How to get crash code point after getting crash input

How to get crash code point after getting crash input (e.g. $WORKDIR/corpus/crash/payload_00024)

The gdbserver of Qemu only can help me stop at loader, and can't stop at main-generic which is run by fuzz.sh