10 files changed, 322 insertions, 81 deletions

diff --git a/pkg/report/linux.go b/pkg/report/linux.go
index f0b95750d..acab85856 100644
--- a/pkg/report/linux.go
+++ b/pkg/report/linux.go
@@ -444,18 +444,41 @@ type parsedOpcodes struct {
 	offset         int
 }
 
+type decompiledOpcodes struct {
+	opcodes           []DecompiledOpcode
+	trappingOpcodeIdx int
+	leftBytesCut      int
+}
+
 // processOpcodes converts a string representation of opcodes used by the Linux kernel into
-// the human-readable representation of the machine instructions, that surround the one
-// that crashed the kernel.
-// It returns the lines of the resulting description, the number of bytes that had to be skipped
-// so that it starts on an instruction boundary and an error object that is non-null in case of
-// severe problems.
-func (ctx *linux) processOpcodes(codeSlice string) ([]string, int, error) {
+// a sequence of the machine instructions, that surround the one that crashed the kernel.
+// If the input does not start on a boundary of an instruction, it is attempted to adjust the
+// strting position.
+// The method returns an error if it did not manage to correctly decompile the opcodes or
+// of the decompiled code is not of interest to the reader (e.g. it is a user-space code).
+func (ctx *linux) processOpcodes(codeSlice string) (*decompiledOpcodes, error) {
 	parsed, err := ctx.parseOpcodes(codeSlice)
 	if err != nil {
-		return nil, 0, err
+		return nil, err
+	}
+
+	decompiled, err := ctx.decompileWithOffset(parsed)
+	if err != nil {
+		return nil, err
 	}
 
+	if linuxSkipTrapInstrRe.MatchString(decompiled.opcodes[decompiled.trappingOpcodeIdx].Instruction) {
+		// For some reports (like WARNINGs) the trapping instruction is an intentionally
+		// invalid instruction. Decompilation of such code only allows to see the
+		// mechanism, through which the kernel implements such assertions and does not
+		// aid in finding the real issue.
+		return nil, fmt.Errorf("these opcodes are not of interest")
+	}
+
+	return decompiled, nil
+}
+
+func (ctx *linux) decompileWithOffset(parsed parsedOpcodes) (*decompiledOpcodes, error) {
 	// It is not guaranteed that the fragment of opcodes starts exactly at the boundary
 	// of a machine instruction. In order to simplify debugging process, we are trying
 	// to find the right starting position.
@@ -465,15 +488,14 @@ func (ctx *linux) processOpcodes(codeSlice string) ([]string, int, error) {
 	// to invoke the decompiler.
 	const opcodeAdjustmentLimit = 8
 
-	var currentBestReport []string
-	var currentBestOffset int
+	var bestResult *decompiledOpcodes
 
 	for leftCut := 0; leftCut <= parsed.offset && leftCut < opcodeAdjustmentLimit; leftCut++ {
 		newBytes := parsed.rawBytes[leftCut:]
 		newOffset := parsed.offset - leftCut
 		instructions, err := DecompileOpcodes(newBytes, parsed.decompileFlags, ctx.target)
 		if err != nil {
-			return nil, 0, err
+			return nil, err
 		}
 
 		// We only want to return the response, where there exists a decoded instruction that
@@ -482,10 +504,10 @@ func (ctx *linux) processOpcodes(codeSlice string) ([]string, int, error) {
 		// unrecognized (bad) instuctions - this serves as an indicator of a valid result.
 
 		hasBad := false
-		hasTargetOffset := false
-		for _, instruction := range instructions {
+		trappingIdx := -1
+		for idx, instruction := range instructions {
 			if instruction.Offset == newOffset {
-				hasTargetOffset = true
+				trappingIdx = idx
 			}
 			if instruction.Offset >= newOffset {
 				// Do not take into account instructions after the target offset. Once
@@ -495,25 +517,26 @@ func (ctx *linux) processOpcodes(codeSlice string) ([]string, int, error) {
 			hasBad = hasBad || instruction.IsBad
 		}
 
