【标题描述】能够简要描述问题：说明什么场景下，做了什么操作，出现什么问题（尽量使用正向表达方式）
运行tun设备时出现重复释放tun->security资源问题
【环境信息】
硬件信息：
1） 裸机场景提供出问题的硬件信息；
2） 虚机场景提供虚机XML文件或者配置信息


软件信息：
1） OS版本及分支
[root@localhost home]# cat /etc/*release
openEuler release 22.03 LTS
NAME="openEuler"
VERSION="22.03 LTS"
ID="openEuler"
VERSION_ID="22.03"
PRETTY_NAME="openEuler 22.03 LTS"
ANSI_COLOR="0;31"

openEuler release 22.03 LTS

2） 内核信息
5.10.0-16621-g6056e728ac19
3） 发现问题的组件版本信息
如果有特殊组网，请提供网络拓扑图
tun虚拟网络设备
【问题复现步骤】
// https://syzkaller.appspot.com/bug?id=ddb673727990990c6ded3e7cc220e39abfc244ab
// autogenerated by syzkaller (http://github.com/google/syzkaller)

#define _GNU_SOURCE

#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <unistd.h>

static uintptr_t syz_open_dev(uintptr_t a0, uintptr_t a1, uintptr_t a2)
{
if (a0 == 0xc || a0 == 0xb) {
char buf[128];
sprintf(buf, "/dev/%s/%d:%d", a0 == 0xc ? "char" : "block",
(uint8_t)a1, (uint8_t)a2);
return open(buf, O_RDWR, 0);
} else {
char buf[1024];
char* hash;
strncpy(buf, (char*)a0, sizeof(buf));
buf[sizeof(buf) - 1] = 0;
while ((hash = strchr(buf, '#'))) {
*hash = '0' + (char)(a1 % 10);
a1 /= 10;
}
return open(buf, a2, 0);
}
}

static void test();

void loop()
{
// while (1) {
test();
// }
}

long r[25];
void test()
{
memset(r, -1, sizeof(r));
r[0] = syscall(__NR_mmap, 0x20000000ul, 0xfff000ul, 0x3ul, 0x32ul,
0xfffffffffffffffful, 0x0ul);
memcpy((void*)0x20b90000,
"\x2f\x64\x65\x76\x2f\x6e\x65\x74\x2f\x74\x75\x6e\x00", 13);
r[2] = syz_open_dev(0x20b90000ul, 0x0ul, 0x8100ul);
(uint32_t)0x202d1000 = (uint32_t)0xb;
r[4] = syscall(__NR_ioctl, r[2], 0x400454daul, 0x202d1000ul);
memcpy((void*)0x20533000, "\x02\xf5\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x02\x00\xe9\xbc\x22",
16);
(uint32_t)0x20533010 = (uint32_t)0x10001;
(uint32_t)0x20533014 = (uint32_t)0x0;
(uint64_t)0x20533018 = (uint64_t)0x20012fe8;
(uint32_t)0x20012fe8 = (uint32_t)0x0;
(uint32_t)0x20012fec = (uint32_t)0x0;
(uint32_t)0x20012ff0 = (uint32_t)0x0;
(uint32_t)0x20012ff4 = (uint32_t)0x0;
(uint32_t)0x20012ff8 = (uint32_t)0x0;
(uint16_t)0x20012ffc = (uint16_t)0x0;
(uint16_t)0x20012ffe = (uint16_t)0x0;
r[16] = syscall(__NR_ioctl, r[2], 0x400454caul, 0x20533000ul);
r[17] = syscall(__NR_socket, 0x11ul, 0x80803ul, 0x80000001ul);
r[18] = syscall(__NR_dup3, r[17], r[2], 0x80000ul);
r[19] = syscall(__NR_socket, 0x2ul, 0x6ul, 0x0ul);
(uint64_t)0x20fdf000 = (uint64_t)0x2;
(uint64_t)0x20fdf008 = (uint64_t)0x20e9a000;
(uint64_t)0x20fdf010 = (uint64_t)0x1000003a8d;
memcpy((void*)0x20e9a000, "\x25\x64\x66\x43\x27\x84\x5a\x4b\xc7\xec"
"\x9a\xfd\x1b\xbf\xe0\x3c",
16);
r[24] = syscall(__NR_ioctl, r[19], 0x8940ul, 0x20fdf000ul);
}

