Assert in resettable_phase_enter through virtio-scsi
Hello, I bisected this to 4a5fc890 ("scsi: Use device_cold_reset() and bus_cold_reset()") CC: @pm215
Reproducer
cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest, -m \
512M -machine q35 -device virtio-scsi,num_queues=8 -device \
scsi-hd,drive=disk0 -drive file=null-co://,id=disk0,if=none,format=raw \
-qtest stdio
outl 0xcf8 0x80001810
outl 0xcfc 0xc000
outl 0xcf8 0x80001804
outw 0xcfc 0x05
outl 0xcf8 0x80001810
outb 0xcfc 0x40
outl 0xc046 0x275a0000
write 0x275b002 0x1 0x31
write 0x275a000 0x1 0xff
write 0x275a008 0x1 0x20
write 0x275a00c 0x1 0x01
write 0x275a00e 0x1 0x02
write 0x103 0x1 0x04
write 0x107 0x1 0x00
write 0x275a028 0x1 0x01
write 0x275a02c 0x1 0x02
outl 0xc04f 0x00
EOF
Stack-Trace
../hw/core/resettable.c:141: void resettable_phase_enter(Object *, void *, ResetType): Assertion `s->count <= 50' failed.
#8 0x7f9bd8814b01 in __assert_fail assert/./assert/assert.c:101:3
#9 0x558fe328da6a in resettable_phase_enter /home/alxndr/Development/qemu-demo/qemu/build/../hw/core/resettable.c:141:5
#10 0x558fe328d105 in resettable_assert_reset /home/alxndr/Development/qemu-demo/qemu/build/../hw/core/resettable.c:57:5
#11 0x558fe328cf9f in resettable_reset /home/alxndr/Development/qemu-demo/qemu/build/../hw/core/resettable.c:45:5
#12 0x558fe315050b in virtio_scsi_do_tmf /home/alxndr/Development/qemu-demo/qemu/build/../hw/scsi/virtio-scsi.c:368:9
#13 0x558fe315050b in virtio_scsi_handle_ctrl_req /home/alxndr/Development/qemu-demo/qemu/build/../hw/scsi/virtio-scsi.c:467:17
#14 0x558fe315050b in virtio_scsi_handle_ctrl_vq /home/alxndr/Development/qemu-demo/qemu/build/../hw/scsi/virtio-scsi.c:505:9
#15 0x558fe315050b in virtio_scsi_handle_ctrl /home/alxndr/Development/qemu-demo/qemu/build/../hw/scsi/virtio-scsi.c:536:5
#16 0x558fe3186654 in virtio_queue_notify_vq /home/alxndr/Development/qemu-demo/qemu/build/../hw/virtio/virtio.c:2810:9
#17 0x558fe3416769 in aio_dispatch_handler /home/alxndr/Development/qemu-demo/qemu/build/../util/aio-posix.c:369:9
#18 0x558fe341595b in aio_dispatch_handlers /home/alxndr/Development/qemu-demo/qemu/build/../util/aio-posix.c:412:20
#19 0x558fe341595b in aio_dispatch /home/alxndr/Development/qemu-demo/qemu/build/../util/aio-posix.c:422:5
#20 0x558fe342bfaa in aio_ctx_dispatch /home/alxndr/Development/qemu-demo/qemu/build/../util/async.c:320:5
#21 0x7f9bd8dcbbc8 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x53bc8
OSS-Fuzz Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52548
libqtest Reproducer: repro.c
Thank you
Edited by Alexander Bulekov