-		if !hasTargetOffset {
+		if trappingIdx < 0 {
 			continue
 		}
 
-		if !hasBad || currentBestReport == nil {
-			currentBestReport = ctx.formatDecodedFragment(instructions, newOffset)
-			currentBestOffset = leftCut
+		if !hasBad || bestResult == nil {
+			bestResult = &decompiledOpcodes{
+				opcodes:           instructions,
+				trappingOpcodeIdx: trappingIdx,
+				leftBytesCut:      leftCut,
+			}
 			if !hasBad {
 				// The best offset is already found.
 				break
 			}
 		}
 	}
-
-	if currentBestReport == nil {
-		return nil, 0, fmt.Errorf("unable to align decompiled code and the trapping instruction offset")
+	if bestResult == nil {
+		return nil, fmt.Errorf("unable to align decompiled code and the trapping instruction offset")
 	}
-
-	return currentBestReport, currentBestOffset, nil
+	return bestResult, nil
 }
 
 func (ctx *linux) parseOpcodes(codeSlice string) (parsedOpcodes, error) {
@@ -583,37 +606,40 @@ func (ctx *linux) parseOpcodes(codeSlice string) (parsedOpcodes, error) {
 	}, nil
 }
 
-func (ctx *linux) formatDecodedFragment(instructions []DecompiledOpcode, offset int) []string {
-	output := []string{}
-
-	for _, element := range instructions {
-		if element.Offset == offset {
-			output = append(output, element.FullDescription+" <-- trapping instruction")
-		} else {
-			output = append(output, element.FullDescription)
-		}
-	}
-
-	return output
-}
-
+// decompileReportOpcodes detects the most meaningful "Code: " lines from the report, decompiles
+// them and appends a human-readable listing to the end of the report.
 func (ctx *linux) decompileReportOpcodes(report []byte) []byte {
-	// For now, we only pick the first "Code: ..." line in the report.
-	// It seems to cover most of the cases, however, it might be reasonable
-	// to also consider the exact crash type.
-	match := linuxCodeRe.FindSubmatch(report)
-	if match == nil {
-		return report
+	// Iterate over all "Code: " lines and pick the first that could be decompiled
+	// that might be of interest to the user.
+	var decompiled *decompiledOpcodes
+	var prevLine []byte
+	for s := bufio.NewScanner(bytes.NewReader(report)); s.Scan(); prevLine = append([]byte{}, s.Bytes()...) {
+		// We want to avoid decompiling code from user-space as it is not of big interest during
+		// debugging kernel problems.
+		// For now this check only works for x86/amd64, but Linux on other architectures supported
+		// by syzkaller does not seem to include user-space code in its oops messages.
+		if linuxUserSegmentRe.Match(prevLine) {
+			continue
+		}
+		match := linuxCodeRe.FindSubmatch(s.Bytes())
+		if match == nil {
+			continue
+		}
+		decompiledLine, err := ctx.processOpcodes(string(match[1]))
+		if err != nil {
+			continue
+		}
+		decompiled = decompiledLine
+		break
 	}
 
-	description, skippedBytes, err := ctx.processOpcodes(string(match[1]))
-	if err != nil {
+	if decompiled == nil {
 		return report
 	}
 
 	skipInfo := ""
-	if skippedBytes > 0 {
-		skipInfo = fmt.Sprintf(", %v bytes skipped", skippedBytes)
+	if decompiled.leftBytesCut > 0 {
+		skipInfo = fmt.Sprintf(", %v bytes skipped", decompiled.leftBytesCut)
 	}
 
 	// The decompiled instructions are intentionally put to the bottom of the report instead
@@ -621,10 +647,18 @@ func (ctx *linux) decompileReportOpcodes(report []byte) []byte {
 	// the most important information at the top of the report, so that it is visible from
 	// the syzbot dashboard without scrolling.
 	headLine := fmt.Sprintf("----------------\nCode disassembly (best guess)%v:\n", skipInfo)
-
 	report = append(report, headLine...)
-	report = append(report, strings.Join(description, "\n")...)
-	return append(report, "\n"...)
+
+	for idx, opcode := range decompiled.opcodes {
+		line := opcode.FullDescription
+		if idx == decompiled.trappingOpcodeIdx {
+			line = fmt.Sprintf("*%s <-- trapping instruction\n", line[1:])
+		} else {
+			line += "\n"
+		}
+		report = append(report, line...)
+	}
+	return report
 }
 
 func (ctx *linux) extractGuiltyFile(rep *Report) string {
@@ -908,10 +942,12 @@ var linuxStallAnchorFrames = []*regexp.Regexp{
 