int main()
{
loop();
return 0;
}
具体操作步骤
出现概率(是否必现，概率性错误)
概率性复现
【预期结果】
描述预期结果，可以通过对比新老版本获取
正常执行程序，tun设备正常
【实际结果】
描述出问题的结果
出现重复释放tun->security资源问题
【附件信息】
比如系统message日志/组件日志、dump信息、图片等
Aug 3 15:20:20 localhost kernel: [ 214.123375] ==================================================================
Aug 3 15:20:20 localhost kernel: [ 214.127277] BUG: KASAN: double-free or invalid-free in security_tun_dev_free_security+0x35/0x50
Aug 3 15:20:20 localhost kernel: [ 214.135354]
Aug 3 15:20:20 localhost kernel: [ 214.135354] CPU: 31 PID: 8920 Comm: repo Kdump: loaded Tainted: G B 5.10.0-16619-gd63ffd36ed04-dirty #1
Aug 3 15:20:20 localhost kernel: [ 214.135354] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
Aug 3 15:20:20 localhost kernel: [ 214.135354] Call Trace:
Aug 3 15:20:20 localhost kernel: [ 214.135354] dump_stack+0xbe/0xf9
Aug 3 15:20:20 localhost kernel: [ 214.135354] print_address_description.constprop.0+0x19/0x130
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? security_tun_dev_free_security+0x35/0x50
Aug 3 15:20:20 localhost kernel: [ 214.135354] kasan_report_invalid_free+0x51/0x80
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? security_tun_dev_free_security+0x35/0x50
Aug 3 15:20:20 localhost kernel: [ 214.135354] __kasan_slab_free+0x13f/0x150
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? security_tun_dev_free_security+0x35/0x50
Aug 3 15:20:20 localhost kernel: [ 214.135354] kfree+0xa1/0x5e0
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? tun_flow_flush+0x169/0x1f0
Aug 3 15:20:20 localhost kernel: [ 214.135354] security_tun_dev_free_security+0x35/0x50
Aug 3 15:20:20 localhost kernel: [ 214.135354] tun_free_netdev+0xa6/0x170
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? tun_flow_flush+0x1f0/0x1f0
Aug 3 15:20:20 localhost kernel: [ 214.135354] netdev_run_todo+0x3d6/0x720
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? generic_xdp_install+0x260/0x260
Aug 3 15:20:20 localhost kernel: [ 214.135354] __tun_chr_ioctl.constprop.0+0xb11/0x1780
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? tun_set_iff.constprop.0+0xe90/0xe90
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? do_vfs_ioctl+0xf3/0x840
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? ioctl_file_clone+0x140/0x140
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? up_read+0x6b/0x160
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? selinux_file_ioctl+0x98/0x1c0
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? __tun_chr_ioctl.constprop.0+0x1780/0x1780
Aug 3 15:20:20 localhost kernel: [ 214.135354] __x64_sys_ioctl+0x131/0x170
Aug 3 15:20:20 localhost kernel: [ 214.135354] do_syscall_64+0x33/0x40
Aug 3 15:20:20 localhost kernel: [ 214.135354] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Aug 3 15:20:20 localhost kernel: [ 214.135354] RIP: 0033:0x7fe425cd2a3d
Aug 3 15:20:20 localhost kernel: [ 214.135354] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48
Aug 3 15:20:20 localhost kernel: [ 214.135354] RSP: 002b:00007ffc87a903e8 EFLAGS: 00000287 ORIG_RAX: 0000000000000010
Aug 3 15:20:20 localhost kernel: [ 214.135354] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe425cd2a3d
