==================================================================
------------[ cut here ]------------
BUG: KASAN: use-after-free in tick_sched_handle+0x16c/0x180 kernel/time/tick-sched.c:164
Read of size 8 at addr ffff888194cb69e0 by task syz-executor0/13733

CPU: 0 PID: 13733 Comm: syz-executor0 Not tainted 4.20.0-rc6+ #340
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
kernel BUG at include/linux/swapops.h:210!
 <IRQ>
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x244/0x39d lib/dump_stack.c:113
CPU: 1 PID: 13725 Comm: syz-executor5 Not tainted 4.20.0-rc6+ #340
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:migration_entry_to_page include/linux/swapops.h:210 [inline]
RIP: 0010:__migration_entry_wait+0xbec/0xf70 mm/migrate.c:326
Code: 89 ef e8 b7 6a ec ff 0f 0b 48 89 95 30 fd ff ff e8 59 e1 ba ff 48 8b 95 30 fd ff ff 48 8d 42 ff e9 d9 f7 ff ff e8 44 e1 ba ff <0f> 0b e8 3d e1 ba ff 4d 8d 6f ff e9 ad f8 ff ff e8 2f e1 ba ff 4d
 print_address_description.cold.7+0x9/0x1ff mm/kasan/report.c:256
RSP: 0000:ffff88818ed7f028 EFLAGS: 00010293
 kasan_report_error mm/kasan/report.c:354 [inline]
 kasan_report.cold.8+0x242/0x309 mm/kasan/report.c:412
RAX: ffff888192be0580 RBX: 1ffff11031dafe0b RCX: ffffffff81c49c3b
RDX: 0000000000000000 RSI: ffffffff81c4a34c RDI: 0000000000000007
 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433
RBP: ffff88818ed7f320 R08: ffff888192be0580 R09: ffffed1031dafdf2
 tick_sched_handle+0x16c/0x180 kernel/time/tick-sched.c:164
R10: ffffed1031dafdf2 R11: 0000000000000003 R12: ffff8881bb106b58
 tick_sched_timer+0x45/0x130 kernel/time/tick-sched.c:1274
R13: 0000000000000000 R14: ffff88818ed7f2f8 R15: 0000000000000000
 __run_hrtimer kernel/time/hrtimer.c:1398 [inline]
 __hrtimer_run_queues+0x41c/0x10d0 kernel/time/hrtimer.c:1460
FS:  0000000000c94940(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0c3ab8a008 CR3: 00000001ba35a000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 hrtimer_interrupt+0x313/0x780 kernel/time/hrtimer.c:1518
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1034 [inline]
 smp_apic_timer_interrupt+0x1a1/0x760 arch/x86/kernel/apic/apic.c:1059
 migration_entry_wait+0x1b3/0x250 mm/migrate.c:350
 do_swap_page+0x2ab1/0x3690 mm/memory.c:2673
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807
 </IRQ>

The buggy address belongs to the page:
page:ffffea0006532d80 count:0 mapcount:0 mapping:0000000000000000 index:0xffff888194cb6380
flags: 0x2fffc0000000000()
raw: 02fffc0000000000 dead000000000100 dead000000000200 0000000000000000
raw: ffff888194cb6380 ffff888194cb6380 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff888194cb6880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
 ffff888194cb6900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
>ffff888194cb6980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                       ^
 ffff888194cb6a00: ff ff ff ff ff ff ff ff ff ff ff ff 00 f1 f1 f1
 ffff888194cb6a80: f1 00 f2 f2 f2 ff 00 00 00 00 00 00 00 00 00 00
==================================================================