 // nolint: lll
 var (
-	linuxSymbolizeRe = regexp.MustCompile(`(?:\[\<(?:(?:0x)?[0-9a-f]+)\>\])?[ \t]+\(?(?:[0-9]+:)?([a-zA-Z0-9_.]+)\+0x([0-9a-f]+)/0x([0-9a-f]+)\)?`)
-	linuxRipFrame    = compile(`(?:IP|NIP|pc |PC is at):? (?:(?:[0-9]+:)?(?:{{PC}} +){0,2}{{FUNC}}|(?:[0-9]+:)?0x[0-9a-f]+|(?:[0-9]+:)?{{PC}} +\[< *\(null\)>\] +\(null\)|[0-9]+: +\(null\))`)
-	linuxCallTrace   = compile(`(?:Call (?:T|t)race:)|(?:Backtrace:)`)
-	linuxCodeRe      = regexp.MustCompile(`(?m)^\s*Code\:\s+((?:[A-Fa-f0-9\(\)\<\>]{2,8}\s*)*)\s*$`)
+	linuxSymbolizeRe     = regexp.MustCompile(`(?:\[\<(?:(?:0x)?[0-9a-f]+)\>\])?[ \t]+\(?(?:[0-9]+:)?([a-zA-Z0-9_.]+)\+0x([0-9a-f]+)/0x([0-9a-f]+)\)?`)
+	linuxRipFrame        = compile(`(?:IP|NIP|pc |PC is at):? (?:(?:[0-9]+:)?(?:{{PC}} +){0,2}{{FUNC}}|(?:[0-9]+:)?0x[0-9a-f]+|(?:[0-9]+:)?{{PC}} +\[< *\(null\)>\] +\(null\)|[0-9]+: +\(null\))`)
+	linuxCallTrace       = compile(`(?:Call (?:T|t)race:)|(?:Backtrace:)`)
+	linuxCodeRe          = regexp.MustCompile(`(?m)^\s*Code\:\s+((?:[A-Fa-f0-9\(\)\<\>]{2,8}\s*)*)\s*$`)
+	linuxSkipTrapInstrRe = regexp.MustCompile(`^ud2|brk\s+#0x800$`)
+	linuxUserSegmentRe   = regexp.MustCompile(`^RIP:\s+0033:`)
 )
 
