please test wrn
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 603c04e27c3e
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index a487f9df8145..4130d64d9a80 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -6893,6 +6893,9 @@ static void hci_le_big_sync_established_evt(struct hci_dev *hdev, void *data,
bis = hci_conn_hash_lookup_handle(hdev, handle);
if (!bis) {
+ if (handle > HCI_CONN_HANDLE_MAX)
+ continue;
+
bis = hci_conn_add(hdev, ISO_LINK, BDADDR_ANY,
HCI_ROLE_SLAVE, handle);
if (IS_ERR(bis))
Hello,
syzbot has tested the proposed patch but the reproducer is still triggering an issue:
SYZFAIL: NL802154_CMD_SET_SHORT_ADDR failed
2024/06/16 10:32:05 ignoring optional flag "sandboxArg"="0"
2024/06/16 10:32:05 parsed 1 programs
2024/06/16 10:32:05 [FATAL] failed to run ["./syz-executor" "setup" "fault" "binfmt_misc" "usb" "802154" "swap"]: exit status 67
mkdir(/syzcgroup) failed: 17
mount(binfmt_misc) failed: 16
SYZFAIL: NL802154_CMD_SET_SHORT_ADDR failed
(errno 16: Device or resource busy)
Tested on:
commit: 603c04e2 Merge tag 'parisc-for-6.8-rc6' of git://git.k..
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=13254bca980000
kernel config: https://syzkaller.appspot.com/x/.config?x=686c39ecef854022
dashboard link: https://syzkaller.appspot.com/bug?extid=b2545b087a01a7319474
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=12b26851980000