QEMU flag fuzz targets not WAI

Description: The virtio-*-flags fuzz targets do not seem to be working as intended, and fail with an assertion error almost immediately after start. This was tested on 019fbfa4 ("Merge tag 'pull-misc-2025-04-24' of https://repo.or.cz/qemu/armbru into staging").

We have a locally developed fuzz target we would like to try and contribute upstream, and this was developed after applying the "Possible fix" section described below.

Steps to reproduce: Tested on Ubuntu for qemu-fuzz-i386 and qemu-fuzz-x86_64.

$ export VERSION="16"
$ CC=clang-${VERSION} CXX=clang++-${VERSION}  ../configure --enable-fuzzing --extra-cflags="-fsanitize=address" --target-list="x86_64-softmmu" && make -j$(nproc) qemu-fuzz-x86_64
$ ./qemu-fuzz-x86_64 --fuzz-target=virtio-scsi-flags-fuzz -rss_limit_mb=4096 -use_value_profile=1

# The fuzz target almost immediately crashes with the following assertion:
ERROR:../tests/qtest/libqos/virtio-pci-modern.c:67:set_features: assertion failed (features & (1ull << VIRTIO_F_VERSION_1) != 0): (0x00000000 != 0x00000000)
Bail out! ERROR:../tests/qtest/libqos/virtio-pci-modern.c:67:set_features: assertion failed (features & (1ull << VIRTIO_F_VERSION_1) != 0): (0x00000000 != 0x00000000)
==461994== ERROR: libFuzzer: deadly signal
    #0 0x55c356afdca5 in __sanitizer_print_stack_trace (/home/user/repos/emulators/qemu/build2/qemu-fuzz-i386+0xc5fca5) (BuildId: a9486c654f0cc46b5d787993830ddc6213401d6f)
    #1 0x55c356a5795c in fuzzer::PrintStackTrace() (/home/user/repos/emulators/qemu/build2/qemu-fuzz-i386+0xbb995c) (BuildId: a9486c654f0cc46b5d787993830ddc6213401d6f)
    #2 0x55c356a3daf7 in fuzzer::Fuzzer::CrashCallback() (/home/user/repos/emulators/qemu/build2/qemu-fuzz-i386+0xb9faf7) (BuildId: a9486c654f0cc46b5d787993830ddc6213401d6f)
    #3 0x7ff973a5ddef  (/lib/x86_64-linux-gnu/libc.so.6+0x3fdef) (BuildId: 11589948642c5b33fb0b2bcb08053e827d2348f3)
    #4 0x7ff973ab295b in __pthread_kill_implementation nptl/pthread_kill.c:43:17
    #5 0x7ff973a5dcc1 in raise signal/../sysdeps/posix/raise.c:26:13
    #6 0x7ff973a464ab in abort stdlib/abort.c:73:3
    #7 0x7ff9741d20ba  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x1f0ba) (BuildId: ae75befa09a32aa90c5c33fbbe64dceb0757c967)
    #8 0x7ff97423f11c in g_assertion_message_cmpint (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x8c11c) (BuildId: ae75befa09a32aa90c5c33fbbe64dceb0757c967)
    #9 0x7ff97423f3a3 in g_assertion_message_cmpnum (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x8c3a3) (BuildId: ae75befa09a32aa90c5c33fbbe64dceb0757c967)
    #10 0x55c357d207f7 in set_features /home/user/repos/emulators/qemu/build2/../tests/qtest/libqos/virtio-pci-modern.c:67:5
    #11 0x55c357d16840 in qvirtio_set_features /home/user/repos/emulators/qemu/build2/../tests/qtest/libqos/virtio.c:107:5
    #12 0x55c357d40e81 in qvirtio_scsi_init /home/user/repos/emulators/qemu/build2/../tests/qtest/fuzz/virtio_scsi_fuzz.c:51:5
    #13 0x55c357d40e81 in virtio_scsi_with_flag_fuzz /home/user/repos/emulators/qemu/build2/../tests/qtest/fuzz/virtio_scsi_fuzz.c:141:18
    #14 0x55c357d3b6b2 in LLVMFuzzerTestOneInput /home/user/repos/emulators/qemu/build2/../tests/qtest/fuzz/fuzz.c:159:5
    #15 0x55c356a3efc4 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/user/repos/emulators/qemu/build2/qemu-fuzz-i386+0xba0fc4) (BuildId: a9486c654f0cc46b5d787993830ddc6213401d6f)
    #16 0x55c356a3e6a9 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) (/home/user/repos/emulators/qemu/build2/qemu-fuzz-i386+0xba06a9) (BuildId: a9486c654f0cc46b5d787993830ddc6213401d6f)
    #17 0x55c356a3fe65 in fuzzer::Fuzzer::MutateAndTestOne() (/home/user/repos/emulators/qemu/build2/qemu-fuzz-i386+0xba1e65) (BuildId: a9486c654f0cc46b5d787993830ddc6213401d6f)
    #18 0x55c356a409d5 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, std::allocator<fuzzer::SizedFile>>&) (/home/user/repos/emulators/qemu/build2/qemu-fuzz-i386+0xba29d5) (BuildId: a9486c654f0cc46b5d787993830ddc6213401d6f)
    #19 0x55c356a2e0e0 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/user/repos/emulators/qemu/build2/qemu-fuzz-i386+0xb900e0) (BuildId: a9486c654f0cc46b5d787993830ddc6213401d6f)
    #20 0x55c356a582e6 in main (/home/user/repos/emulators/qemu/build2/qemu-fuzz-i386+0xbba2e6) (BuildId: a9486c654f0cc46b5d787993830ddc6213401d6f)
    #21 0x7ff973a47ca7 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #22 0x7ff973a47d64 in __libc_start_main csu/../csu/libc-start.c:360:3
    #23 0x55c356a22d80 in _start (/home/user/repos/emulators/qemu/build2/qemu-fuzz-i386+0xb84d80) (BuildId: a9486c654f0cc46b5d787993830ddc6213401d6f)

Possible fix: Revert the following commits:

$ git revert d2e6f9272d3 # fix conflicts when reverting commit "fuzz: remove fork-fuzzing scaffolding"
$ git revert 5d3c73e27e7 # revert commit "fuzz/virtio-scsi: remove fork-based fuzzer". There are similar commits for other fuzz targets as well.