------------[ cut here ]------------
BTRFS: Transaction aborted (error -28)
WARNING: fs/btrfs/extent-tree.c:3235 at __btrfs_free_extent+0x1ed6/0x4060 fs/btrfs/extent-tree.c:3235, CPU#0: kworker/u4:7/1042
Modules linked in:
CPU: 0 UID: 0 PID: 1042 Comm: kworker/u4:7 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: events_unbound btrfs_async_reclaim_data_space
RIP: 0010:__btrfs_free_extent+0x1edc/0x4060 fs/btrfs/extent-tree.c:3235
Code: 00 e8 68 db cd fd 84 c0 0f 84 0c 02 00 00 e8 ab b7 e8 fd e9 4a 0b 00 00 e8 a1 b7 e8 fd 48 8d 3d aa 62 1c 0c 45 89 ec 44 89 ee <67> 48 0f b9 3a e9 78 e8 ff ff e8 25 45 bd 07 41 89 c6 31 ff 89 c6
RSP: 0018:ffffc9000105ef80 EFLAGS: 00010293
RAX: ffffffff83dbcf4f RBX: 0000000000000000 RCX: ffff888033ae4980
RDX: 0000000000000000 RSI: 00000000ffffffe4 RDI: ffffffff8ff83200
RBP: ffffc9000105f130 R08: ffff888033ae4980 R09: 0000000000000003
R10: 00000000fffffffb R11: 0000000000000000 R12: 00000000ffffffe4
R13: 00000000ffffffe4 R14: 00000000ffffffe4 R15: ffff888040c08001
FS:  0000000000000000(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f87ff5bd000 CR3: 0000000034a47000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 run_one_delayed_ref fs/btrfs/extent-tree.c:-1 [inline]
 btrfs_run_delayed_refs_for_head fs/btrfs/extent-tree.c:1973 [inline]
 __btrfs_run_delayed_refs+0xe2a/0x3ab0 fs/btrfs/extent-tree.c:2048
 btrfs_run_delayed_refs+0xe6/0x3a0 fs/btrfs/extent-tree.c:2160
 btrfs_commit_transaction+0x2b1/0x3c50 fs/btrfs/transaction.c:2230
 flush_space+0x4da/0xd30 fs/btrfs/space-info.c:925
 do_async_reclaim_data_space+0x29a/0x520 fs/btrfs/space-info.c:1441
 btrfs_async_reclaim_data_space+0x41/0x90 fs/btrfs/space-info.c:1489
 process_one_work kernel/workqueue.c:3257 [inline]
 process_scheduled_works+0xaec/0x17a0 kernel/workqueue.c:3340
 worker_thread+0xda6/0x1360 kernel/workqueue.c:3421
 kthread+0x726/0x8b0 kernel/kthread.c:463
 ret_from_fork+0x51b/0xa40 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
 </TASK>
----------------
Code disassembly (best guess):
   0:	00 e8                	add    %ch,%al
   2:	68 db cd fd 84       	push   $0xffffffff84fdcddb
   7:	c0 0f 84             	rorb   $0x84,(%rdi)
   a:	0c 02                	or     $0x2,%al
   c:	00 00                	add    %al,(%rax)
   e:	e8 ab b7 e8 fd       	call   0xfde8b7be
  13:	e9 4a 0b 00 00       	jmp    0xb62
  18:	e8 a1 b7 e8 fd       	call   0xfde8b7be
  1d:	48 8d 3d aa 62 1c 0c 	lea    0xc1c62aa(%rip),%rdi        # 0xc1c62ce
  24:	45 89 ec             	mov    %r13d,%r12d
  27:	44 89 ee             	mov    %r13d,%esi
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	e9 78 e8 ff ff       	jmp    0xffffe8ac
  34:	e8 25 45 bd 07       	call   0x7bd455e
  39:	41 89 c6             	mov    %eax,%r14d
  3c:	31 ff                	xor    %edi,%edi
  3e:	89 c6                	mov    %eax,%esi