Aug 3 15:20:20 localhost kernel: [ 214.135354] RDX: 0000000020533000 RSI: 00000000400454ca RDI: 0000000000000003
Aug 3 15:20:20 localhost kernel: [ 214.135354] RBP: 00007ffc87a903f0 R08: 00007ffc87a90400 R09: 00007ffc87a90400
Aug 3 15:20:20 localhost kernel: [ 214.135354] R10: 0000ffff00000000 R11: 0000000000000287 R12: 00007ffc87a90548
Aug 3 15:20:20 localhost kernel: [ 214.135354] R13: 0000000000400bd3 R14: 00007fe425e10aa0 R15: 0000000000600e08
Aug 3 15:20:20 localhost kernel: [ 214.135354]
Aug 3 15:20:20 localhost kernel: [ 214.143285] Allocated by task 8920:
Aug 3 15:20:20 localhost kernel: [ 214.147220] kasan_save_stack+0x1b/0x40
Aug 3 15:20:20 localhost kernel: [ 214.147220] __kasan_kmalloc.constprop.0+0xc2/0xd0
Aug 3 15:20:20 localhost kernel: [ 214.147220] selinux_tun_dev_alloc_security+0x35/0xc0
Aug 3 15:20:20 localhost kernel: [ 214.151123] security_tun_dev_alloc_security+0x37/0x70
Aug 3 15:20:20 localhost kernel: [ 214.151123] tun_set_iff.constprop.0+0x933/0xe90
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? do_vfs_ioctl+0xf3/0x840
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? ioctl_file_clone+0x140/0x140
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? up_read+0x6b/0x160
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? selinux_file_ioctl+0x98/0x1c0
Aug 3 15:20:20 localhost kernel: [ 214.135354] ? __tun_chr_ioctl.constprop.0+0x1780/0x1780
Aug 3 15:20:20 localhost kernel: [ 214.135354] __x64_sys_ioctl+0x131/0x170
Aug 3 15:20:20 localhost kernel: [ 214.135354] do_syscall_64+0x33/0x40
Aug 3 15:20:20 localhost kernel: [ 214.135354] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Aug 3 15:20:20 localhost kernel: [ 214.135354] RIP: 0033:0x7fe425cd2a3d
Aug 3 15:20:20 localhost kernel: [ 214.135354] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48
Aug 3 15:20:20 localhost kernel: [ 214.135354] RSP: 002b:00007ffc87a903e8 EFLAGS: 00000287 ORIG_RAX: 0000000000000010
Aug 3 15:20:20 localhost kernel: [ 214.135354] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe425cd2a3d
Aug 3 15:20:20 localhost kernel: [ 214.135354] RDX: 0000000020533000 RSI: 00000000400454ca RDI: 0000000000000003
Aug 3 15:20:20 localhost kernel: [ 214.135354] RBP: 00007ffc87a903f0 R08: 00007ffc87a90400 R09: 00007ffc87a90400
Aug 3 15:20:20 localhost kernel: [ 214.135354] R10: 0000ffff00000000 R11: 0000000000000287 R12: 00007ffc87a90548
Aug 3 15:20:20 localhost kernel: [ 214.135354] R13: 0000000000400bd3 R14: 00007fe425e10aa0 R15: 0000000000600e08
Aug 3 15:20:20 localhost kernel: [ 214.135354]
Aug 3 15:20:20 localhost kernel: [ 214.143285] Allocated by task 8920:
Aug 3 15:20:20 localhost kernel: [ 214.147220] kasan_save_stack+0x1b/0x40
Aug 3 15:20:20 localhost kernel: [ 214.147220] __kasan_kmalloc.constprop.0+0xc2/0xd0
Aug 3 15:20:20 localhost kernel: [ 214.147220] selinux_tun_dev_alloc_security+0x35/0xc0
Aug 3 15:20:20 localhost kernel: [ 214.151123] security_tun_dev_alloc_security+0x37/0x70
Aug 3 15:20:20 localhost kernel: [ 214.151123] tun_set_iff.constprop.0+0x933/0xe90
Aug 3 15:20:20 localhost kernel: [ 214.151123] __tun_chr_ioctl.constprop.0+0xac3/0x1780
Aug 3 15:20:20 localhost kernel: [ 214.151123] __x64_sys_ioctl+0x131/0x170