 var linuxCorruptedTitles = []*regexp.Regexp{
diff --git a/pkg/report/testdata/linux/decompile/amd64/0.out b/pkg/report/testdata/linux/decompile/amd64/0.out
index 93f0dda98..4006d9468 100644
--- a/pkg/report/testdata/linux/decompile/amd64/0.out
+++ b/pkg/report/testdata/linux/decompile/amd64/0.out
@@ -46,21 +46,3 @@ RDX: 0000000000000012 RSI: 0000000020000140 RDI: 0000000000000003
 RBP: 00007f66b70031d0 R08: 0000000000000000 R09: 0000000000000000
 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
 R13: 0000000000a9fb1f R14: 00007f66b7003300 R15: 0000000000022000
-----------------
-Code disassembly (best guess), 2 bytes skipped:
-   0:	ff 4c 89 ef          	decl   -0x11(%rcx,%rcx,4)
-   4:	89 44 24 28          	mov    %eax,0x28(%rsp)
-   8:	e8 75 c8 f6 fd       	callq  0xfdf6c882
-   d:	8b 44 24 28          	mov    0x28(%rsp),%eax
-  11:	e9 7a fb ff ff       	jmpq   0xfffffb90
-  16:	4c 89 ef             	mov    %r13,%rdi
-  19:	e8 f4 c7 f6 fd       	callq  0xfdf6c812
-  1e:	e9 e0 fb ff ff       	jmpq   0xfffffc03
-  23:	e8 4a a8 b0 fd       	callq  0xfdb0a872
-  28:	0f 0b                	ud2 <-- trapping instruction
-  2a:	e9 97 fb ff ff       	jmpq   0xfffffbc6
-  2f:	4c 89 ff             	mov    %r15,%rdi
-  32:	e8 0b c8 f6 fd       	callq  0xfdf6c842
-  37:	e9 b1 f6 ff ff       	jmpq   0xfffff6ed
-  3c:	48                   	rex.W
-  3d:	8b                   	.byte 0x8b
diff --git a/pkg/report/testdata/linux/decompile/amd64/2.out b/pkg/report/testdata/linux/decompile/amd64/2.out
index b5c3e5f63..96ae47e75 100644
--- a/pkg/report/testdata/linux/decompile/amd64/2.out
+++ b/pkg/report/testdata/linux/decompile/amd64/2.out
@@ -173,7 +173,7 @@ Code disassembly (best guess):
   1d:	e8 50 84 35 00       	callq  0x358472
   22:	fb                   	sti
   23:	65 8b 05 88 91 bc 7e 	mov    %gs:0x7ebc9188(%rip),%eax        # 0x7ebc91b2
-  2a:	85 c0                	test   %eax,%eax <-- trapping instruction
+* 2a:	85 c0                	test   %eax,%eax <-- trapping instruction
   2c:	74 58                	je     0x86
   2e:	5b                   	pop    %rbx
   2f:	5d                   	pop    %rbp
diff --git a/pkg/report/testdata/linux/decompile/amd64/3.in b/pkg/report/testdata/linux/decompile/amd64/3.in
new file mode 100644
index 000000000..88362afc5
--- /dev/null
+++ b/pkg/report/testdata/linux/decompile/amd64/3.in
@@ -0,0 +1,50 @@
+ccid3_first_li: No RTT estimate available, using fallback RTT
+ccid3_first_li: X_recv==0
+BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:691/ccid3_first_li()
+CPU: 1 PID: 11737 Comm: syz-fuzzer Not tainted 5.14.0-rc5-syzkaller #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:88 [inline]
+ dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:105
+ ccid3_first_li.cold+0x67/0x17a net/dccp/ccids/ccid3.c:691
+ tfrc_lh_interval_add+0x640/0x8e0 net/dccp/ccids/lib/loss_interval.c:157
+ tfrc_rx_handle_loss+0x41b/0x1fa0 net/dccp/ccids/lib/packet_history.c:328
+ ccid3_hc_rx_packet_recv+0x385/0xe90 net/dccp/ccids/ccid3.c:744
+ ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
+ dccp_deliver_input_to_ccids+0xd9/0x250 net/dccp/input.c:176
+ dccp_rcv_established net/dccp/input.c:374 [inline]
+ dccp_rcv_established+0x107/0x160 net/dccp/input.c:364
+ dccp_v4_do_rcv+0x130/0x190 net/dccp/ipv4.c:667
+ sk_backlog_rcv include/net/sock.h:1023 [inline]
+ __sk_receive_skb+0x29d/0x830 net/core/sock.c:527
+ dccp_v4_rcv+0xea5/0x19d0 net/dccp/ipv4.c:890
+ ip_protocol_deliver_rcu+0xa7/0xa20 net/ipv4/ip_input.c:204
+ ip_local_deliver_finish+0x20a/0x370 net/ipv4/ip_input.c:231
