Hi Loic, > When detecting a non-link packet, h5_reset_rx() frees the Rx skb. > Not returning after that will cause the upcoming h5_rx_payload() > call to dereference a now NULL Rx skb and trigger a kernel oops. > > Signed-off-by: Loic Poulain <loic.poulain@xxxxxxxxx> > --- > v2: commit message update (pointer deref) > > drivers/bluetooth/hci_h5.c | 1 + > 1 file changed, 1 insertion(+) I applied the updated patch to bluetooth-next with a proper tag for stable. Regards Marcel -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
