When a fuzz-test crashes it can print the error stack. The highest provides you with an concept what precipitated the difficulty, and the underside will offer you a text-formatted model of the crashing fuzz seed.
fuzz: ../../src/pockets/check/fuzz/coinselection.cpp:120: void pockets::coinselection_fuzz_target(FuzzBufferType): Assertion `result_bnb->GetChange(coin_params.m_cost_of_change, CAmount{0}) == 0' failed.
==2010034== ERROR: libFuzzer: lethal sign
#0 0x55c5cfab4841 in __sanitizer_print_stack_trace (/residence/murch/Workspace/pr-27585/fuzz-build/src/check/fuzz/fuzz+0x1611841) (BuildId: 7e7dce8b351f3ad01c4e9815f15265d8d7a64c61)
…
[skipped]
…
artifact_prefix='./'; Check unit written to ./crash-05d2df3cebde688a5114737869a65484cecd9f45
Base64: MP3//////wT/LzMBEABL////////Wv///yWyEABLAADoQP//PP//CAAAPQAAAAAAAAAAPQEAAAAAAAAA/V12+w==
To determine what precipitated the crash, you should utilize run the fuzzer towards simply the crashing seed, and use your common debugging method e.g.:
$ FUZZ=coinselection src/check/fuzz/fuzz crash-05d2df3cebde688a5114737869a65484cecd9f45
In case you are not the creator of the PR that precipitated the crashing fuzz check, you may present the fuzz seed to the opposite developer by way of the base64 encoding on the backside of the error message. Depart them for instance directions like this in a touch upon the PR:
$ echo "MP3//////wT/LzMBEABL////////Wv///yWyEABLAADoQP//PP//CAAAPQAAAAAAAAAAPQEAAAAA AAAA/V12+w==" | base64 -d > crash.enter
$ FUZZ=coinselection src/check/fuzz/fuzz crash.enter
The string within the citation marks is just the base64 encoding from above.