EC2 instances cannot reach IPv4 in dualstack VPC

I'm having trouble reaching IPv4 addresses from a dualstack VPC. I've created a new VPC and assigned both IPv4 and IPv6 CIDRs. The route table is as follows:

Launched a new EC2 instance and assigned a IPv6 address but not IPv4 public address. I'm ABLE to:

• ping the instance's IPv6 from the Internet as expected
• SSH into the instance from the Internet using IPv6 as expected

But, I'm UNABLE to, from within the instance:

• ping any public IPv4 address
• ping any local IPv4 address except the gateway (10.1.0.1)
• reach any Internet service that don't has a IPv6 address, e.g., github.com

For example, from within the instance:

$ curl -I -v https://github.com
* Host github.com:443 was resolved.
* IPv6: (none)
* IPv4: 140.82.114.3
*   Trying 140.82.114.3:443...
* connect to 140.82.114.3 port 443 from 10.1.0.106 port 58642 failed: Connection timed out
* Failed to connect to github.com port 443 after 134937 ms: Couldn't connect to server
* Closing connection
curl: (28) Failed to connect to github.com port 443 after 134937 ms: Couldn't connect to server

$ curl -I -v https://google.com
* Host google.com:443 was resolved.
* IPv6: 2607:f8b0:4004:c1f::65, 2607:f8b0:4004:c1f::66, 2607:f8b0:4004:c1f::8a, 2607:f8b0:4004:c1f::64
* IPv4: 172.253.63.139, 172.253.63.138, 172.253.63.101, 172.253.63.113, 172.253.63.100, 172.253.63.102
*   Trying [2607:f8b0:4004:c1f::65]:443...
* Connected to google.com (2607:f8b0:4004:c1f::65) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=*.google.com
*  start date: Jun  2 08:35:30 2025 GMT
*  expire date: Aug 25 08:35:29 2025 GMT
*  subjectAltName: host "google.com" matched cert's "google.com"
*  issuer: C=US; O=Google Trust Services; CN=WR2
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha384WithRSAEncryption
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://google.com/
* [HTTP/2] [1] [:method: HEAD]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: google.com]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
> HEAD / HTTP/2
> Host: google.com
> User-Agent: curl/8.5.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 301
HTTP/2 301
< location: https://www.google.com/
location: https://www.google.com/
< content-type: text/html; charset=UTF-8
content-type: text/html; charset=UTF-8
< content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-mVD6EMgJCUlgrK64XUwcew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-mVD6EMgJCUlgrK64XUwcew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
< date: Sun, 22 Jun 2025 14:46:39 GMT
date: Sun, 22 Jun 2025 14:46:39 GMT
< expires: Tue, 22 Jul 2025 14:46:39 GMT
expires: Tue, 22 Jul 2025 14:46:39 GMT
< cache-control: public, max-age=2592000
cache-control: public, max-age=2592000
< server: gws
server: gws
< content-length: 220
content-length: 220
< x-xss-protection: 0
x-xss-protection: 0
< x-frame-options: SAMEORIGIN
x-frame-options: SAMEORIGIN
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

<
* Connection #0 to host google.com left intact

As far as I know, the VPC setup is correct. Could it be some OS routing configuration? I've tried Amazon LInux 2023 and Ubuntu 24.04 with exactly the same results.