BUG: kernel NULL pointer dereference, address: 0000000000000010
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0 
Oops: Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 1 UID: 0 PID: 4328 Comm: syz.2.15 Not tainted 6.12.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:bpf_prog_array_delete_safe+0x4/0x40 kernel/bpf/core.c:2582
Code: ff ff ff 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 <48> 8b 47 10 48 85 c0 74 15 48 83 c7 28 48 39 f0 74 11 48 8b 07 48
RSP: 0018:ffffc90001563c90 EFLAGS: 00010282
RAX: 00000000fffffffe RBX: ffff888102bf8000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffc90000f4d000 RDI: 0000000000000000
RBP: ffff888102bf8250 R08: ffffc90001563c98 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888102bf8000
R13: 0000000000000000 R14: 0000000000000000 R15: ffff88817a69c000
FS:  0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000010 CR3: 0000000003ebe000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 perf_event_detach_bpf_prog+0x84/0xd0 kernel/trace/bpf_trace.c:2220
 perf_event_free_bpf_prog kernel/events/core.c:10744 [inline]
 _free_event+0x36a/0x590 kernel/events/core.c:5352
 put_event kernel/events/core.c:5454 [inline]
 perf_event_release_kernel+0x2b1/0x2e0 kernel/events/core.c:5579
 perf_release+0xd/0x20 kernel/events/core.c:5589
 __fput+0x86/0x2a0 fs/file_table.c:431
 task_work_run+0x82/0xb0 kernel/task_work.c:239
 exit_task_work include/linux/task_work.h:43 [inline]
 do_exit+0x288/0xb30 kernel/exit.c:939
 do_group_exit+0x86/0xa0 kernel/exit.c:1088
 get_signal+0x715/0x7c0 kernel/signal.c:2917
 arch_do_signal_or_restart+0x89/0x2b0 arch/x86/kernel/signal.c:337
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 irqentry_exit_to_user_mode+0x48/0x160 kernel/entry/common.c:231
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f31fc97ff21
Code: Unable to access opcode bytes at 0x7f31fc97fef7.
RSP: 002b:fffffffffffffd70 EFLAGS: 00010217
RAX: 0000000000000000 RBX: 00007f31fcb45fa0 RCX: 00007f31fc97ff19
RDX: 0000000000000000 RSI: fffffffffffffd70 RDI: 0000000000184000
RBP: 00007f31fc9f3986 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f31fcb45fa0 R15: 00007ffc4c49f718
 </TASK>
Modules linked in:
CR2: 0000000000000010
---[ end trace 0000000000000000 ]---
RIP: 0010:bpf_prog_array_delete_safe+0x4/0x40 kernel/bpf/core.c:2582
Code: ff ff ff 5b 41 5c 41 5e 41 5f 5d c3 cc cc cc cc 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 <48> 8b 47 10 48 85 c0 74 15 48 83 c7 28 48 39 f0 74 11 48 8b 07 48
RSP: 0018:ffffc90001563c90 EFLAGS: 00010282
RAX: 00000000fffffffe RBX: ffff888102bf8000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffc90000f4d000 RDI: 0000000000000000
RBP: ffff888102bf8250 R08: ffffc90001563c98 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888102bf8000
R13: 0000000000000000 R14: 0000000000000000 R15: ffff88817a69c000
FS:  0000000000000000(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000010 CR3: 0000000003ebe000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	ff 5b 41             	lcall  *0x41(%rbx)
   3:	5c                   	pop    %rsp
   4:	41 5e                	pop    %r14
   6:	41 5f                	pop    %r15
   8:	5d                   	pop    %rbp
   9:	c3                   	ret
   a:	cc                   	int3
   b:	cc                   	int3
   c:	cc                   	int3
   d:	cc                   	int3
   e:	66 0f 1f 44 00 00    	nopw   0x0(%rax,%rax,1)
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	90                   	nop
  19:	90                   	nop
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	90                   	nop
  22:	90                   	nop
  23:	90                   	nop
  24:	66 0f 1f 00          	nopw   (%rax)
* 28:	48 8b 47 10          	mov    0x10(%rdi),%rax <-- trapping instruction
  2c:	48 85 c0             	test   %rax,%rax
  2f:	74 15                	je     0x46
  31:	48 83 c7 28          	add    $0x28,%rdi
  35:	48 39 f0             	cmp    %rsi,%rax
  38:	74 11                	je     0x4b
  3a:	48 8b 07             	mov    (%rdi),%rax
  3d:	48                   	rex.W