diff --git a/drivers/bluetooth/hci_ag6xx.c b/drivers/bluetooth/hci_ag6xx.c
index 1f55df93e4ce..4457e8f5fec2 100644
--- a/drivers/bluetooth/hci_ag6xx.c
+++ b/drivers/bluetooth/hci_ag6xx.c
@@ -52,11 +52,16 @@ static int ag6xx_close(struct hci_uart *hu)
 
 	BT_DBG("hu %p", hu);
 
+	hu->priv = NULL;
+
 	skb_queue_purge(&ag6xx->txq);
-	kfree_skb(ag6xx->rx_skb);
+
+	if(ag6xx->rx_skb) {
+		kfree_skb(ag6xx->rx_skb);
+		ag6xx->rx_skb = NULL;
+	}
 	kfree(ag6xx);
 
-	hu->priv = NULL;
 	return 0;
 }
 
@@ -88,6 +93,11 @@ static int ag6xx_enqueue(struct hci_uart *hu, struct sk_buff *skb)
 {
 	struct ag6xx_data *ag6xx = hu->priv;
 
+	if (skb->len > 0xFFF) {
+		kfree_skb(skb);
+		return 0;
+	}
+
 	skb_queue_tail(&ag6xx->txq, skb);
 	return 0;
 }