pkg/report: make opcode decompilation more intelligent

Skip Code: lines that refer to user-space. Skip code listings where the
trapping instruction is an intentionally invalid one (this happens in
WARNINGs and most of BUG reports). Decompilation of such code fragments
provides no value to the user.

Add new tests and update the existing ones.

Closes #2709 and #2710.

10 files changed, 322 insertions, 81 deletions

diff --git a/pkg/report/linux.go b/pkg/report/linux.go
index f0b95750d..acab85856 100644
--- a/pkg/report/linux.go
+++ b/pkg/report/linux.go
@@ -444,18 +444,41 @@ type parsedOpcodes struct {
 	offset         int
 }
 
+type decompiledOpcodes struct {
+	opcodes           []DecompiledOpcode
+	trappingOpcodeIdx int
+	leftBytesCut      int
+}
+
 // processOpcodes converts a string representation of opcodes used by the Linux kernel into
-// the human-readable representation of the machine instructions, that surround the one
-// that crashed the kernel.
-// It returns the lines of the resulting description, the number of bytes that had to be skipped
-// so that it starts on an instruction boundary and an error object that is non-null in case of
-// severe problems.
-func (ctx *linux) processOpcodes(codeSlice string) ([]string, int, error) {
+// a sequence of the machine instructions, that surround the one that crashed the kernel.
+// If the input does not start on a boundary of an instruction, it is attempted to adjust the
+// strting position.
+// The method returns an error if it did not manage to correctly decompile the opcodes or
+// of the decompiled code is not of interest to the reader (e.g. it is a user-space code).
+func (ctx *linux) processOpcodes(codeSlice string) (*decompiledOpcodes, error) {
 	parsed, err := ctx.parseOpcodes(codeSlice)
 	if err != nil {
-		return nil, 0, err
+		return nil, err
+	}
+
+	decompiled, err := ctx.decompileWithOffset(parsed)
+	if err != nil {
+		return nil, err
 	}
 
+	if linuxSkipTrapInstrRe.MatchString(decompiled.opcodes[decompiled.trappingOpcodeIdx].Instruction) {
+		// For some reports (like WARNINGs) the trapping instruction is an intentionally
+		// invalid instruction. Decompilation of such code only allows to see the
+		// mechanism, through which the kernel implements such assertions and does not
+		// aid in finding the real issue.
+		return nil, fmt.Errorf("these opcodes are not of interest")
+	}
+
+	return decompiled, nil
+}
+
+func (ctx *linux) decompileWithOffset(parsed parsedOpcodes) (*decompiledOpcodes, error) {
 	// It is not guaranteed that the fragment of opcodes starts exactly at the boundary
 	// of a machine instruction. In order to simplify debugging process, we are trying
 	// to find the right starting position.
@@ -465,15 +488,14 @@ func (ctx *linux) processOpcodes(codeSlice string) ([]string, int, error) {
 	// to invoke the decompiler.
 	const opcodeAdjustmentLimit = 8
 
-	var currentBestReport []string
-	var currentBestOffset int
+	var bestResult *decompiledOpcodes
 
 	for leftCut := 0; leftCut <= parsed.offset && leftCut < opcodeAdjustmentLimit; leftCut++ {
 		newBytes := parsed.rawBytes[leftCut:]
 		newOffset := parsed.offset - leftCut
 		instructions, err := DecompileOpcodes(newBytes, parsed.decompileFlags, ctx.target)
 		if err != nil {
-			return nil, 0, err
+			return nil, err
 		}
 
 		// We only want to return the response, where there exists a decoded instruction that
@@ -482,10 +504,10 @@ func (ctx *linux) processOpcodes(codeSlice string) ([]string, int, error) {
 		// unrecognized (bad) instuctions - this serves as an indicator of a valid result.
 
 		hasBad := false
-		hasTargetOffset := false
-		for _, instruction := range instructions {
+		trappingIdx := -1
+		for idx, instruction := range instructions {
 			if instruction.Offset == newOffset {
-				hasTargetOffset = true
+				trappingIdx = idx
 			}
 			if instruction.Offset >= newOffset {
 				// Do not take into account instructions after the target offset. Once
@@ -495,25 +517,26 @@ func (ctx *linux) processOpcodes(codeSlice string) ([]string, int, error) {
 			hasBad = hasBad || instruction.IsBad
 		}
 