+ NF_HOOK include/linux/netfilter.h:307 [inline]
+ NF_HOOK include/linux/netfilter.h:301 [inline]
+ ip_local_deliver+0x1b3/0x200 net/ipv4/ip_input.c:252
+ dst_input include/net/dst.h:458 [inline]
+ ip_rcv_finish+0x1da/0x2f0 net/ipv4/ip_input.c:429
+ NF_HOOK include/linux/netfilter.h:307 [inline]
+ NF_HOOK include/linux/netfilter.h:301 [inline]
+ ip_rcv+0xaa/0xd0 net/ipv4/ip_input.c:540
+ __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5498
+ __netif_receive_skb+0x24/0x1b0 net/core/dev.c:5612
+ process_backlog+0x2a5/0x6c0 net/core/dev.c:6492
+ __napi_poll+0xaf/0x440 net/core/dev.c:7047
+ napi_poll net/core/dev.c:7114 [inline]
+ net_rx_action+0x801/0xb40 net/core/dev.c:7201
+ __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
+ invoke_softirq kernel/softirq.c:432 [inline]
+ __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636
+ irq_exit_rcu+0x5/0x20 kernel/softirq.c:648
+ sysvec_apic_timer_interrupt+0x45/0xc0 arch/x86/kernel/apic/apic.c:1100
+ asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
+RIP: 0033:0x43132b
+Code: 48 8b 4c 24 40 48 8b 54 24 38 48 8b 5c 24 30 eb 9e 90 48 89 d3 48 c1 ea 03 48 83 e3 07 48 89 ce 48 89 d9 bf 01 00 00 00 d3 e7 <90> 48 03 50 50 0f b6 1a 40 84 df 74 19 48 8b 44 24 58 48 8b 4c 24
+RSP: 002b:000000c00ca55f60 EFLAGS: 00000202
+RAX: 00007ff3437d4f70 RBX: 0000000000000001 RCX: 0000000000000001
+RDX: 0000000000000014 RSI: 000000c013793420 RDI: 0000000000000002
+RBP: 000000c00ca55fa8 R08: 000000000000000b R09: ffffffffffffffff
+R10: 00007ff343dc41c0 R11: 000000c000020f58 R12: 000000c00181c6f0
+R13: 000000c000020f48 R14: 000000000094d49c R15: 0000000000000000
diff --git a/pkg/report/testdata/linux/decompile/amd64/3.out b/pkg/report/testdata/linux/decompile/amd64/3.out
new file mode 100644
index 000000000..88362afc5
--- /dev/null
+++ b/pkg/report/testdata/linux/decompile/amd64/3.out
@@ -0,0 +1,50 @@
+ccid3_first_li: No RTT estimate available, using fallback RTT
+ccid3_first_li: X_recv==0
+BUG: stored value of X_recv is zero at net/dccp/ccids/ccid3.c:691/ccid3_first_li()
+CPU: 1 PID: 11737 Comm: syz-fuzzer Not tainted 5.14.0-rc5-syzkaller #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:88 [inline]
+ dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:105
+ ccid3_first_li.cold+0x67/0x17a net/dccp/ccids/ccid3.c:691
+ tfrc_lh_interval_add+0x640/0x8e0 net/dccp/ccids/lib/loss_interval.c:157
+ tfrc_rx_handle_loss+0x41b/0x1fa0 net/dccp/ccids/lib/packet_history.c:328
+ ccid3_hc_rx_packet_recv+0x385/0xe90 net/dccp/ccids/ccid3.c:744
+ ccid_hc_rx_packet_recv net/dccp/ccid.h:182 [inline]
+ dccp_deliver_input_to_ccids+0xd9/0x250 net/dccp/input.c:176
+ dccp_rcv_established net/dccp/input.c:374 [inline]
+ dccp_rcv_established+0x107/0x160 net/dccp/input.c:364
+ dccp_v4_do_rcv+0x130/0x190 net/dccp/ipv4.c:667
+ sk_backlog_rcv include/net/sock.h:1023 [inline]
+ __sk_receive_skb+0x29d/0x830 net/core/sock.c:527
+ dccp_v4_rcv+0xea5/0x19d0 net/dccp/ipv4.c:890
+ ip_protocol_deliver_rcu+0xa7/0xa20 net/ipv4/ip_input.c:204
+ ip_local_deliver_finish+0x20a/0x370 net/ipv4/ip_input.c:231
+ NF_HOOK include/linux/netfilter.h:307 [inline]
+ NF_HOOK include/linux/netfilter.h:301 [inline]
+ ip_local_deliver+0x1b3/0x200 net/ipv4/ip_input.c:252
+ dst_input include/net/dst.h:458 [inline]
+ ip_rcv_finish+0x1da/0x2f0 net/ipv4/ip_input.c:429
+ NF_HOOK include/linux/netfilter.h:307 [inline]
+ NF_HOOK include/linux/netfilter.h:301 [inline]
+ ip_rcv+0xaa/0xd0 net/ipv4/ip_input.c:540
+ __netif_receive_skb_one_core+0x114/0x180 net/core/dev.c:5498
+ __netif_receive_skb+0x24/0x1b0 net/core/dev.c:5612
