virtio-blk: ASSERT: !s->dataplane_started
This was originally reported at: https://bugs.launchpad.net/qemu/+bug/1907938
Hello,
Reproducer
cat << EOF | ./qemu-system-i386 -display none -m 512M -machine q35 \
-device virtio-blk,drive=disk0 -drive \
file=null-co://,id=disk0,if=none,format=raw -qtest stdio
outl 0xcf8 0x8000181f
outl 0xcfc 0x0a000000
outl 0xcf8 0x80001804
outl 0xcfc 0x07
outl 0xcf8 0x8000180e
outl 0xcfc 0x0f800000
outl 0xf85 0x9e000000
write 0x9f002 0x1 0x04
write 0x9f004 0x1 0x04
write 0x9e040 0x1 0x04
write 0x9e043 0x1 0x01
write 0x9e048 0x1 0x10
write 0x9e04c 0x1 0x01
write 0x9e04e 0x1 0x6e
write 0x1000004 0x1 0x01
write 0x9e6e3 0x1 0x01
write 0x9e6eb 0x1 0x04
write 0x9e6ec 0x1 0x02
write 0x9f006 0x1 0x04
write 0x9f008 0x1 0x04
write 0x9f00a 0x1 0x04
outl 0xf8f 0x00
EOFStack-Trace
qemu-system-i386: wrong value for queue_enable 4
qemu-system-i386: ../hw/block/virtio-blk.c:917: void virtio_blk_reset(VirtIODevice *): Assertion `!s->dataplane_started' failed.
Aborted
#0 __GI_raise at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff620f537 in __GI_abort at abort.c:79
#2 0x00007ffff620f40f in __assert_fail_base at assert.c:92
#3 0x00007ffff621e662 in __GI___assert_failat assert.c:101
#4 0x00005555571688e1 in virtio_blk_reset at ../hw/block/virtio-blk.c:917
#5 0x00005555571db01f in virtio_reset at ../hw/virtio/virtio.c:1998
#6 0x0000555556bbcbf4 in virtio_bus_reset at ../hw/virtio/virtio-bus.c:100
#7 0x00005555568f9e75 in virtio_pci_reset at ../hw/virtio/virtio-pci.c:1932
#8 0x00005555568fbc15 in virtio_ioport_write at ../hw/virtio/virtio-pci.c:341
#9 virtio_pci_config_write at ../hw/virtio/virtio-pci.c:469
#10 0x00005555571f867c in memory_region_write_accessor at ../softmmu/memory.c:492
#11 0x00005555571f83ab in access_with_adjusted_size at ../softmmu/memory.c:554
#12 0x00005555571f804d in memory_region_dispatch_write at ../softmmu/memory.c:1511
#13 0x0000555557243d52 in flatview_write_continue at ../softmmu/physmem.c:2777
#14 0x00005555572400e1 in flatview_write at ../softmmu/physmem.c:2817
#15 address_space_write at ../softmmu/physmem.c:2909
#16 0x000055555724c605 in cpu_outl at ../softmmu/ioport.c:80
#17 0x000055555739c702 in qtest_process_command at ../softmmu/qtest.c:499
#18 0x000055555739a83a in qtest_process_inbuf at ../softmmu/qtest.c:813
#19 0x000055555768d9f9 in fd_chr_read at ../chardev/char-fd.c:73
#20 0x00007ffff7884d6f in g_main_context_dispatch at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00005555579b1cf5 in glib_pollfds_poll at ../util/main-loop.c:232
#22 os_host_main_loop_wait at ../util/main-loop.c:255
#23 main_loop_wait at ../util/main-loop.c:531
#24 0x0000555557279fb7 in qemu_main_loop at ../softmmu/runstate.c:726
#25 0x00005555567997cb in main at ../softmmu/main.c:50OSS-Fuzz Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28524
libqtest Reproducer: 1907938.c
Thank you