Re: About libfuzzer in qemu

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: About libfuzzer in qemu

From:	Alexander Bulekov
Subject:	Re: About libfuzzer in qemu
Date:	Sun, 7 Mar 2021 22:52:00 -0500

On 210307 2242, Alexander Bulekov wrote:
> My basic workflow for that is:
> QEMU_FUZZ_TIMEOUT=0 QTEST_LOG=1 FUZZ_SERIALIZE_QTEST=1 \
> ./qemu-fuzz-target \
>        --fuzz-target=generic-fuzz-virtio-vga ./crash-... > /tmp/out
                                                           ^
                                        Oops that should be 2> or &>

> ./scripts/oss-fuzz/reorder_fuzzer_qtest_trace.py /tmp/out > /tmp/repro
> 
> # In /tmp/out find the line "Starting qemu with Arguments:" and copy the
> # args ( without -qtest /dev/null)
> less /tmp/out 
> 
> export QEMU_ARGS="-display none -machine accel=qtest, -m 512M -machine q35 
> -nodefaults -device virtio-vga"
> 
> # Reproduce the crash on a non-fuzz binary
> ./qemu-system-i386 $QEMU_ARGS -qtest stdio < /tmp/repro

[Prev in Thread]

Current Thread

[Next in Thread]

Re: About libfuzzer in qemu, Alexander Bulekov, 2021/03/04
- Re: About libfuzzer in qemu, Qiuhao Li, 2021/03/05
  - Re: About libfuzzer in qemu, Alexander Bulekov, 2021/03/05
- Message not available
  - Message not available
    - Message not available
    - Re: About libfuzzer in qemu, Alexander Bulekov, 2021/03/07
    - Re: About libfuzzer in qemu, Alexander Bulekov <=

Prev by Date: Re: [RFC PATCH v3 02/10] net: Pad short frames to minimum size before send from SLiRP/TAP
Next by Date: Re: [PATCH V4 00/10] Detect reentrant RX casued by loopback
Previous by thread: Re: About libfuzzer in qemu
Next by thread: [PATCH 0/3] user-mode: Rename CPUState::opaque as CPUState::task_state
Index(es):
- Date
- Thread