BUG: unable to handle page fault for address: ffffffffffffffff
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD ba8f067 
P4D ba8f067 
PUD ba91067 
PMD 0 

Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 21 Comm: ksoftirqd/1 Not tainted 5.18.0-rc6-syzkaller-00009-gfeb9c5e19e91-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:dst_dev_put+0x30/0x320 net/core/dst.c:154
Code: fe 41 55 41 54 55 e8 bf 78 2b fa 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 dc 02 00 00 49 8d 7e 3a <4d> 8b 26 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6
RSP: 0018:ffffc900001b7c88 EFLAGS: 00010246

RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: 0000000000000100
RDX: 1fffffffffffffff RSI: ffffffff874dc821 RDI: 0000000000000039
RBP: 0000000000000000 R08: 0000000000000001 R09: ffffe8ffffc9571f
R10: fffff91ffff92ae3 R11: 0000000000000000 R12: 0000000000000003
R13: ffff88807ac008a8 R14: ffffffffffffffff R15: ffffffffffffffff
FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffff CR3: 000000006b914000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 fib6_nh_release_dsts.part.0+0xf8/0x160 net/ipv6/route.c:3672
 fib6_nh_release_dsts net/ipv6/route.c:3663 [inline]
 fib6_nh_release+0x11a/0x240 net/ipv6/route.c:3653
 fib6_info_destroy_rcu+0x187/0x210 net/ipv6/ip6_fib.c:176
 rcu_do_batch kernel/rcu/tree.c:2535 [inline]
 rcu_core+0x7b1/0x1880 kernel/rcu/tree.c:2786
 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
 run_ksoftirqd kernel/softirq.c:921 [inline]
 run_ksoftirqd+0x2d/0x60 kernel/softirq.c:913
 smpboot_thread_fn+0x645/0x9c0 kernel/smpboot.c:164
 kthread+0x2e9/0x3a0 kernel/kthread.c:376
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298
 </TASK>
Modules linked in:
CR2: ffffffffffffffff
---[ end trace 0000000000000000 ]---
RIP: 0010:dst_dev_put+0x30/0x320 net/core/dst.c:154
Code: fe 41 55 41 54 55 e8 bf 78 2b fa 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 dc 02 00 00 49 8d 7e 3a <4d> 8b 26 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6
RSP: 0018:ffffc900001b7c88 EFLAGS: 00010246

RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: 0000000000000100
RDX: 1fffffffffffffff RSI: ffffffff874dc821 RDI: 0000000000000039
RBP: 0000000000000000 R08: 0000000000000001 R09: ffffe8ffffc9571f
R10: fffff91ffff92ae3 R11: 0000000000000000 R12: 0000000000000003
R13: ffff88807ac008a8 R14: ffffffffffffffff R15: ffffffffffffffff
FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffff CR3: 000000006b914000 CR4: 00000000003506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	fe 41 55             	incb   0x55(%rcx)
   3:	41 54                	push   %r12
   5:	55                   	push   %rbp
   6:	e8 bf 78 2b fa       	callq  0xfa2b78ca
   b:	4c 89 f2             	mov    %r14,%rdx
   e:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  15:	fc ff df
  18:	48 c1 ea 03          	shr    $0x3,%rdx
  1c:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
  20:	0f 85 dc 02 00 00    	jne    0x302
  26:	49 8d 7e 3a          	lea    0x3a(%r14),%rdi
* 2a:	4d 8b 26             	mov    (%r14),%r12 <-- trapping instruction
  2d:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  34:	fc ff df
  37:	48 89 fa             	mov    %rdi,%rdx
  3a:	48 c1 ea 03          	shr    $0x3,%rdx
  3e:	0f                   	.byte 0xf
  3f:	b6                   	.byte 0xb6