-		if !hasTargetOffset {
+		if trappingIdx < 0 {
 			continue
 		}
 
-		if !hasBad || currentBestReport == nil {
-			currentBestReport = ctx.formatDecodedFragment(instructions, newOffset)
-			currentBestOffset = leftCut
+		if !hasBad || bestResult == nil {
+			bestResult = &decompiledOpcodes{
+				opcodes:           instructions,
+				trappingOpcodeIdx: trappingIdx,
+				leftBytesCut:      leftCut,
+			}
 			if !hasBad {
 				// The best offset is already found.
 				break
 			}
 		}
 	}
-
-	if currentBestReport == nil {
-		return nil, 0, fmt.Errorf("unable to align decompiled code and the trapping instruction offset")
+	if bestResult == nil {
+		return nil, fmt.Errorf("unable to align decompiled code and the trapping instruction offset")
 	}
-
-	return currentBestReport, currentBestOffset, nil
+	return bestResult, nil
 }
 
 func (ctx *linux) parseOpcodes(codeSlice string) (parsedOpcodes, error) {
@@ -583,37 +606,40 @@ func (ctx *linux) parseOpcodes(codeSlice string) (parsedOpcodes, error) {
 	}, nil
 }
 
-func (ctx *linux) formatDecodedFragment(instructions []DecompiledOpcode, offset int) []string {
-	output := []string{}
-
-	for _, element := range instructions {
-		if element.Offset == offset {
-			output = append(output, element.FullDescription+" <-- trapping instruction")
-		} else {
-			output = append(output, element.FullDescription)
-		}
-	}
-
-	return output
-}
-
+// decompileReportOpcodes detects the most meaningful "Code: " lines from the report, decompiles
+// them and appends a human-readable listing to the end of the report.
 func (ctx *linux) decompileReportOpcodes(report []byte) []byte {
-	// For now, we only pick the first "Code: ..." line in the report.
-	// It seems to cover most of the cases, however, it might be reasonable
-	// to also consider the exact crash type.
-	match := linuxCodeRe.FindSubmatch(report)
-	if match == nil {
-		return report
+	// Iterate over all "Code: " lines and pick the first that could be decompiled
+	// that might be of interest to the user.
+	var decompiled *decompiledOpcodes
+	var prevLine []byte
+	for s := bufio.NewScanner(bytes.NewReader(report)); s.Scan(); prevLine = append([]byte{}, s.Bytes()...) {
+		// We want to avoid decompiling code from user-space as it is not of big interest during
+		// debugging kernel problems.
+		// For now this check only works for x86/amd64, but Linux on other architectures supported
+		// by syzkaller does not seem to include user-space code in its oops messages.
+		if linuxUserSegmentRe.Match(prevLine) {
+			continue
+		}
+		match := linuxCodeRe.FindSubmatch(s.Bytes())
+		if match == nil {
+			continue
+		}
+		decompiledLine, err := ctx.processOpcodes(string(match[1]))
+		if err != nil {
+			continue
+		}
+		decompiled = decompiledLine
+		break
 	}
 
-	description, skippedBytes, err := ctx.processOpcodes(string(match[1]))
-	if err != nil {
+	if decompiled == nil {
 		return report
 	}
 
 	skipInfo := ""
-	if skippedBytes > 0 {
-		skipInfo = fmt.Sprintf(", %v bytes skipped", skippedBytes)
+	if decompiled.leftBytesCut > 0 {
+		skipInfo = fmt.Sprintf(", %v bytes skipped", decompiled.leftBytesCut)
 	}
 
 	// The decompiled instructions are intentionally put to the bottom of the report instead
@@ -621,10 +647,18 @@ func (ctx *linux) decompileReportOpcodes(report []byte) []byte {
 	// the most important information at the top of the report, so that it is visible from
 	// the syzbot dashboard without scrolling.
 	headLine := fmt.Sprintf("----------------\nCode disassembly (best guess)%v:\n", skipInfo)
-
 	report = append(report, headLine...)
-	report = append(report, strings.Join(description, "\n")...)
-	return append(report, "\n"...)
+
+	for idx, opcode := range decompiled.opcodes {
+		line := opcode.FullDescription
+		if idx == decompiled.trappingOpcodeIdx {
+			line = fmt.Sprintf("*%s <-- trapping instruction\n", line[1:])
+		} else {
+			line += "\n"
+		}
+		report = append(report, line...)
+	}
+	return report
 }
 
 func (ctx *linux) extractGuiltyFile(rep *Report) string {
@@ -908,10 +942,12 @@ var linuxStallAnchorFrames = []*regexp.Regexp{
 
