netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
==================================================================
BUG: KASAN: global-out-of-bounds in nfnetlink_parse_nat net/netfilter/nf_nat_core.c:747 [inline]
BUG: KASAN: global-out-of-bounds in nfnetlink_parse_nat_setup+0x516/0x560 net/netfilter/nf_nat_core.c:784
Read of size 8 at addr ffffffff873d55d8 by task syz-executor.5/17002

CPU: 1 PID: 17002 Comm: syz-executor.5 Not tainted 4.14.198-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x283 lib/dump_stack.c:58
 print_address_description.cold+0x5/0x1d3 mm/kasan/report.c:252
 kasan_report_error.cold+0x8a/0x194 mm/kasan/report.c:351
 kasan_report mm/kasan/report.c:409 [inline]
 __asan_report_load8_noabort+0x68/0x70 mm/kasan/report.c:430
 nfnetlink_parse_nat net/netfilter/nf_nat_core.c:747 [inline]
 nfnetlink_parse_nat_setup+0x516/0x560 net/netfilter/nf_nat_core.c:784
 ctnetlink_parse_nat_setup+0x70/0x490 net/netfilter/nf_conntrack_netlink.c:1421
 ctnetlink_setup_nat net/netfilter/nf_conntrack_netlink.c:1496 [inline]
 ctnetlink_create_conntrack+0x47b/0x1050 net/netfilter/nf_conntrack_netlink.c:1840
 ctnetlink_new_conntrack+0x457/0xbf0 net/netfilter/nf_conntrack_netlink.c:1964
 nfnetlink_rcv_msg+0x9bb/0xc00 net/netfilter/nfnetlink.c:214
 netlink_rcv_skb+0x125/0x390 net/netlink/af_netlink.c:2433
 nfnetlink_rcv+0x1ab/0x1da0 net/netfilter/nfnetlink.c:515
 netlink_unicast_kernel net/netlink/af_netlink.c:1287 [inline]
 netlink_unicast+0x437/0x610 net/netlink/af_netlink.c:1313
 netlink_sendmsg+0x62e/0xb80 net/netlink/af_netlink.c:1878
 sock_sendmsg_nosec net/socket.c:646 [inline]
 sock_sendmsg+0xb5/0x100 net/socket.c:656
 ___sys_sendmsg+0x6c8/0x800 net/socket.c:2062
 __sys_sendmsg+0xa3/0x120 net/socket.c:2096
 SYSC_sendmsg net/socket.c:2107 [inline]
 SyS_sendmsg+0x27/0x40 net/socket.c:2103
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x45dd99
RSP: 002b:00007f8e6488ac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 000000000002ab40 RCX: 000000000045dd99
RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000003
RBP: 000000000118bf60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000118bf2c
R13: 00007fff553f103f R14: 00007f8e6488b9c0 R15: 000000000118bf2c

The buggy address belongs to the variable:
 nft_reject_policy+0x38/0x60

Memory state around the buggy address:
 ffffffff873d5480: 00 00 00 00 00 00 fa fa fa fa fa fa 00 00 00 03
 ffffffff873d5500: fa fa fa fa 04 fa fa fa fa fa fa fa 04 fa fa fa
>ffffffff873d5580: fa fa fa fa 00 00 00 00 00 00 fa fa fa fa fa fa
                                                    ^
 ffffffff873d5600: 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
 ffffffff873d5680: 07 fa fa fa fa fa fa fa 00 00 00 00 fa fa fa fa
==================================================================
audit: type=1804 audit(1601440280.064:119): pid=17040 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.2" name="/root/syzkaller-testdir479345600/syzkaller.UqW9ti/287/file1/bus" dev="sda1" ino=17106 res=1