1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
# This seed helps syzkaller to reliably pass the probe() checks for rtl8150 driver.
# As some CTRL requests occur during the probe, a few syz_usb_control_io() calls may
# be in a weird order or even duplicate.
# Ensure that we pass driver-specific basic usb interface and endpoint checks during initial probe() stages.
r0 = syz_usb_connect$rtl8150(0x3, 0x3f, &(0x7f00000003c0)={{0x12, 0x1, 0x110, 0xff, 0xff, 0x0, 0x40, 0xbda, 0x8150, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x5, 0x80, 0x0, {{0x9, 0x4, 0x0, 0x7f, 0x3, 0xff, 0x11, 0x1, 0x5, "", {{0x9, 0x5, 0x81, 0x2, 0x40, 0x6, 0x9, 0x4, ""}, {0x9, 0x5, 0x2, 0x2, 0x20, 0x2, 0x57, 0x6e, ""}, {0x9, 0x5, 0x83, 0x3, 0x240, 0x3, 0x82, 0x8, ""}}}}}}]}}, 0x0)
# During probe, rtl8150_reset() requires reading/writing registers via usb_control_msg(), see:
# https://elixir.bootlin.com/linux/v6.16/source/drivers/net/usb/rtl8150.c#L316
# The timing of dealing with CTRL requests is very awkward. So as not to fail dealing with registers, these calls come in.
# They are not directly related to rtl8150 code itself yet seem to be making that the next calls below run on time.
# TODO: figure out the circumstances fully and consider switching to sleep/nanosleep instead.
syz_usb_control_io$rtl8150(r0, &(0x7f0000000580)={0x14, 0x0, &(0x7f0000000480)={0x0, 0x3, 0x3, @lang_id={0x0, 0x3, 0x0}}}, 0x0)
syz_usb_control_io$rtl8150(r0, &(0x7f0000002980)={0x14, 0x0, &(0x7f00000028c0)={0x0, 0x3, 0x3, @lang_id={0x0, 0x3, 0x0}}}, 0x0)
# Receive a request via set_registers().
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
# Send a request via get_registers(). Sent data should make the while{} loop in rtl8150_reset() stop early.
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000004280)={0x2c, 0x0, 0x0, 0x0, 0x0, &(0x7f0000004240)={0x40, 0x5, 0x2, "2bd8"}})
|
