netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
==================================================================
BUG: KASAN: global-out-of-bounds in nfnetlink_parse_nat net/netfilter/nf_nat_core.c:747 [inline]
BUG: KASAN: global-out-of-bounds in nfnetlink_parse_nat_setup+0x3a2/0x3b0 net/netfilter/nf_nat_core.c:784
Read of size 8 at addr ffffffff875d0478 by task syz-executor.3/18854

CPU: 1 PID: 18854 Comm: syz-executor.3 Not tainted 4.14.168-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x142/0x197 lib/dump_stack.c:58
 print_address_description.cold+0x5/0x1dc mm/kasan/report.c:252
 kasan_report_error mm/kasan/report.c:351 [inline]
 kasan_report mm/kasan/report.c:409 [inline]
 kasan_report.cold+0xa9/0x2af mm/kasan/report.c:393
 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:430
 nfnetlink_parse_nat net/netfilter/nf_nat_core.c:747 [inline]
 nfnetlink_parse_nat_setup+0x3a2/0x3b0 net/netfilter/nf_nat_core.c:784
 ctnetlink_parse_nat_setup+0x76/0x4a0 net/netfilter/nf_conntrack_netlink.c:1421
 ctnetlink_setup_nat net/netfilter/nf_conntrack_netlink.c:1491 [inline]
 ctnetlink_create_conntrack+0x468/0x10c0 net/netfilter/nf_conntrack_netlink.c:1840
 ctnetlink_new_conntrack+0x4af/0xcc0 net/netfilter/nf_conntrack_netlink.c:1964
 nfnetlink_rcv_msg+0xa08/0xc00 net/netfilter/nfnetlink.c:214
 netlink_rcv_skb+0x14f/0x3c0 net/netlink/af_netlink.c:2432
 nfnetlink_rcv+0x1ab/0x1650 net/netfilter/nfnetlink.c:515
 netlink_unicast_kernel net/netlink/af_netlink.c:1286 [inline]
 netlink_unicast+0x44d/0x650 net/netlink/af_netlink.c:1312
 netlink_sendmsg+0x7c4/0xc60 net/netlink/af_netlink.c:1877
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xce/0x110 net/socket.c:656
 ___sys_sendmsg+0x70a/0x840 net/socket.c:2062
 __sys_sendmsg+0xb9/0x140 net/socket.c:2096
 SYSC_sendmsg net/socket.c:2107 [inline]
 SyS_sendmsg+0x2d/0x50 net/socket.c:2103
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45b349
RSP: 002b:00007f68f2a2cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f68f2a2d6d4 RCX: 000000000045b349
RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000000008f6 R14: 00000000004ca45f R15: 000000000075bf2c

The buggy address belongs to the variable:
 nft_table_policy+0xd8/0xe0

Memory state around the buggy address:
 ffffffff875d0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffffffff875d0380: fa fa fa fa 00 00 00 00 00 00 00 00 fa fa fa fa
>ffffffff875d0400: 00 00 00 00 fa fa fa fa 00 02 fa fa fa fa fa fa
                                                                ^
 ffffffff875d0480: 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
 ffffffff875d0500: 00 00 00 00 00 00 fa fa fa fa fa fa 00 00 00 00
==================================================================