+ process_backlog+0x2a5/0x6c0 net/core/dev.c:6492
+ __napi_poll+0xaf/0x440 net/core/dev.c:7047
+ napi_poll net/core/dev.c:7114 [inline]
+ net_rx_action+0x801/0xb40 net/core/dev.c:7201
+ __do_softirq+0x29b/0x9c2 kernel/softirq.c:558
+ invoke_softirq kernel/softirq.c:432 [inline]
+ __irq_exit_rcu+0x16e/0x1c0 kernel/softirq.c:636
+ irq_exit_rcu+0x5/0x20 kernel/softirq.c:648
+ sysvec_apic_timer_interrupt+0x45/0xc0 arch/x86/kernel/apic/apic.c:1100
+ asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638
+RIP: 0033:0x43132b
+Code: 48 8b 4c 24 40 48 8b 54 24 38 48 8b 5c 24 30 eb 9e 90 48 89 d3 48 c1 ea 03 48 83 e3 07 48 89 ce 48 89 d9 bf 01 00 00 00 d3 e7 <90> 48 03 50 50 0f b6 1a 40 84 df 74 19 48 8b 44 24 58 48 8b 4c 24
+RSP: 002b:000000c00ca55f60 EFLAGS: 00000202
+RAX: 00007ff3437d4f70 RBX: 0000000000000001 RCX: 0000000000000001
+RDX: 0000000000000014 RSI: 000000c013793420 RDI: 0000000000000002
+RBP: 000000c00ca55fa8 R08: 000000000000000b R09: ffffffffffffffff
+R10: 00007ff343dc41c0 R11: 000000c000020f58 R12: 000000c00181c6f0
+R13: 000000c000020f48 R14: 000000000094d49c R15: 0000000000000000
diff --git a/pkg/report/testdata/linux/decompile/amd64/4.in b/pkg/report/testdata/linux/decompile/amd64/4.in
new file mode 100644
index 000000000..cf27b1f07
--- /dev/null
+++ b/pkg/report/testdata/linux/decompile/amd64/4.in
@@ -0,0 +1,55 @@
+divide error: 0000 [#1] PREEMPT SMP KASAN
+CPU: 1 PID: 3149 Comm: syz-executor385 Not tainted 5.4.141-syzkaller-16412-gf364839bcf0b #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+RIP: 0010:snd_pcm_lib_ioctl_fifo_size sound/core/pcm_lib.c:1739 [inline]
+RIP: 0010:snd_pcm_lib_ioctl+0x73e/0x75c sound/core/pcm_lib.c:1764
+Code: fd 4c 89 e2 b8 ff ff 37 00 48 c1 ea 03 48 c1 e0 2a 80 3c 02 00 74 08 4c 89 e7 e8 f0 8e 14 fe 48 8b 83 18 02 00 00 89 ed 31 d2 <48> f7 f5 48 89 83 18 02 00 00 45 31 ed e8 7f b5 f2 fd 44 89 e8 5b
+RSP: 0018:ffff8881da17fb78 EFLAGS: 00010246
+RAX: 0000000000000000 RBX: ffff8881dce33800 RCX: ffff8881dd6a9980
+RDX: 0000000000000000 RSI: ffffffff833e3709 RDI: 0000000100000000
+RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000007
+R10: ffff8881dd6a9980 R11: ffffffff8134d1e8 R12: ffff8881dce33a18
+R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
+FS:  0000000002290300(0000) GS:ffff8881f6d00000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000000020001090 CR3: 00000001d89ec000 CR4: 00000000001406e0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ snd_pcm_ops_ioctl+0x76/0xa0 sound/core/pcm_native.c:196
+ fixup_unreferenced_params+0x46b/0x547 sound/core/pcm_native.c:471
+ snd_pcm_hw_refine_old_user sound/core/pcm_native.c:3700 [inline]
+ snd_pcm_common_ioctl+0x1002/0x1764 sound/core/pcm_native.c:3036
+ snd_pcm_ioctl+0x93/0xa9 sound/core/pcm_native.c:3073
+ vfs_ioctl+0x76/0x9e fs/ioctl.c:47
+ do_vfs_ioctl+0xfc5/0x1022 fs/ioctl.c:722
+ ksys_ioctl+0x79/0xb1 fs/ioctl.c:737
+ __do_sys_ioctl fs/ioctl.c:744 [inline]
+ __se_sys_ioctl fs/ioctl.c:742 [inline]
+ __x64_sys_ioctl+0x7f/0x86 fs/ioctl.c:742
+ do_syscall_64+0x10b/0x144 arch/x86/entry/common.c:299
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+RIP: 0033:0x443649
+Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
+RSP: 002b:00007ffef556a688 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
+RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000443649
+RDX: 00000000200010c0 RSI: 00000000c1004110 RDI: 0000000000000003
+RBP: 00000000004031f0 R08: 0000000000000000 R09: 00000000004004a0
+R10: 000000000000001f R11: 0000000000000246 R12: 0000000000403280
+R13: 0000000000000000 R14: 00000000004b1018 R15: 00000000004004a0
