mTLS is an established protocol and the SSL error you mention is expected. The peers communicating using mTLS need to use certificates which are signed by a self-issued root certificate, meaning such networks are not available for public access and usual one way TLS connections are not allowed. So it is meaningless to implement a fallback since it completely invalidates the mTLS processes.

the fallback option to a simple website can avoid active detection. while dropping connection is itself a fingerprint for GFW to put this website in the gray/black list

This is absurd, regarding the diagram you have sent, the server asks for certificate from client (which tells the client that the protocol being used is mTLS and not TLS) whereas in normal TLS no such operation is performed. By simply accepting the GFW's invalid certificate and serving a webpage you are practically violating the protocol you are advertising to conform to and this is a much severer footprint than correctly rejecting the GFW's invalid certificate.