Hello Marek, &musb->endpoints[epnum].ep_out may be accessed out of bounds if a device sends a malformed message with ctrlrequest->wIndex = 0x10. The Linux code avoids this issue. Best regards Heinrich