Index: sys/netgraph/bluetooth/hci/ng_hci_evnt.c
===================================================================
--- sys/netgraph/bluetooth/hci/ng_hci_evnt.c
+++ sys/netgraph/bluetooth/hci/ng_hci_evnt.c
@@ -383,6 +383,7 @@
 	int				 error = 0;
 	u_int8_t event_type;
 	u_int8_t addr_type;
+	u_int8_t num_reports;
 
 	NG_HCI_M_PULLUP(event, sizeof(*ep));
 	if (event == NULL)
@@ -391,12 +392,21 @@
 	ep = mtod(event, ng_hci_le_advertising_report_ep *);
 	m_adj(event, sizeof(*ep));
 
-	for (; ep->num_reports > 0; ep->num_reports --) {
+	num_reports = ep->num_reports;
+	for (; num_reports > 0; num_reports --) {
 		/* Get remote unit address */
 		NG_HCI_M_PULLUP(event, sizeof(u_int8_t));
+		if (event == NULL) {
+			NG_HCI_WARN("%s: Get event type failed\n", __func__);
+			goto out;
+		}
 		event_type = *mtod(event, u_int8_t *);
 		m_adj(event, sizeof(u_int8_t));
 		NG_HCI_M_PULLUP(event, sizeof(u_int8_t));
+		if (event == NULL) {
+			NG_HCI_WARN("%s: Get addr type failed\n", __func__);
+			goto out;
+		}
 		addr_type = *mtod(event, u_int8_t *);
 		m_adj(event, sizeof(u_int8_t));