RBP: 00007fb1d483f090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fb1d4c26038 R14: 00007fb1d4c25fa0 R15: 00007ffd240913d8
 </TASK>
Oops: divide error: 0000 [#1] SMP PTI
CPU: 0 UID: 0 PID: 4366 Comm: syz.2.17 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:__tcp_select_window+0x386/0x660 net/ipv4/tcp_output.c:3333
Code: 0c b8 ff ff ff ff 44 89 e9 d3 e0 89 c1 f7 d1 41 01 cc 41 21 c4 e9 83 00 00 00 e8 55 bd 97 fe eb 79 e8 4e bd 97 fe 44 89 e0 99 <f7> fd 41 29 d4 eb 6c e8 3e bd 97 fe eb 65 e8 37 bd 97 fe 44 8b 64
RSP: 0018:ffffc90001c4bb00 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88810ab8b700
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffc90001c4bbd0 R09: 0000000000000053
R10: 0000000000000000 R11: ffffffff81378d10 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007fb1d483f6c0(0000) GS:ffff8882b28e9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000180 CR3: 000000010b3b2000 CR4: 00000000003506f0
Call Trace:
 <TASK>
 tcp_select_window net/ipv4/tcp_output.c:280 [inline]
 __tcp_transmit_skb+0x543/0x12a0 net/ipv4/tcp_output.c:1565
 tcp_transmit_skb net/ipv4/tcp_output.c:1646 [inline]
 tcp_send_active_reset+0x172/0x2b0 net/ipv4/tcp_output.c:3828
 mptcp_do_fastclose+0x114/0x150 net/mptcp/protocol.c:2790
 mptcp_disconnect+0x102/0x210 net/mptcp/protocol.c:3250
 mptcp_sendmsg_fastopen+0x15b/0x1e0 net/mptcp/protocol.c:1773
 mptcp_sendmsg+0x95d/0xa30 net/mptcp/protocol.c:1852
 sock_sendmsg_nosec net/socket.c:727 [inline]
 __sock_sendmsg+0x59/0xf0 net/socket.c:742
 __sys_sendto+0x2fd/0x3d0 net/socket.c:2244
 __do_sys_sendto net/socket.c:2251 [inline]
 __se_sys_sendto net/socket.c:2247 [inline]
 __x64_sys_sendto+0x28/0x40 net/socket.c:2247
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x8f/0x250 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb1d49cf749
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fb1d483f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 00007fb1d4c25fa0 RCX: 00007fb1d49cf749
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 00007fb1d483f090 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
R13: 00007fb1d4c26038 R14: 00007fb1d4c25fa0 R15: 00007ffd240913d8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__tcp_select_window+0x386/0x660 net/ipv4/tcp_output.c:3333
Code: 0c b8 ff ff ff ff 44 89 e9 d3 e0 89 c1 f7 d1 41 01 cc 41 21 c4 e9 83 00 00 00 e8 55 bd 97 fe eb 79 e8 4e bd 97 fe 44 89 e0 99 <f7> fd 41 29 d4 eb 6c e8 3e bd 97 fe eb 65 e8 37 bd 97 fe 44 8b 64
RSP: 0018:ffffc90001c4bb00 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88810ab8b700
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffc90001c4bbd0 R09: 0000000000000053
R10: 0000000000000000 R11: ffffffff81378d10 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  00007fb1d483f6c0(0000) GS:ffff8882b28e9000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000000180 CR3: 000000010b3b2000 CR4: 00000000003506f0
----------------
Code disassembly (best guess), 1 bytes skipped:
   0:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
   5:	44 89 e9             	mov    %r13d,%ecx
   8:	d3 e0                	shl    %cl,%eax
   a:	89 c1                	mov    %eax,%ecx
   c:	f7 d1                	not    %ecx
   e:	41 01 cc             	add    %ecx,%r12d
  11:	41 21 c4             	and    %eax,%r12d
  14:	e9 83 00 00 00       	jmp    0x9c
  19:	e8 55 bd 97 fe       	call   0xfe97bd73
  1e:	eb 79                	jmp    0x99
  20:	e8 4e bd 97 fe       	call   0xfe97bd73
  25:	44 89 e0             	mov    %r12d,%eax
  28:	99                   	cltd
* 29:	f7 fd                	idiv   %ebp <-- trapping instruction
  2b:	41 29 d4             	sub    %edx,%r12d
  2e:	eb 6c                	jmp    0x9c
  30:	e8 3e bd 97 fe       	call   0xfe97bd73
  35:	eb 65                	jmp    0x9c
  37:	e8 37 bd 97 fe       	call   0xfe97bd73
  3c:	44                   	rex.R
  3d:	8b                   	.byte 0x8b
  3e:	64                   	fs