Nikita Zhandarovich

May I ask, what if you use a different resource, not of fd type, and then use it as a user argument in a syscall? Wouldn't that solve the issue?...

Thank you all for your insights! > With regards to the drivers that fail various USB descriptor checks (speed, endpoints, etc.) — adding new `syz_usb_connect$` variants is the way to...

First 4 issues described at the top can be dealt with: - simply using generic `syz_usb_connect$` variants (problem 1.) - installing missing firmware (linux-firmware, ideally, both free and nonfree versions,...

Thank you for your response! > And this would still allow to both fuzz the post-`SET_CONFIGURATION` requests sent during the probing (syzkaller would generate `syz_usb_connect` + random `syz_usb_control_io` or `syz_usb_ep_read/write`)...

While PR https://github.com/google/syzkaller/pull/6372 is under review, and a similar approach to tackle non-CTRL requests is being prepared, I've decided to try to tackle a couple of other areas of usb...

> 1. Yes, this makes sense. You can also look through the existing `dev_*.txt` descriptions - I suspect some of them can be easily adapted to handle USB-emulated devices as...

Small update on **USB device nodes** like `/dev/legousbtower`: > 1. USB device nodes. After driver probe finishes, kernel can create devices (at very least, we are talking about net- and...

Per conversation in https://github.com/google/syzkaller/issues/6206#issuecomment-3330916129, I'll rework this change to adopt @xairy's suggestion over current version of syz_usb_connect_scripted. I think, if no one objects, I'll do the transition in this PR...

Cc: @xairy 2nd version of the approach to deal with select usb drivers that require numerous CTRL-request during probe. - use `syz_usb_finish_probe `instead of `syz_usb_connect_scripted `introduced earlier. It can take...