 // nolint: lll
 var (
-	linuxSymbolizeRe = regexp.MustCompile(`(?:\[\<(?:(?:0x)?[0-9a-f]+)\>\])?[ \t]+\(?(?:[0-9]+:)?([a-zA-Z0-9_.]+)\+0x([0-9a-f]+)/0x([0-9a-f]+)\)?`)
-	linuxRipFrame    = compile(`(?:IP|NIP|pc |PC is at):? (?:(?:[0-9]+:)?(?:{{PC}} +){0,2}{{FUNC}}|(?:[0-9]+:)?0x[0-9a-f]+|(?:[0-9]+:)?{{PC}} +\[< *\(null\)>\] +\(null\)|[0-9]+: +\(null\))`)
-	linuxCallTrace   = compile(`(?:Call (?:T|t)race:)|(?:Backtrace:)`)
-	linuxCodeRe      = regexp.MustCompile(`(?m)^\s*Code\:\s+((?:[A-Fa-f0-9\(\)\<\>]{2,8}\s*)*)\s*$`)
+	linuxSymbolizeRe     = regexp.MustCompile(`(?:\[\<(?:(?:0x)?[0-9a-f]+)\>\])?[ \t]+\(?(?:[0-9]+:)?([a-zA-Z0-9_.]+)\+0x([0-9a-f]+)/0x([0-9a-f]+)\)?`)
+	linuxRipFrame        = compile(`(?:IP|NIP|pc |PC is at):? (?:(?:[0-9]+:)?(?:{{PC}} +){0,2}{{FUNC}}|(?:[0-9]+:)?0x[0-9a-f]+|(?:[0-9]+:)?{{PC}} +\[< *\(null\)>\] +\(null\)|[0-9]+: +\(null\))`)
+	linuxCallTrace       = compile(`(?:Call (?:T|t)race:)|(?:Backtrace:)`)
+	linuxCodeRe          = regexp.MustCompile(`(?m)^\s*Code\:\s+((?:[A-Fa-f0-9\(\)\<\>]{2,8}\s*)*)\s*$`)
+	linuxSkipTrapInstrRe = regexp.MustCompile(`^ud2|brk\s+#0x800$`)
+	linuxUserSegmentRe   = regexp.MustCompile(`^RIP:\s+0033:`)
 )
 