Aug 3 15:20:20 localhost kernel: [ 214.151123] do_syscall_64+0x33/0x40
Aug 3 15:20:20 localhost kernel: [ 214.151123] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Aug 3 15:20:20 localhost kernel: [ 214.151123]
Aug 3 15:20:20 localhost kernel: [ 214.151816] Freed by task 8920:
Aug 3 15:20:20 localhost kernel: [ 214.160327] kasan_save_stack+0x1b/0x40
Aug 3 15:20:20 localhost kernel: [ 214.160327] kasan_set_track+0x1c/0x30
Aug 3 15:20:20 localhost kernel: [ 214.160327] kasan_set_free_info+0x1b/0x30
Aug 3 15:20:20 localhost kernel: [ 214.160327] __kasan_slab_free+0x110/0x150
Aug 3 15:20:20 localhost kernel: [ 214.160327] kfree+0xa1/0x5e0
Aug 3 15:20:20 localhost kernel: [ 214.160327] security_tun_dev_free_security+0x35/0x50
Aug 3 15:20:20 localhost kernel: [ 214.160327] tun_set_iff.constprop.0+0xd13/0xe90
Aug 3 15:20:20 localhost kernel: [ 214.160327] __tun_chr_ioctl.constprop.0+0xac3/0x1780
Aug 3 15:20:20 localhost kernel: [ 214.160454] __x64_sys_ioctl+0x131/0x170
Aug 3 15:20:20 localhost kernel: [ 214.160454] do_syscall_64+0x33/0x40
Aug 3 15:20:20 localhost kernel: [ 214.160454] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Aug 3 15:20:20 localhost kernel: [ 214.160454]
Aug 3 15:20:20 localhost kernel: [ 214.160930] The buggy address belongs to the object at ffff888105086058#012 which belongs to the cache kmalloc-8 of size 8
Aug 3 15:20:20 localhost kernel: [ 214.172081] The buggy address is located 0 bytes inside of#012 8-byte region [ffff888105086058, ffff888105086060)
Aug 3 15:20:20 localhost kernel: [ 214.183322] The buggy address belongs to the page:
Aug 3 15:20:20 localhost kernel: [ 214.189356] page:ffffea0004142100 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888105086928 pfn:0x105084
Aug 3 15:20:20 localhost kernel: [ 214.189425] head:ffffea0004142100 order:2 compound_mapcount:0 compound_pincount:0
Aug 3 15:20:20 localhost kernel: [ 214.189425] flags: 0x17ffe0000010200(slab|head|node=0|zone=2|lastcpupid=0x3fff)
Aug 3 15:20:20 localhost kernel: [ 214.189425] raw: 017ffe0000010200 ffffea0004141a08 ffff888100040450 ffff888100050900
Aug 3 15:20:20 localhost kernel: [ 214.189425] raw: ffff888105086928 00000000002b001c 00000001ffffffff 0000000000000000
Aug 3 15:20:20 localhost kernel: [ 214.189425] page dumped because: kasan: bad access detected
Aug 3 15:20:20 localhost kernel: [ 214.189425]
Aug 3 15:20:20 localhost kernel: [ 214.191290] Memory state around the buggy address:
Aug 3 15:20:20 localhost kernel: [ 214.199143] ffff888105085f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Aug 3 15:20:20 localhost kernel: [ 214.199282] ffff888105085f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Aug 3 15:20:20 localhost kernel: [ 214.207254] >ffff888105086000: fc fc fc fc fc fc fc fc fc fc fc fa fc fc fc fc
Aug 3 15:20:20 localhost kernel: [ 214.207254] ^
Aug 3 15:20:20 localhost kernel: [ 214.215256] ffff888105086080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Aug 3 15:20:20 localhost kernel: [ 214.223257] ffff888105086100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Aug 3 15:20:20 localhost kernel: [ 214.223257] ==================================================================