+Modules linked in:
+---[ end trace 7398808905092392 ]---
+RIP: 0010:snd_pcm_lib_ioctl_fifo_size sound/core/pcm_lib.c:1739 [inline]
+RIP: 0010:snd_pcm_lib_ioctl+0x73e/0x75c sound/core/pcm_lib.c:1764
+Code: fd 4c 89 e2 b8 ff ff 37 00 48 c1 ea 03 48 c1 e0 2a 80 3c 02 00 74 08 4c 89 e7 e8 f0 8e 14 fe 48 8b 83 18 02 00 00 89 ed 31 d2 <48> f7 f5 48 89 83 18 02 00 00 45 31 ed e8 7f b5 f2 fd 44 89 e8 5b
+RSP: 0018:ffff8881da17fb78 EFLAGS: 00010246
+RAX: 0000000000000000 RBX: ffff8881dce33800 RCX: ffff8881dd6a9980
+RDX: 0000000000000000 RSI: ffffffff833e3709 RDI: 0000000100000000
+RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000007
+R10: ffff8881dd6a9980 R11: ffffffff8134d1e8 R12: ffff8881dce33a18
+R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
+FS:  0000000002290300(0000) GS:ffff8881f6c00000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007b48899bf000 CR3: 00000001d89ec000 CR4: 00000000001406f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
diff --git a/pkg/report/testdata/linux/decompile/amd64/4.out b/pkg/report/testdata/linux/decompile/amd64/4.out
new file mode 100644
index 000000000..f2fab8cd7
--- /dev/null
+++ b/pkg/report/testdata/linux/decompile/amd64/4.out
@@ -0,0 +1,75 @@
+divide error: 0000 [#1] PREEMPT SMP KASAN
+CPU: 1 PID: 3149 Comm: syz-executor385 Not tainted 5.4.141-syzkaller-16412-gf364839bcf0b #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+RIP: 0010:snd_pcm_lib_ioctl_fifo_size sound/core/pcm_lib.c:1739 [inline]
+RIP: 0010:snd_pcm_lib_ioctl+0x73e/0x75c sound/core/pcm_lib.c:1764
+Code: fd 4c 89 e2 b8 ff ff 37 00 48 c1 ea 03 48 c1 e0 2a 80 3c 02 00 74 08 4c 89 e7 e8 f0 8e 14 fe 48 8b 83 18 02 00 00 89 ed 31 d2 <48> f7 f5 48 89 83 18 02 00 00 45 31 ed e8 7f b5 f2 fd 44 89 e8 5b
+RSP: 0018:ffff8881da17fb78 EFLAGS: 00010246
+RAX: 0000000000000000 RBX: ffff8881dce33800 RCX: ffff8881dd6a9980
+RDX: 0000000000000000 RSI: ffffffff833e3709 RDI: 0000000100000000
+RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000007
+R10: ffff8881dd6a9980 R11: ffffffff8134d1e8 R12: ffff8881dce33a18
+R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
+FS:  0000000002290300(0000) GS:ffff8881f6d00000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000000020001090 CR3: 00000001d89ec000 CR4: 00000000001406e0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ snd_pcm_ops_ioctl+0x76/0xa0 sound/core/pcm_native.c:196
+ fixup_unreferenced_params+0x46b/0x547 sound/core/pcm_native.c:471
+ snd_pcm_hw_refine_old_user sound/core/pcm_native.c:3700 [inline]
+ snd_pcm_common_ioctl+0x1002/0x1764 sound/core/pcm_native.c:3036
+ snd_pcm_ioctl+0x93/0xa9 sound/core/pcm_native.c:3073
+ vfs_ioctl+0x76/0x9e fs/ioctl.c:47
+ do_vfs_ioctl+0xfc5/0x1022 fs/ioctl.c:722
+ ksys_ioctl+0x79/0xb1 fs/ioctl.c:737
+ __do_sys_ioctl fs/ioctl.c:744 [inline]
+ __se_sys_ioctl fs/ioctl.c:742 [inline]
+ __x64_sys_ioctl+0x7f/0x86 fs/ioctl.c:742
+ do_syscall_64+0x10b/0x144 arch/x86/entry/common.c:299
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+RIP: 0033:0x443649
+Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
+RSP: 002b:00007ffef556a688 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
+RAX: ffffffffffffffda RBX: 00000000004004a0 RCX: 0000000000443649
+RDX: 00000000200010c0 RSI: 00000000c1004110 RDI: 0000000000000003
+RBP: 00000000004031f0 R08: 0000000000000000 R09: 00000000004004a0
+R10: 000000000000001f R11: 0000000000000246 R12: 0000000000403280
+R13: 0000000000000000 R14: 00000000004b1018 R15: 00000000004004a0
+Modules linked in:
+---[ end trace 7398808905092392 ]---