 var linuxCorruptedTitles = []*regexp.Regexp{
diff --git a/pkg/report/testdata/linux/decompile/amd64/0.out b/pkg/report/testdata/linux/decompile/amd64/0.out
index 93f0dda98..4006d9468 100644
--- a/pkg/report/testdata/linux/decompile/amd64/0.out
+++ b/pkg/report/testdata/linux/decompile/amd64/0.out
@@ -46,21 +46,3 @@ RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000003
 RBP: 00007f66b70031d0 R08: 0000000000000000 R09: 0000000000000000
 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
 R13: 0000000000a9fb1f R14: 00007f66b7003300 R15: 0000000000022000
-----------------
-Code disassembly (best guess), 2 bytes skipped:
-   0:	ff 4c 89 ef          	decl   -0x11(%rcx,%rcx,4)
-   4:	89 44 24 28          	mov    %eax,0x28(%rsp)
-   8:	e8 75 c8 f6 fd       	callq  0xfdf6c882
-   d:	8b 44 24 28          	mov    0x28(%rsp),%eax
-  11:	e9 7a fb ff ff       	jmpq   0xfffffb90
-  16:	4c 89 ef             	mov    %r13,%rdi
-  19:	e8 f4 c7 f6 fd       	callq  0xfdf6c812
-  1e:	e9 e0 fb ff ff       	jmpq   0xfffffc03
-  23:	e8 4a a8 b0 fd       	callq  0xfdb0a872
-  28:	0f 0b                	ud2 <-- trapping instruction
-  2a:	e9 97 fb ff ff       	jmpq   0xfffffbc6
-  2f:	4c 89 ff             	mov    %r15,%rdi
-  32:	e8 0b c8 f6 fd       	callq  0xfdf6c842
-  37:	e9 b1 f6 ff ff       	jmpq   0xfffff6ed
-  3c:	48                   	rex.W
-  3d:	8b                   	.byte 0x8b
diff --git a/pkg/report/testdata/linux/decompile/amd64/2.out b/pkg/report/testdata/linux/decompile/amd64/2.out
index b5c3e5f63..96ae47e75 100644
--- a/pkg/report/testdata/linux/decompile/amd64/2.out
+++ b/pkg/report/testdata/linux/decompile/amd64/2.out
@@ -173,7 +173,7 @@ Code disassembly (best guess):
   1d:	e8 50 84 35 00       	callq  0x358472
   22:	fb                   	sti
   23:	65 8b 05 88 91 bc 7e 	mov    %gs:0x7ebc9188(%rip),%eax        # 0x7ebc91b2
-  2a:	85 c0                	test   %eax,%eax <-- trapping instruction
+* 2a:	85 c0                	test   %eax,%eax <-- trapping instruction
   2c:	74 58                	je     0x86
   2e:	5b                   	pop    %rbx
   2f:	5d                   	pop    %rbp
diff --git a/pkg/report/testdata/linux/decompile/amd64/3.in b/pkg/report/testdata/linux/decompile/amd64/3.in
new file mode 100644
index 000000000..88362afc5
--- /dev/null
+++ b/pkg/report/testdata/linux/decompile/amd64/3.in
@@ -0,0 +1,50 @@
+ccid3_first_li: No RTT estimate available, using fallback RTT
+ccid3_first_li: X_recv==0
+BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:691/ccid3_first_li()
+CPU: 1 PID: 11737 Comm: syz-fuzzer Not tainted 5.14.0-rc5-syzkaller #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:88 [inline]
+ dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:105
+ ccid3_first_li.cold+0x67/0x17a net/dccp/ccids/ccid3.c:691
+ tfrc_lh_interval_add+0x640/0x8e0 net/dccp/ccids/lib/loss_interval.c:157
+ tfrc_rx_handle_loss+0x41b/0x1fa0 net/dccp/ccids/lib/packet_history.c:328
+ ccid3_hc_rx_packet_recv+0x385/0xe90 net/dccp/ccids/ccid3.c:744
+ ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
+ dccp_deliver_input_to_ccids+0xd9/0x250 net/dccp/input.c:176
+ dccp_rcv_established net/dccp/input.c:374 [inline]
+ dccp_rcv_established+0x107/0x160 net/dccp/input.c:364
+ dccp_v4_do_rcv+0x130/0x190 net/dccp/ipv4.c:667
+ sk_backlog_rcv include/net/sock.h:1023 [inline]
+ __sk_receive_skb+0x29d/0x830 net/core/sock.c:527
+ dccp_v4_rcv+0xea5/0x19d0 net/dccp/ipv4.c:890
+ ip_protocol_deliver_rcu+0xa7/0xa20 net/ipv4/ip_input.c:204
+ ip_local_deliver_finish+0x20a/0x370 net/ipv4/ip_input.c:231
