Hello, We found the following issue using syzkaller on Linux v6.2.0. It seems to be a currency bug. In the function `vidtv_stop_streaming`, after `dvb->mux = NULL;` was executed, it executes `vidtv_mux_stop_thread(dvb->mux);` again. Need to check the `dvb->mux==NULL` before `vidtv_mux_stop_thread(dvb->mux);` in function `vidtv_stop_streaming` The full report including the Syzkaller reproducer: https://gist.github.com/ZHYfeng/c61f87ed42d4c44344d4addefd81cc1f The brief report is below: Syzkaller hit 'general protection fault in vidtv_mux_stop_thread' bug. general protection fault, probably for non-canonical address 0xdffffc0000000025: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000128-0x000000000000012f] CPU: 0 PID: 9614 Comm: syz-executor.0 Not tainted 6.2.0 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:vidtv_mux_stop_thread+0x27/0x80 drivers/media/test-drivers/vidtv/vidtv_mux.c:471 Code: 00 00 00 0f 1f 44 00 00 55 53 48 89 fb e8 51 23 b2 fa 48 8d bb 28 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 02 7e 3b 0f b6 ab 28 01 00 00 31 ff 89 ee e8 RSP: 0018:ffffc900068ffca0 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff86cec666 RDX: 0000000000000025 RSI: ffff888020378000 RDI: 0000000000000128 RBP: ffff888019d652f8 R08: 0000000000000000 R09: fffffbfff1ce4fab R10: ffffc900068ffcb8 R11: fffffbfff1ce4faa R12: ffff888019d65260 R13: ffffffff8dc6f3c0 R14: ffffc9000713a6c0 R15: ffff888019d64a70 FS: 0000555555b72940(0000) GS:ffff88802ca00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555555c00d88 CR3: 000000001e832000 CR4: 0000000000350ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> vidtv_stop_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:209 [inline] vidtv_stop_feed+0x14e/0x250 drivers/media/test-drivers/vidtv/vidtv_bridge.c:252 dmx_section_feed_stop_filtering+0x91/0x150 drivers/media/dvb-core/dvb_demux.c:1000 dvb_dmxdev_feed_stop+0x203/0x280 drivers/media/dvb-core/dmxdev.c:486 dvb_dmxdev_filter_stop.part.0+0x1e7/0x340 drivers/media/dvb-core/dmxdev.c:559 dvb_dmxdev_filter_stop drivers/media/dvb-core/dmxdev.c:552 [inline] dvb_dmxdev_filter_free drivers/media/dvb-core/dmxdev.c:840 [inline] dvb_demux_release+0xd6/0x5c0 drivers/media/dvb-core/dmxdev.c:1246 __fput+0x281/0xa90 fs/file_table.c:320 task_work_run+0x170/0x270 kernel/task_work.c:179 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop kernel/entry/common.c:171 [inline] exit_to_user_mode_prepare+0x262/0x270 kernel/entry/common.c:203 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x19/0x50 kernel/entry/common.c:296 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fe950c40dcb Code: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 2f 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 RSP: 002b:00007ffd3d403e80 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007fe950c40dcb RDX: 0000001b31220000 RSI: 0000000000000001 RDI: 0000000000000003 RBP: 0000000000000001 R08: 0000000000000000 R09: 00007fe950dd0450 R10: 00007ffd3d403fc0 R11: 0000000000000293 R12: 00007fe950dd0448 R13: 00007fe950dd0450 R14: 00007fe950dcbf60 R15: 000000000001c14f </TASK>