+RIP: 0010:snd_pcm_lib_ioctl_fifo_size sound/core/pcm_lib.c:1739 [inline]
+RIP: 0010:snd_pcm_lib_ioctl+0x73e/0x75c sound/core/pcm_lib.c:1764
+Code: fd 4c 89 e2 b8 ff ff 37 00 48 c1 ea 03 48 c1 e0 2a 80 3c 02 00 74 08 4c 89 e7 e8 f0 8e 14 fe 48 8b 83 18 02 00 00 89 ed 31 d2 <48> f7 f5 48 89 83 18 02 00 00 45 31 ed e8 7f b5 f2 fd 44 89 e8 5b
+RSP: 0018:ffff8881da17fb78 EFLAGS: 00010246
+RAX: 0000000000000000 RBX: ffff8881dce33800 RCX: ffff8881dd6a9980
+RDX: 0000000000000000 RSI: ffffffff833e3709 RDI: 0000000100000000
+RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000007
+R10: ffff8881dd6a9980 R11: ffffffff8134d1e8 R12: ffff8881dce33a18
+R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
+FS:  0000000002290300(0000) GS:ffff8881f6c00000(0000) knlGS:0000000000000000
+CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007b48899bf000 CR3: 00000001d89ec000 CR4: 00000000001406f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+----------------
+Code disassembly (best guess):
+   0:	fd                   	std
+   1:	4c 89 e2             	mov    %r12,%rdx
+   4:	b8 ff ff 37 00       	mov    $0x37ffff,%eax
+   9:	48 c1 ea 03          	shr    $0x3,%rdx
+   d:	48 c1 e0 2a          	shl    $0x2a,%rax
+  11:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
+  15:	74 08                	je     0x1f
+  17:	4c 89 e7             	mov    %r12,%rdi
+  1a:	e8 f0 8e 14 fe       	callq  0xfe148f0f
+  1f:	48 8b 83 18 02 00 00 	mov    0x218(%rbx),%rax
+  26:	89 ed                	mov    %ebp,%ebp
+  28:	31 d2                	xor    %edx,%edx
+* 2a:	48 f7 f5             	div    %rbp <-- trapping instruction
+  2d:	48 89 83 18 02 00 00 	mov    %rax,0x218(%rbx)
+  34:	45 31 ed             	xor    %r13d,%r13d
+  37:	e8 7f b5 f2 fd       	callq  0xfdf2b5bb
+  3c:	44 89 e8             	mov    %r13d,%eax
+  3f:	5b                   	pop    %rbx
diff --git a/pkg/report/testdata/linux/decompile/arm/0.out b/pkg/report/testdata/linux/decompile/arm/0.out
index 49a85c720..710c1edbd 100644
--- a/pkg/report/testdata/linux/decompile/arm/0.out
+++ b/pkg/report/testdata/linux/decompile/arm/0.out
@@ -112,4 +112,4 @@ Code disassembly (best guess):
    4:	e2853020 	add	r3, r5, #32
    8:	e1a02000 	mov	r2, r0
    c:	e2422008 	sub	r2, r2, #8
-  10:	e5034020 	str	r4, [r3, #-32]	; 0xffffffe0 <-- trapping instruction
+* 10:	e5034020 	str	r4, [r3, #-32]	; 0xffffffe0 <-- trapping instruction
diff --git a/pkg/report/testdata/linux/decompile/arm64/0.out b/pkg/report/testdata/linux/decompile/arm64/0.out
index 2b6406f60..654ec9506 100644
--- a/pkg/report/testdata/linux/decompile/arm64/0.out
+++ b/pkg/report/testdata/linux/decompile/arm64/0.out
@@ -40,10 +40,3 @@ Call trace:
  work_pending+0xc/0x3d4
 Code: cb000260 d34cfc00 97fcf6fe 35fffc20 (d4210000) 
 ---[ end trace 9cab793efd001cad ]---
-----------------
-Code disassembly (best guess):
-   0:	cb000260 	sub	x0, x19, x0
-   4:	d34cfc00 	lsr	x0, x0, #12
-   8:	97fcf6fe 	bl	0xfffffffffff3dc00
-   c:	35fffc20 	cbnz	w0, 0xffffffffffffff90
-  10:	d4210000 	brk	#0x800 <-- trapping instruction
diff --git a/pkg/report/testdata/linux/decompile/arm64/1.out b/pkg/report/testdata/linux/decompile/arm64/1.out
index c07a4756b..09ea024f2 100644
--- a/pkg/report/testdata/linux/decompile/arm64/1.out
+++ b/pkg/report/testdata/linux/decompile/arm64/1.out
@@ -53,4 +53,4 @@ Code disassembly (best guess):
    4:	f2df7fe1 	movk	x1, #0xfbff, lsl #32
    8:	f2ffffe1 	movk	x1, #0xffff, lsl #48
    c:	8b010273 	add	x19, x19, x1
-  10:	39000274 	strb	w20, [x19] <-- trapping instruction
+* 10:	39000274 	strb	w20, [x19] <-- trapping instruction