BUG: unable to handle page fault for address: ffffffffffffffff
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 6010067 P4D 6010067 PUD 6012067 PMD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 14 Comm: ksoftirqd/0 Not tainted 5.18.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:dst_dev_put+0x36/0x1c0 net/core/dst.c:154
Code: 53 49 89 ff 49 bc 00 00 00 00 00 fc ff df e8 d1 c0 99 fd 4d 89 fd 49 c1 ed 03 43 80 7c 25 00 00 74 08 4c 89 ff e8 3a 7f d8 fd <4d> 8b 37 49 8d 7f 3a 48 89 f8 48 c1 e8 03 42 8a 04 20 84 c0 0f 85
RSP: 0018:ffffc900000e7a18 EFLAGS: 00010246
RAX: ffffffff83d6b70f RBX: ffffffffffffffff RCX: ffff888100252180
RDX: 0000000080000100 RSI: 0000000000000000 RDI: ffffffffffffffff
RBP: ffffc900000e7a40 R08: ffffffff842412bd R09: ffffed103ee46f19
R10: ffffed103ee46f19 R11: 1ffff1103ee46f18 R12: dffffc0000000000
R13: 1fffffffffffffff R14: 0000607e08a40088 R15: ffffffffffffffff
FS:  0000000000000000(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffff CR3: 000000012055d000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 rt_fibinfo_free_cpus+0xee/0x1c0 net/ipv4/fib_semantics.c:205
 fib_nh_common_release+0x8d/0x240 net/ipv4/fib_semantics.c:216
 fib_nh_release net/ipv4/fib_semantics.c:228 [inline]
 free_fib_info_rcu+0x98/0x190 net/ipv4/fib_semantics.c:240
 rcu_do_batch+0x507/0xbc0 kernel/rcu/tree.c:2535
 rcu_core+0x4dc/0xef0 kernel/rcu/tree.c:2786
 rcu_core_si+0x9/0x10 kernel/rcu/tree.c:2803
 __do_softirq+0x24e/0x586 kernel/softirq.c:558
 run_ksoftirqd+0x23/0x30 kernel/softirq.c:921
 smpboot_thread_fn+0x4db/0x980 kernel/smpboot.c:164
 kthread+0x26b/0x300 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30
 </TASK>
Modules linked in:
CR2: ffffffffffffffff
---[ end trace 0000000000000000 ]---
RIP: 0010:dst_dev_put+0x36/0x1c0 net/core/dst.c:154
Code: 53 49 89 ff 49 bc 00 00 00 00 00 fc ff df e8 d1 c0 99 fd 4d 89 fd 49 c1 ed 03 43 80 7c 25 00 00 74 08 4c 89 ff e8 3a 7f d8 fd <4d> 8b 37 49 8d 7f 3a 48 89 f8 48 c1 e8 03 42 8a 04 20 84 c0 0f 85
RSP: 0018:ffffc900000e7a18 EFLAGS: 00010246
RAX: ffffffff83d6b70f RBX: ffffffffffffffff RCX: ffff888100252180
RDX: 0000000080000100 RSI: 0000000000000000 RDI: ffffffffffffffff
RBP: ffffc900000e7a40 R08: ffffffff842412bd R09: ffffed103ee46f19
R10: ffffed103ee46f19 R11: 1ffff1103ee46f18 R12: dffffc0000000000
R13: 1fffffffffffffff R14: 0000607e08a40088 R15: ffffffffffffffff
FS:  0000000000000000(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffff CR3: 000000012055d000 CR4: 00000000003506b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	53                   	push   %rbx
   1:	49 89 ff             	mov    %rdi,%r15
   4:	49 bc 00 00 00 00 00 	movabs $0xdffffc0000000000,%r12
   b:	fc ff df
   e:	e8 d1 c0 99 fd       	callq  0xfd99c0e4
  13:	4d 89 fd             	mov    %r15,%r13
  16:	49 c1 ed 03          	shr    $0x3,%r13
  1a:	43 80 7c 25 00 00    	cmpb   $0x0,0x0(%r13,%r12,1)
  20:	74 08                	je     0x2a
  22:	4c 89 ff             	mov    %r15,%rdi
  25:	e8 3a 7f d8 fd       	callq  0xfdd87f64
* 2a:	4d 8b 37             	mov    (%r15),%r14 <-- trapping instruction
  2d:	49 8d 7f 3a          	lea    0x3a(%r15),%rdi
  31:	48 89 f8             	mov    %rdi,%rax
  34:	48 c1 e8 03          	shr    $0x3,%rax
  38:	42 8a 04 20          	mov    (%rax,%r12,1),%al
  3c:	84 c0                	test   %al,%al
  3e:	0f                   	.byte 0xf
  3f:	85                   	.byte 0x85