+ NF_HOOK include/linux/netfilter.h:307 [inline]
+ NF_HOOK include/linux/netfilter.h:301 [inline]
+ ip_local_deliver+0x1b3/0x200 net/ipv4/ip_input.c:252
+ dst_input include/net/dst.h:458 [inline]
+ ip_rcv_finish+0x1da/0x2f0 net/ipv4/ip_input.c:429
+ NF_HOOK include/linux/netfilter.h:307 [inline]
+ NF_HOOK include/linux/netfilter.h:301 [inline]
+ ip_rcv+0xaa/0xd0 net/ipv4/ip_input.c:540
+ __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5498
+ __netif_receive_skb+0x24/0x1b0 net/core/dev.c:5612
+ process_backlog+0x2a5/0x6c0 net/core/dev.c:6492
+ __napi_poll+0xaf/0x440 net/core/dev.c:7047
+ napi_poll net/core/dev.c:7114 [inline]
+ net_rx_action+0x801/0xb40 net/core/dev.c:7201
+ __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
+ invoke_softirq kernel/softirq.c:432 [inline]
+ __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636
+ irq_exit_rcu+0x5/0x20 kernel/softirq.c:648
+ sysvec_apic_timer_interrupt+0x45/0xc0 arch/x86/kernel/apic/apic.c:1100
+ asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
+RIP: 0033:0x43132b
+Code: 48 8b 4c 24 40 48 8b 54 24 38 48 8b 5c 24 30 eb 9e 90 48 89 d3 48 c1 ea 03 48 83 e3 07 48 89 ce 48 89 d9 bf 01 00 00 00 d3 e7 <90> 48 03 50 50 0f b6 1a 40 84 df 74 19 48 8b 44 24 58 48 8b 4c 24
+RSP: 002b:000000c00ca55f60 EFLAGS: 00000202
+RAX: 00007ff3437d4f70 RBX: 0000000000000001 RCX: 0000000000000001
+RDX: 0000000000000014 RSI: 000000c013793420 RDI: 0000000000000002
+RBP: 000000c00ca55fa8 R08: 000000000000000b R09: ffffffffffffffff
+R10: 00007ff343dc41c0 R11: 000000c000020f58 R12: 000000c00181c6f0
+R13: 000000c000020f48 R14: 000000000094d49c R15: 0000000000000000
diff --git a/pkg/report/testdata/linux/decompile/amd64/3.out b/pkg/report/testdata/linux/decompile/amd64/3.out
new file mode 100644
index 000000000..88362afc5
--- /dev/null
+++ b/pkg/report/testdata/linux/decompile/amd64/3.out
@@ -0,0 +1,50 @@
+ccid3_first_li: No RTT estimate available, using fallback RTT
+ccid3_first_li: X_recv==0
+BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:691/ccid3_first_li()
+CPU: 1 PID: 11737 Comm: syz-fuzzer Not tainted 5.14.0-rc5-syzkaller #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:88 [inline]
+ dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:105
+ ccid3_first_li.cold+0x67/0x17a net/dccp/ccids/ccid3.c:691
+ tfrc_lh_interval_add+0x640/0x8e0 net/dccp/ccids/lib/loss_interval.c:157
+ tfrc_rx_handle_loss+0x41b/0x1fa0 net/dccp/ccids/lib/packet_history.c:328
+ ccid3_hc_rx_packet_recv+0x385/0xe90 net/dccp/ccids/ccid3.c:744
+ ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
+ dccp_deliver_input_to_ccids+0xd9/0x250 net/dccp/input.c:176
+ dccp_rcv_established net/dccp/input.c:374 [inline]
+ dccp_rcv_established+0x107/0x160 net/dccp/input.c:364
+ dccp_v4_do_rcv+0x130/0x190 net/dccp/ipv4.c:667
+ sk_backlog_rcv include/net/sock.h:1023 [inline]
+ __sk_receive_skb+0x29d/0x830 net/core/sock.c:527
+ dccp_v4_rcv+0xea5/0x19d0 net/dccp/ipv4.c:890
+ ip_protocol_deliver_rcu+0xa7/0xa20 net/ipv4/ip_input.c:204
+ ip_local_deliver_finish+0x20a/0x370 net/ipv4/ip_input.c:231
+ NF_HOOK include/linux/netfilter.h:307 [inline]
+ NF_HOOK include/linux/netfilter.h:301 [inline]
+ ip_local_deliver+0x1b3/0x200 net/ipv4/ip_input.c:252
+ dst_input include/net/dst.h:458 [inline]
+ ip_rcv_finish+0x1da/0x2f0 net/ipv4/ip_input.c:429
+ NF_HOOK include/linux/netfilter.h:307 [inline]
+ NF_HOOK include/linux/netfilter.h:301 [inline]
+ ip_rcv+0xaa/0xd0 net/ipv4/ip_input.c:540
+ __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5498
+ __netif_receive_skb+0x24/0x1b0 net/core/dev.c:5612
