> Try with the following patch: > https://patchwork.kernel.org/project/bluetooth/patch/20210602232348.766496-1-luiz.dentz@xxxxxxxxx/ Yeah, I send this email because I have seen this wonderful patch. However, the crash site is not exactly the same as this UAF is about the hdev object while the discussed patch is about the l2cap_conn object. I will try to reproduce this one to test if it can work. > If that doesn't work we may need to use cancel_delayed_work_sync but > I'm not sure if that is safe to use since that blocks the context. Agree :) Thanks Lin Ma
