github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/sys/linux/test/vusb_rtl8150

# This seed helps syzkaller to reliably pass the probe() checks for rtl8150 driver.
# As some CTRL requests occur during the probe, a few syz_usb_control_io() calls may
# be in a weird order or even duplicate.

# Ensure that we pass driver-specific basic usb interface and endpoint checks during initial probe() stages.

r0 = syz_usb_connect$rtl8150(0x3, 0x3f, &(0x7f00000003c0)={{0x12, 0x1, 0x110, 0xff, 0xff, 0x0, 0x40, 0xbda, 0x8150, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x5, 0x80, 0x0, {{0x9, 0x4, 0x0, 0x7f, 0x3, 0xff, 0x11, 0x1, 0x5, "", {{0x9, 0x5, 0x81, 0x2, 0x40, 0x6, 0x9, 0x4, ""}, {0x9, 0x5, 0x2, 0x2, 0x20, 0x2, 0x57, 0x6e, ""}, {0x9, 0x5, 0x83, 0x3, 0x240, 0x3, 0x82, 0x8, ""}}}}}}]}}, 0x0)

# During probe, rtl8150_reset() requires reading/writing registers via usb_control_msg(), see:
# https://elixir.bootlin.com/linux/v6.16/source/drivers/net/usb/rtl8150.c#L316

# The timing of dealing with CTRL requests is very awkward. So as not to fail dealing with registers, these calls come in.
# They are not directly related to rtl8150 code itself yet seem to be making that the next calls below run on time.
# TODO: figure out the circumstances fully and consider switching to sleep/nanosleep instead.

syz_usb_control_io$rtl8150(r0, &(0x7f0000000580)={0x14, 0x0, &(0x7f0000000480)={0x0, 0x3, 0x3, @lang_id={0x0, 0x3, 0x0}}}, 0x0)
syz_usb_control_io$rtl8150(r0, &(0x7f0000002980)={0x14, 0x0, &(0x7f00000028c0)={0x0, 0x3, 0x3, @lang_id={0x0, 0x3, 0x0}}}, 0x0)

# Receive a request via set_registers().

syz_usb_control_io$rtl8150(r0, 0x0, 0x0)

# Send a request via get_registers(). Sent data should make the while{} loop in rtl8150_reset() stop early.

syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000004280)={0x2c, 0x0, 0x0, 0x0, 0x0, &(0x7f0000004240)={0x40, 0x5, 0x2, "2bd8"}})