+ process_backlog+0x2a5/0x6c0 net/core/dev.c:6492
+ __napi_poll+0xaf/0x440 net/core/dev.c:7047
+ napi_poll net/core/dev.c:7114 [inline]
+ net_rx_action+0x801/0xb40 net/core/dev.c:7201
+ __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
+ invoke_softirq kernel/softirq.c:432 [inline]
+ __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636
+ irq_exit_rcu+0x5/0x20 kernel/softirq.c:648
+ sysvec_apic_timer_interrupt+0x45/0xc0 arch/x86/kernel/apic/apic.c:1100
+ asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
+RIP: 0033:0x43132b
+Code: 48 8b 4c 24 40 48 8b 54 24 38 48 8b 5c 24 30 eb 9e 90 48 89 d3 48 c1 ea 03 48 83 e3 07 48 89 ce 48 89 d9 bf 01 00 00 00 d3 e7 <90> 48 03 50 50 0f b6 1a 40 84 df 74 19 48 8b 44 24 58 48 8b 4c 24
+RSP: 002b:000000c00ca55f60 EFLAGS: 00000202
+RAX: 00007ff3437d4f70 RBX: 0000000000000001 RCX: 0000000000000001
+RDX: 0000000000000014 RSI: 000000c013793420 RDI: 0000000000000002
+RBP: 000000c00ca55fa8 R08: 000000000000000b R09: ffffffffffffffff
+R10: 00007ff343dc41c0 R11: 000000c000020f58 R12: 000000c00181c6f0
+R13: 000000c000020f48 R14: 000000000094d49c R15: 0000000000000000
diff --git a/pkg/report/testdata/linux/decompile/amd64/4.in b/pkg/report/testdata/linux/decompile/amd64/4.in
new file mode 100644
index 000000000..cf27b1f07
--- /dev/null
+++ b/pkg/report/testdata/linux/decompile/amd64/4.in
@@ -0,0 +1,55 @@
+divide error: 0000 [#1] PREEMPT SMP KASAN
+CPU: 1 PID: 3149 Comm: syz-executor385 Not tainted 5.4.141-syzkaller-16412-gf364839bcf0b #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+RIP: 0010:snd_pcm_lib_ioctl_fifo_size sound/core/pcm_lib.c:1739 [inline]
+RIP: 0010:snd_pcm_lib_ioctl+0x73e/0x75c sound/core/pcm_lib.c:1764
+Code: fd 4c 89 e2 b8 ff ff 37 00 48 c1 ea 03 48 c1 e0 2a 80 3c 02 00 74 08 4c 89 e7 e8 f0 8e 14 fe 48 8b 83 18 02 00 00 89 ed 31 d2 <48> f7 f5 48 89 83 18 02 00 00 45 31 ed e8 7f b5 f2 fd 44 89 e8 5b
+RSP: 0018:ffff8881da17fb78 EFLAGS: 00010246
+RAX: 0000000000000000 RBX: ffff8881dce33800 RCX: ffff8881dd6a9980
+RDX: 0000000000000000 RSI: ffffffff833e3709 RDI: 0000000100000000
+RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000007
+R10: ffff8881dd6a9980 R11: ffffffff8134d1e8 R12: ffff8881dce33a18
+R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
+FS:  0000000002290300(0000) GS:ffff8881f6d00000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000000020001090 CR3: 00000001d89ec000 CR4: 00000000001406e0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ snd_pcm_ops_ioctl+0x76/0xa0 sound/core/pcm_native.c:196
+ fixup_unreferenced_params+0x46b/0x547 sound/core/pcm_native.c:471
+ snd_pcm_hw_refine_old_user sound/core/pcm_native.c:3700 [inline]
+ snd_pcm_common_ioctl+0x1002/0x1764 sound/core/pcm_native.c:3036
+ snd_pcm_ioctl+0x93/0xa9 sound/core/pcm_native.c:3073
+ vfs_ioctl+0x76/0x9e fs/ioctl.c:47
+ do_vfs_ioctl+0xfc5/0x1022 fs/ioctl.c:722
+ ksys_ioctl+0x79/0xb1 fs/ioctl.c:737
+ __do_sys_ioctl fs/ioctl.c:744 [inline]
+ __se_sys_ioctl fs/ioctl.c:742 [inline]
+ __x64_sys_ioctl+0x7f/0x86 fs/ioctl.c:742
+ do_syscall_64+0x10b/0x144 arch/x86/entry/common.c:299
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+RIP: 0033:0x443649
+Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
+RSP: 002b:00007ffef556a688 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
+RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000443649
+RDX: 00000000200010c0 RSI: 00000000c1004110 RDI: 0000000000000003
+RBP: 00000000004031f0 R08: 0000000000000000 R09: 00000000004004a0
+R10: 000000000000001f R11: 0000000000000246 R12: 0000000000403280
