==================================================================
BUG: KFENCE: invalid free in selinux_tun_dev_free_security+0x15/0x20 security/selinux/hooks.c:5530

Invalid free of 0xffff8881f735c000 (in kfence-#6):
 selinux_tun_dev_free_security+0x15/0x20 security/selinux/hooks.c:5530
 security_tun_dev_free_security+0x4d/0x90 security/security.c:2263
 tun_free_netdev+0xbd/0x1c0 drivers/net/tun.c:2277
 netdev_run_todo+0xbcd/0xe10 net/core/dev.c:10304
 rtnl_unlock+0xe/0x10 net/core/rtnetlink.c:112
 __tun_chr_ioctl+0x8ca/0x2130 drivers/net/tun.c:3362
 tun_chr_ioctl+0x2a/0x40 drivers/net/tun.c:3371
 vfs_ioctl fs/ioctl.c:48 [inline]
 __do_sys_ioctl fs/ioctl.c:753 [inline]
 __se_sys_ioctl+0x115/0x190 fs/ioctl.c:739
 __x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:739
 do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xc6

kfence-#6 [0xffff8881f735c000-0xffff8881f735c003, size=4, cache=kmalloc-8] allocated by task 21327:
 kmalloc include/linux/slab.h:552 [inline]
 kzalloc include/linux/slab.h:664 [inline]
 selinux_tun_dev_alloc_security+0x51/0x140 security/selinux/hooks.c:5519
 security_tun_dev_alloc_security+0x50/0xb0 security/security.c:2257
 tun_set_iff+0x944/0x1100 drivers/net/tun.c:2795
 __tun_chr_ioctl+0x8ab/0x2130 drivers/net/tun.c:3095
 tun_chr_ioctl+0x2a/0x40 drivers/net/tun.c:3371
 vfs_ioctl fs/ioctl.c:48 [inline]
 __do_sys_ioctl fs/ioctl.c:753 [inline]
 __se_sys_ioctl+0x115/0x190 fs/ioctl.c:739
 __x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:739
 do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xc6

freed by task 21327:
 selinux_tun_dev_free_security+0x15/0x20 security/selinux/hooks.c:5530
 security_tun_dev_free_security+0x4d/0x90 security/security.c:2263
 tun_set_iff+0xc98/0x1100 drivers/net/tun.c:2850
 __tun_chr_ioctl+0x8ab/0x2130 drivers/net/tun.c:3095
 tun_chr_ioctl+0x2a/0x40 drivers/net/tun.c:3371
 vfs_ioctl fs/ioctl.c:48 [inline]
 __do_sys_ioctl fs/ioctl.c:753 [inline]
 __se_sys_ioctl+0x115/0x190 fs/ioctl.c:739
 __x64_sys_ioctl+0x7b/0x90 fs/ioctl.c:739
 do_syscall_64+0x34/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x61/0xc6

CPU: 1 PID: 21327 Comm: syz-executor.0 Not tainted 5.10.135-syzkaller-01839-g30abcdabf21e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
==================================================================