https://bugzilla.kernel.org/show_bug.cgi?id=209407 --- Comment #7 from Jouni Seppänen (jks@xxxxxx) --- It looks like the code is calling memset with 0xFFFFFFFE, i.e. negative 2. I added a check in the "If collected data size is less or equal ctx->min_tx_pkt" block: if (!(dev->driver_info->flags & FLAG_SEND_ZLP) && skb_out->len > ctx->min_tx_pkt) { if (ctx->tx_curr_size < skb_out->len) { pr_err("ctx->tx_curr_size = %x < skb_out->len = %x", ctx->tx_curr_size, skb_out->len); BUG(); } padding_count = ctx->tx_curr_size - skb_out->len; And after rerunning my test case, I see: [ 683.677876] ctx->tx_curr_size = 4000 < skb_out->len = 4002 [ 683.677953] ------------[ cut here ]------------ [ 683.683590] kernel BUG at drivers/net/usb/cdc_ncm.c:1414! So ctx->tx_curr_size is 0x4000 but skb_out->len is two larger. -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