+R13: 0000000000000000 R14: 00000000004b1018 R15: 00000000004004a0
+Modules linked in:
+---[ end trace 7398808905092392 ]---
+RIP: 0010:snd_pcm_lib_ioctl_fifo_size sound/core/pcm_lib.c:1739 [inline]
+RIP: 0010:snd_pcm_lib_ioctl+0x73e/0x75c sound/core/pcm_lib.c:1764
+Code: fd 4c 89 e2 b8 ff ff 37 00 48 c1 ea 03 48 c1 e0 2a 80 3c 02 00 74 08 4c 89 e7 e8 f0 8e 14 fe 48 8b 83 18 02 00 00 89 ed 31 d2 <48> f7 f5 48 89 83 18 02 00 00 45 31 ed e8 7f b5 f2 fd 44 89 e8 5b
+RSP: 0018:ffff8881da17fb78 EFLAGS: 00010246
+RAX: 0000000000000000 RBX: ffff8881dce33800 RCX: ffff8881dd6a9980
+RDX: 0000000000000000 RSI: ffffffff833e3709 RDI: 0000000100000000
+RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000007
+R10: ffff8881dd6a9980 R11: ffffffff8134d1e8 R12: ffff8881dce33a18
+R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
+FS:  0000000002290300(0000) GS:ffff8881f6c00000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007b48899bf000 CR3: 00000001d89ec000 CR4: 00000000001406f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
diff --git a/pkg/report/testdata/linux/decompile/amd64/4.out b/pkg/report/testdata/linux/decompile/amd64/4.out
new file mode 100644
index 000000000..f2fab8cd7
--- /dev/null
+++ b/pkg/report/testdata/linux/decompile/amd64/4.out
@@ -0,0 +1,75 @@
+divide error: 0000 [#1] PREEMPT SMP KASAN
+CPU: 1 PID: 3149 Comm: syz-executor385 Not tainted 5.4.141-syzkaller-16412-gf364839bcf0b #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+RIP: 0010:snd_pcm_lib_ioctl_fifo_size sound/core/pcm_lib.c:1739 [inline]
+RIP: 0010:snd_pcm_lib_ioctl+0x73e/0x75c sound/core/pcm_lib.c:1764
+Code: fd 4c 89 e2 b8 ff ff 37 00 48 c1 ea 03 48 c1 e0 2a 80 3c 02 00 74 08 4c 89 e7 e8 f0 8e 14 fe 48 8b 83 18 02 00 00 89 ed 31 d2 <48> f7 f5 48 89 83 18 02 00 00 45 31 ed e8 7f b5 f2 fd 44 89 e8 5b
+RSP: 0018:ffff8881da17fb78 EFLAGS: 00010246
+RAX: 0000000000000000 RBX: ffff8881dce33800 RCX: ffff8881dd6a9980
+RDX: 0000000000000000 RSI: ffffffff833e3709 RDI: 0000000100000000
+RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000007
+R10: ffff8881dd6a9980 R11: ffffffff8134d1e8 R12: ffff8881dce33a18
+R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
+FS:  0000000002290300(0000) GS:ffff8881f6d00000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000000020001090 CR3: 00000001d89ec000 CR4: 00000000001406e0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ snd_pcm_ops_ioctl+0x76/0xa0 sound/core/pcm_native.c:196
+ fixup_unreferenced_params+0x46b/0x547 sound/core/pcm_native.c:471
+ snd_pcm_hw_refine_old_user sound/core/pcm_native.c:3700 [inline]
+ snd_pcm_common_ioctl+0x1002/0x1764 sound/core/pcm_native.c:3036
+ snd_pcm_ioctl+0x93/0xa9 sound/core/pcm_native.c:3073
+ vfs_ioctl+0x76/0x9e fs/ioctl.c:47
+ do_vfs_ioctl+0xfc5/0x1022 fs/ioctl.c:722
+ ksys_ioctl+0x79/0xb1 fs/ioctl.c:737
+ __do_sys_ioctl fs/ioctl.c:744 [inline]
+ __se_sys_ioctl fs/ioctl.c:742 [inline]
+ __x64_sys_ioctl+0x7f/0x86 fs/ioctl.c:742
+ do_syscall_64+0x10b/0x144 arch/x86/entry/common.c:299
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+RIP: 0033:0x443649
+Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
+RSP: 002b:00007ffef556a688 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
+RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000443649
+RDX: 00000000200010c0 RSI: 00000000c1004110 RDI: 0000000000000003
+RBP: 00000000004031f0 R08: 0000000000000000 R09: 00000000004004a0
+R10: 000000000000001f R11: 0000000000000246 R12: 0000000000403280
+R13: 0000000000000000 R14: 00000000004b1018 R15: 00000000004004a0
+Modules linked in:
+---[ end trace 7398808905092392 ]---
