On 210307 2242, Alexander Bulekov wrote: > My basic workflow for that is: > QEMU_FUZZ_TIMEOUT=0 QTEST_LOG=1 FUZZ_SERIALIZE_QTEST=1 \ > ./qemu-fuzz-target \ > --fuzz-target=generic-fuzz-virtio-vga ./crash-... > /tmp/out ^ Oops that should be 2> or &>
> ./scripts/oss-fuzz/reorder_fuzzer_qtest_trace.py /tmp/out > /tmp/repro > > # In /tmp/out find the line "Starting qemu with Arguments:" and copy the > # args ( without -qtest /dev/null) > less /tmp/out > > export QEMU_ARGS="-display none -machine accel=qtest, -m 512M -machine q35 > -nodefaults -device virtio-vga" > > # Reproduce the crash on a non-fuzz binary > ./qemu-system-i386 $QEMU_ARGS -qtest stdio < /tmp/repro