On 07/04/2021 15:49, Alexander Bulekov wrote:
Hi Mark, I guess there must have been something timing-sensitive in the reproducer... Too bad it didn't work.
Yeah, it would have been nice to have something that could be triggered directly by a test but never mind.
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c index 0037197bdb..b668acef82 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c @@ -357,6 +357,7 @@ static void handle_satn(ESPState *s) cmdlen = get_cmd(s, ESP_CMDFIFO_SZ); if (cmdlen > 0) { s->cmdfifo_cdb_offset = 1; + s->do_cmd = 0; do_cmd(s); } else if (cmdlen == 0) { s->do_cmd = 1; @@ -390,6 +391,7 @@ static void handle_s_without_atn(ESPState *s) cmdlen = get_cmd(s, ESP_CMDFIFO_SZ); if (cmdlen > 0) { s->cmdfifo_cdb_offset = 0; + s->do_cmd = 0; do_busid_cmd(s, 0); } else if (cmdlen == 0) { s->do_cmd = 1;With this applied, I don't see either of those asserts anymore. Thank you! -Alex
Awesome! I'll include this in v4. BTW does this now mean that the am53c974 survives a run through your fuzzer corpus?
ATB, Mark.