+RIP: 0010:snd_pcm_lib_ioctl_fifo_size sound/core/pcm_lib.c:1739 [inline]
+RIP: 0010:snd_pcm_lib_ioctl+0x73e/0x75c sound/core/pcm_lib.c:1764
+Code: fd 4c 89 e2 b8 ff ff 37 00 48 c1 ea 03 48 c1 e0 2a 80 3c 02 00 74 08 4c 89 e7 e8 f0 8e 14 fe 48 8b 83 18 02 00 00 89 ed 31 d2 <48> f7 f5 48 89 83 18 02 00 00 45 31 ed e8 7f b5 f2 fd 44 89 e8 5b
+RSP: 0018:ffff8881da17fb78 EFLAGS: 00010246
+RAX: 0000000000000000 RBX: ffff8881dce33800 RCX: ffff8881dd6a9980
+RDX: 0000000000000000 RSI: ffffffff833e3709 RDI: 0000000100000000
+RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000007
+R10: ffff8881dd6a9980 R11: ffffffff8134d1e8 R12: ffff8881dce33a18
+R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
+FS:  0000000002290300(0000) GS:ffff8881f6c00000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007b48899bf000 CR3: 00000001d89ec000 CR4: 00000000001406f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+----------------
+Code disassembly (best guess):
+   0:	fd                   	std
+   1:	4c 89 e2             	mov    %r12,%rdx
+   4:	b8 ff ff 37 00       	mov    $0x37ffff,%eax
+   9:	48 c1 ea 03          	shr    $0x3,%rdx
+   d:	48 c1 e0 2a          	shl    $0x2a,%rax
+  11:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
+  15:	74 08                	je     0x1f
+  17:	4c 89 e7             	mov    %r12,%rdi
+  1a:	e8 f0 8e 14 fe       	callq  0xfe148f0f
+  1f:	48 8b 83 18 02 00 00 	mov    0x218(%rbx),%rax
+  26:	89 ed                	mov    %ebp,%ebp
+  28:	31 d2                	xor    %edx,%edx
+* 2a:	48 f7 f5             	div    %rbp <-- trapping instruction
+  2d:	48 89 83 18 02 00 00 	mov    %rax,0x218(%rbx)
+  34:	45 31 ed             	xor    %r13d,%r13d
+  37:	e8 7f b5 f2 fd       	callq  0xfdf2b5bb
+  3c:	44 89 e8             	mov    %r13d,%eax
+  3f:	5b                   	pop    %rbx
diff --git a/pkg/report/testdata/linux/decompile/arm/0.out b/pkg/report/testdata/linux/decompile/arm/0.out
index 49a85c720..710c1edbd 100644
--- a/pkg/report/testdata/linux/decompile/arm/0.out
+++ b/pkg/report/testdata/linux/decompile/arm/0.out
@@ -112,4 +112,4 @@ Code disassembly (best guess):
    4:	e2853020 	add	r3, r5, #32
    8:	e1a02000 	mov	r2, r0
    c:	e2422008 	sub	r2, r2, #8
-  10:	e5034020 	str	r4, [r3, #-32]	; 0xffffffe0 <-- trapping instruction
+* 10:	e5034020 	str	r4, [r3, #-32]	; 0xffffffe0 <-- trapping instruction
diff --git a/pkg/report/testdata/linux/decompile/arm64/0.out b/pkg/report/testdata/linux/decompile/arm64/0.out
index 2b6406f60..654ec9506 100644
--- a/pkg/report/testdata/linux/decompile/arm64/0.out
+++ b/pkg/report/testdata/linux/decompile/arm64/0.out
@@ -40,10 +40,3 @@ Call trace:
  work_pending+0xc/0x3d4
 Code: cb000260 d34cfc00 97fcf6fe 35fffc20 (d4210000) 
 ---[ end trace 9cab793efd001cad ]---
-----------------
-Code disassembly (best guess):
-   0:	cb000260 	sub	x0, x19, x0
-   4:	d34cfc00 	lsr	x0, x0, #12
-   8:	97fcf6fe 	bl	0xfffffffffff3dc00
-   c:	35fffc20 	cbnz	w0, 0xffffffffffffff90
-  10:	d4210000 	brk	#0x800 <-- trapping instruction
diff --git a/pkg/report/testdata/linux/decompile/arm64/1.out b/pkg/report/testdata/linux/decompile/arm64/1.out
index c07a4756b..09ea024f2 100644
--- a/pkg/report/testdata/linux/decompile/arm64/1.out
+++ b/pkg/report/testdata/linux/decompile/arm64/1.out
@@ -53,4 +53,4 @@ Code disassembly (best guess):
    4:	f2df7fe1 	movk	x1, #0xfbff, lsl #32
    8:	f2ffffe1 	movk	x1, #0xffff, lsl #48
    c:	8b010273 	add	x19, x19, x1
-  10:	39000274 	strb	w20, [x19] <-- trapping instruction
+* 10:	39000274 	strb	w20, [x19] <-- trapping instruction