BUG: unable to handle kernel paging request at ffffed010770e3ff
IP: ata_bmdma_fill_sg drivers/ata/libata-sff.c:2650 [inline]
IP: ata_bmdma_qc_prep+0x30a/0x3d0 drivers/ata/libata-sff.c:2727
PGD 7ffd6067 P4D 7ffd6067 PUD 0 
Oops: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 2 PID: 10580 Comm: syz-executor6 Not tainted 4.14.0-rc7-next-20171103+ #10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff8800582185c0 task.stack: ffff88005c818000
RIP: 0010:ata_bmdma_fill_sg drivers/ata/libata-sff.c:2650 [inline]
RIP: 0010:ata_bmdma_qc_prep+0x30a/0x3d0 drivers/ata/libata-sff.c:2727
RSP: 0018:ffff88005c81ee10 EFLAGS: 00010807
RAX: dffffc0000000000 RBX: ffff88083b871ff8 RCX: ffffffff839a2bd1
RDX: 1ffff1010770e3ff RSI: ffffc900041df000 RDI: ffff88083b871ffc
RBP: ffff88005c81ee70 R08: ffff88003b980274 R09: ffff88003b980278
R10: 0000000000000003 R11: ffffed000773004b R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
FS:  00007ff68e61c700(0000) GS:ffff88006de00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffed010770e3ff CR3: 000000006b915000 CR4: 00000000000006e0
Call Trace:
 ata_qc_issue+0x61e/0xe40 drivers/ata/libata-core.c:5414
 ata_scsi_translate+0x34a/0x5e0 drivers/ata/libata-scsi.c:2024
 __ata_scsi_queuecmd drivers/ata/libata-scsi.c:4326 [inline]
 ata_scsi_queuecmd+0x2ae/0x6b0 drivers/ata/libata-scsi.c:4375
 scsi_dispatch_cmd+0x432/0xb60 drivers/scsi/scsi_lib.c:1711
 scsi_request_fn+0xdf0/0x1e50 drivers/scsi/scsi_lib.c:1849
 __blk_run_queue_uncond block/blk-core.c:377 [inline]
 __blk_run_queue+0x1a6/0x370 block/blk-core.c:397
 blk_execute_rq_nowait+0x200/0x310 block/blk-exec.c:78
 sg_common_write.isra.17+0xbf8/0x1cb0 drivers/scsi/sg.c:806
 sg_new_write.isra.20+0x5c6/0x830 drivers/scsi/sg.c:746
 sg_ioctl+0x1bed/0x2da0 drivers/scsi/sg.c:890
 vfs_ioctl fs/ioctl.c:46 [inline]
 do_vfs_ioctl+0x1b1/0x1530 fs/ioctl.c:686
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
 entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x447c89
RSP: 002b:00007ff68e61bbd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ff68e61c6cc RCX: 0000000000447c89
RDX: 0000000020007000 RSI: 0000000000002285 RDI: 0000000000000016
RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 0000000000002820 R14: 00000000006e68c0 R15: 00007ff68e61c700
Code: 41 8d 5e ff e8 e8 6b d5 fd 48 c1 e3 03 e8 df 6b d5 fd 48 03 5d c8 48 b8 00 00 00 00 00 fc ff df 48 8d 7b 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 0c 
RIP: ata_bmdma_fill_sg drivers/ata/libata-sff.c:2650 [inline] RSP: ffff88005c81ee10
RIP: ata_bmdma_qc_prep+0x30a/0x3d0 drivers/ata/libata-sff.c:2727 RSP: ffff88005c81ee10
CR2: ffffed010770e3ff
---[ end trace 8d0a7120ff99bf07 ]---