BUG: kernel NULL pointer dereference, address: 00000000000000e0
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 10f2cf067 P4D 10f2cf067 PUD 10f22e067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP
CPU: 0 PID: 2638 Comm: syz-executor.0 Not tainted 6.5.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
RIP: 0010:ovl_encode_real_fh+0x2d/0x100 fs/overlayfs/copy_up.c:380
Code: 00 55 41 57 41 56 41 54 53 48 83 ec 10 41 89 d7 48 89 f5 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 44 24 08 41 bc 60 06 00 00 <4c> 03 a6 e0 00 00 00 48 8b 3d 25 8c 94 01 ba 98 00 00 00 be c0 0d
RSP: 0018:ffffc900028ebe00 EFLAGS: 00010286
RAX: 9afa026d61b4ba00 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888101785000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000660
R13: ffff88810010b4e8 R14: ffff888101785000 R15: 0000000000000001
FS:  00007f8d561176c0(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000000e0 CR3: 000000010f257000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 ovl_dentry_to_fid fs/overlayfs/export.c:240 [inline]
 ovl_encode_fh+0xdd/0x3f0 fs/overlayfs/export.c:275
 exportfs_encode_inode_fh fs/exportfs/expfs.c:406 [inline]
 exportfs_encode_fh+0x72/0xf0 fs/exportfs/expfs.c:437
 do_sys_name_to_handle fs/fhandle.c:52 [inline]
 __do_sys_name_to_handle_at fs/fhandle.c:116 [inline]
 __se_sys_name_to_handle_at+0x11a/0x1f0 fs/fhandle.c:98
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x41/0x90 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f8d5547cae9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f8d561170c8 EFLAGS: 00000246 ORIG_RAX: 000000000000012f
RAX: ffffffffffffffda RBX: 00007f8d5559bf80 RCX: 00007f8d5547cae9
RDX: 0000000020000300 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 00007f8d554c847a R08: 0000000000001600 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000006 R14: 00007f8d5559bf80 R15: 00007ffd4929f008
 </TASK>
Modules linked in:
CR2: 00000000000000e0
---[ end trace 0000000000000000 ]---
RIP: 0010:ovl_encode_real_fh+0x2d/0x100 fs/overlayfs/copy_up.c:380
Code: 00 55 41 57 41 56 41 54 53 48 83 ec 10 41 89 d7 48 89 f5 49 89 fe 65 48 8b 04 25 28 00 00 00 48 89 44 24 08 41 bc 60 06 00 00 <4c> 03 a6 e0 00 00 00 48 8b 3d 25 8c 94 01 ba 98 00 00 00 be c0 0d
RSP: 0018:ffffc900028ebe00 EFLAGS: 00010286
RAX: 9afa026d61b4ba00 RBX: 0000000000000000 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888101785000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000660
R13: ffff88810010b4e8 R14: ffff888101785000 R15: 0000000000000001
FS:  00007f8d561176c0(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000000e0 CR3: 000000010f257000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	00 55 41             	add    %dl,0x41(%rbp)
   3:	57                   	push   %rdi
   4:	41 56                	push   %r14
   6:	41 54                	push   %r12
   8:	53                   	push   %rbx
   9:	48 83 ec 10          	sub    $0x10,%rsp
   d:	41 89 d7             	mov    %edx,%r15d
  10:	48 89 f5             	mov    %rsi,%rbp
  13:	49 89 fe             	mov    %rdi,%r14
  16:	65 48 8b 04 25 28 00 	mov    %gs:0x28,%rax
  1d:	00 00
  1f:	48 89 44 24 08       	mov    %rax,0x8(%rsp)
  24:	41 bc 60 06 00 00    	mov    $0x660,%r12d
* 2a:	4c 03 a6 e0 00 00 00 	add    0xe0(%rsi),%r12 <-- trapping instruction
  31:	48 8b 3d 25 8c 94 01 	mov    0x1948c25(%rip),%rdi        # 0x1948c5d
  38:	ba 98 00 00 00       	mov    $0x98,%edx
  3d:	be                   	.byte 0xbe
  3e:	c0                   	.byte 0xc0
  3f:	0d                   	.byte 0xd