        __vma_start_write+0x23/0x140
[   75.031995][ T5339]        mprotect_fixup+0x5e1/0xa50
[   75.034358][ T5339]        setup_arg_pages+0x565/0xae0
[   75.036355][ T5339]        load_elf_binary+0xc5e/0x2980
[   75.038615][ T5339]        bprm_execve+0x93d/0x1410
[   75.040671][ T5339]        kernel_execve+0x8ef/0x9e0
[   75.042781][ T5339]        try_to_run_init_process+0x13/0x60
[   75.045128][ T5339]        kernel_init+0xad/0x1d0
[   75.047045][ T5339]        ret_from_fork+0x51b/0xa40
[   75.049065][ T5339]        ret_from_fork_asm+0x1a/0x30
[   75.051401][ T5339] 
[   75.051401][ T5339] -> #1 (&mm->mmap_lock){++++}-{4:4}:
[   75.054668][ T5339]        __might_fault+0xcb/0x130
[   75.056812][ T5339]        _copy_to_iter+0xf9/0x17d0
[   75.058977][ T5339]        copy_page_to_iter+0x10c/0x1c0
[   75.061427][ T5339]        filemap_read+0x811/0x1230
[   75.063800][ T5339]        blkdev_read_iter+0x30a/0x440
[   75.066231][ T5339]        vfs_read+0x582/0xa70
[   75.068418][ T5339]        ksys_read+0x150/0x270
[   75.070486][ T5339]        do_syscall_64+0xe2/0xf80
[   75.072758][ T5339]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.075576][ T5339] 
[   75.075576][ T5339] -> #0 (&sb->s_type->i_mutex_key#10){++++}-{4:4}:
[   75.079325][ T5339]        __lock_acquire+0x15a5/0x2cf0
[   75.081622][ T5339]        lock_acquire+0x106/0x330
[   75.083721][ T5339]        down_read+0x47/0x2e0
[   75.085669][ T5339]        blkdev_read_iter+0x2f8/0x440
[   75.087756][ T5339]        __kernel_read+0x504/0x9b0
[   75.089907][ T5339]        freader_fetch+0x1cb/0xa00
[   75.091964][ T5339]        __build_id_parse+0x168/0x870
[   75.094179][ T5339]        procfs_procmap_ioctl+0x7ae/0xd50
[   75.096615][ T5339]        __se_sys_ioctl+0xfc/0x170
[   75.098846][ T5339]        do_syscall_64+0xe2/0xf80
[   75.101077][ T5339]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.104059][ T5339] 
[   75.104059][ T5339] other info that might help us debug this:
[   75.104059][ T5339] 
[   75.108574][ T5339] Chain exists of:
[   75.108574][ T5339]   &sb->s_type->i_mutex_key#10 --> &mm->mmap_lock --> vm_lock
[   75.108574][ T5339] 
[   75.114472][ T5339]  Possible unsafe locking scenario:
[   75.114472][ T5339] 
[   75.117722][ T5339]        CPU0                    CPU1
[   75.119828][ T5339]        ----                    ----
[   75.122060][ T5339]   rlock(vm_lock);
[   75.123831][ T5339]                                lock(&mm->mmap_lock);
[   75.126869][ T5339]                                lock(vm_lock);
[   75.129612][ T5339]   rlock(&sb->s_type->i_mutex_key#10);
[   75.132001][ T5339] 
[   75.132001][ T5339]  *** DEADLOCK ***
[   75.132001][ T5339] 
[   75.135307][ T5339] 1 lock held by syz.0.0/5339:
[   75.137506][ T5339]  #0: ffff888041cf1588 (vm_lock){++++}-{0:0}, at: lock_next_vma+0x129/0xe60
[   75.141299][ T5339] 
[   75.141299][ T5339] stack backtrace:
[   75.143764][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.143775][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   75.143781][ T5339] Call Trace:
[   75.143787][ T5339]  <TASK>
[   75.143791][ T5339]  dump_stack_lvl+0xe8/0x150
[   75.143804][ T5339]  print_circular_bug+0x2e1/0x300
[   75.143816][ T5339]  check_noncircular+0x12e/0x150
[   75.143826][ T5339]  __lock_acquire+0x15a5/0x2cf0
[   75.143836][ T5339]  ? is_bpf_text_address+0x26/0x2b0
[   75.143847][ T5339]  ? look_up_lock_class+0x57/0x110
[   75.143858][ T5339]  ? blkdev_read_iter+0x2f8/0x440
[   75.143865][ T5339]  lock_acquire+0x106/0x330
[   75.143871][ T5339]  ? blkdev_read_iter+0x2f8/0x440
[   75.143880][ T5339]  down_read+0x47/0x2e0
[   75.143888][ T5339]  ? blkdev_read_iter+0x2f8/0x440
[   75.143895][ T5339]  ? blkdev_read_iter+0x177/0x440
[   75.143903][ T5339]  blkdev_read_iter+0x2f8/0x440
[   75.143911][ T5339]  __kernel_read+0x504/0x9b0
[   75.143921][ T5339]  ? __pfx___kernel_read+0x10/0x10
[   75.143932][ T5339]  ? __lock_acquire+0x6b5/0x2cf0
[   75.143940][ T5339]  ? mas_find+0xa7d/0xd30
[   75.143950][ T5339]  freader_fetch+0x1cb/0xa00
[   75.143960][ T5339]  ? reacquire_held_locks+0x104/0x190
[   75.143968][ T5339]  ? lock_next_vma+0x129/0xe60
[   75.143978][ T5339]  ? __pfx_freader_fetch+0x10/0x10
[   75.143987][ T5339]  __build_id_parse+0x168/0x870
[   75.143996][ T5339]  ? __pfx___build_id_parse+0x10/0x10
[   75.144008][ T5339]  procfs_procmap_ioctl+0x7ae/0xd50
[   75.144019][ T5339]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[   75.144028][ T5339]  ? __fget_files+0x2a/0x420
[   75.144035][ T5339]  ? __fget_files+0x2a/0x420
[   75.144041][ T5339]  ? __fget_files+0x3a0/0x420
[   75.144047][ T5339]  ? __fget_files+0x2a/0x420
[   75.144053][ T5339]  ? bpf_lsm_file_ioctl+0x9/0x20
[   75.144060][ T5339]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[   75.144067][ T5339]  __se_sys_ioctl+0xfc/0x170
[   75.144076][ T5339]  do_syscall_64+0xe2/0xf80
[   75.144085][ T5339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.144091][ T5339]  ? trace_irq_disable+0x37/0x100
[   75.144099][ T5339]  ? clear_bhb_loop+0x60/0xb0
[   75.144106][ T5339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.144112][ T5339] RIP: 0033:0x7f5340b9acb9
[   75.144121][ T5339] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   75.144126][ T5339] RSP: 002b:00007f5341a7b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   75.144135][ T5339] RAX: ffffffffffffffda RBX: 00007f5340e15fa0 RCX: 00007f5340b9acb9
[   75.144139][ T5339] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000008
[   75.144144][ T5339] RBP: 00007f5340c08bf7 R08: 0000000000000000 R09: 0000000000000000
[   75.144147][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.144151][ T5339] R13: 00007f5340e16038 R14: 00007f5340e15fa0 R15: 00007fff3f2b3da8
[   75.144158][ T5339]  </TASK>