x86: 0.899
graphic: 0.865
ppc: 0.832
device: 0.826
performance: 0.722
network: 0.618
vnc: 0.608
i386: 0.572
socket: 0.564
semantic: 0.479
files: 0.475
PID: 0.470
VMM: 0.468
arm: 0.443
register: 0.437
debug: 0.419
risc-v: 0.416
permissions: 0.345
TCG: 0.334
boot: 0.333
peripherals: 0.327
virtual: 0.316
architecture: 0.299
hypervisor: 0.265
mistranslation: 0.245
user-level: 0.232
kernel: 0.186
KVM: 0.166
assembly: 0.139

Spice: handle_dev_destroy_surface_wait: condition `msg->surface_id == 0' failed (DoS via assert failure)
Description of problem:
Assert failure in libspice-server was found during fuzzing qxl-vga device.

```plaintext
qemu-system-x86_64: Spice: ../server/red-worker.cpp:367:handle_dev_destroy_surface_wait: condition `msg->surface_id == 0' failed
Аварийный останов
```
Steps to reproduce:
1. This bug can be reroduced with 

   ```plaintext
   cat << EOF | ./qemu-system-x86_64 -display none -machine accel=qtest, -m 512M -M \
   pc -nodefaults -vga qxl -qtest stdio
   outl 0xcf8 0x8000101c
   outl 0xcfc 0xc000
   outl 0xcf8 0x80001004
   outw 0xcfc 0x01
   outl 0xc00b 0x01000000
   EOF
   ```
2. This bug is in another place from https://gitlab.com/qemu-project/qemu/-/issues/1829, please pay attention to it. It has to be solved, because it interferes with further fuzzing process
Additional information:
As I mentioned, I really need this bug to be solved, because fuzzing qxl-vga device gets less efficient. I suggested to report it here, not in spice-server, because this bug can be on the QEMU side.