From: Peter Maydell <peter.maydell@linaro.org>
Date: Tue, 28 Oct 2025 16:52:35 +0000 (+0000)
Subject: docs/devel/testing/fuzzing: Note that you can get qtest to read from a file
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5848d2c3a6c4cc1b37234db462b1b36bc0a18bf4;p=thirdparty%2Fqemu.git

docs/devel/testing/fuzzing: Note that you can get qtest to read from a file

It is possible to get qtest to read fuzzer reproducers from a file
rather than directly from stdio; this is useful when you want to run
QEMU under gdb to debug the failure.  Document how to do this, which
was previously only written down in the commit message for
5b18a6bf44b9 ("chardev: Allow setting file chardev input file on the
command line").

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Message-id: 20251028165236.3327658-1-peter.maydell@linaro.org
---

diff --git a/docs/devel/testing/fuzzing.rst b/docs/devel/testing/fuzzing.rst
index c3ac084311..c43f815f32 100644
--- a/docs/devel/testing/fuzzing.rst
+++ b/docs/devel/testing/fuzzing.rst
@@ -263,6 +263,15 @@ generic-fuzz target.
 
 - Report the bug and send a patch with the C reproducer upstream
 
+QEMU can also read the reproducer directly from a file rather than
+from standard input::
+
+    $QEMU_PATH $QEMU_ARGS -qtest chardev:repro \
+      -chardev file,id=repro,path=/dev/null,input-path=/tmp/reproducer
+
+This is useful if you want to run QEMU under a debugger to investigate
+the failure.
+
 Implementation Details / Fuzzer Lifecycle
 -----------------------------------------