# This seed helps syzkaller to reliably pass the probe() checks for lan78xx driver.
# As some CTRL requests occur during the probe, a few syz_usb_control_io() calls may
# be in a weird order or even duplicate.

# TODO: currently, probe does not succeed completely. Most likely, it stems from the fact that
# the abundance of expected CTRL requests *during* probe is not something syzkaller can handle at the moment.
# Timing is essential among other things. This should be mitigated by a separate syz_usb_connect pseudo-call 
# that deals with such requests without syz_usb_control_io.

# Ensure that we pass driver-specific basic usb interface and endpoint checks during initial probe() stages.

r0 = syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x80, 0xfa, {{0x9, 0x4, 0x0, 0x0, 0x3, 0xff, 0x0, 0x0, 0x0, "", {{0x9, 0x5, 0x81, 0x2, 0x200, 0x0, 0x0, 0x0, ""}, {0x9, 0x5, 0x2, 0x2, 0x200, 0x0, 0x0, 0x0, ""}, {0x9, 0x5, 0x83, 0x3, 0x40, 0x1, 0x0, 0x0, ""}}}}}}]}}, 0x0)

# This is where the fun begins.
# Functions like lan78xx_bind() and lan78xx_phy_init() in lan78xx_probe() utilize ~50 CTRL requests, both directions, during probe.

# Write to INT_EP_CTL register in lan78xx_setup_irq_domain().

syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f00000003c0)={0x34, &(0x7f0000000140)={0x20, 0x11, 0x0, ""}, 0x0, 0x0, 0x0, 0x0, 0x0})

# Write to HW_CFG register in lan78xx_reset().

syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000780)={0x34, &(0x7f0000000600)={0x40, 0x11, 0x0, ""}, 0x0, 0x0, 0x0, 0x0, 0x0})

# Read from HW_CFG register.

syz_usb_control_io$lan78xx(r0, 0x0, 0x0)

# Write to HW_CFG register.

syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000f00)={0x34, &(0x7f0000000cc0)={0x40, 0x10, 0x0, ""}, 0x0, 0x0, 0x0, 0x0, 0x0})

# Write to RX_ADDRL and RX_ADDRH registers in lan78xx_init_mac_address().

syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001240)={0x34, &(0x7f0000001080)={0x0, 0x6, 0x0, ""}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001700)={0x34, &(0x7f0000001500)={0x20, 0x18, 0x1, ')'}, 0x0, 0x0, 0x0, 0x0, 0x0})

# Read from MAF_LO(0) and MAF_HI(0) registers.

syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)

# Write to ID_REV register, back in lan78xx_reset().

syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000002180)={0x34, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})

# Write and read to/from USB_CFG0 register.

syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f00000006c0)={0x34, &(0x7f0000000500)={0x0, 0x7, 0x0, ""}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)

# Write to USB_CFG1 register in lan78xx_init_ltm().

syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000002540)={0x34, &(0x7f0000002340)={0x0, 0xf, 0x0, ""}, 0x0, 0x0, 0x0, 0x0, 0x0})

# Read from 6 registers (LTM_BELT_IDLE0 etc.) in a row.

syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)

# Read from BURST_CAP and BULK_IN_DLY registers in lan78xx_reset().

syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)

# Write to HW_CFG register.

syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000380)={0x34, &(0x7f0000000840)={0x0, 0x0, 0x0, ""}, 0x0, 0x0, 0x0, 0x0, 0x0})