------------[ cut here ]------------
BTRFS: Transaction aborted (error -28)
WARNING: fs/btrfs/volumes.c:3340 at btrfs_remove_chunk+0x1826/0x20d0 fs/btrfs/volumes.c:3340, CPU#0: syz.0.0/5323
Modules linked in:
CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:btrfs_remove_chunk+0x1829/0x20d0 fs/btrfs/volumes.c:3340
Code: bb dc fd e9 12 01 00 00 e8 b4 68 c2 fd 84 c0 74 28 e8 bb bb dc fd e9 ff 00 00 00 e8 b1 bb dc fd 48 8d 3d ea 30 f2 0b 44 89 ee <67> 48 0f b9 3a e9 35 f9 ff ff e8 d8 c0 94 07 e8 73 c7 94 07 41 89
RSP: 0018:ffffc90001a977c0 EFLAGS: 00010287
RAX: ffffffff83e5ecff RBX: 0000000000000000 RCX: 0000000000100000
RDX: ffffc90020001000 RSI: 00000000ffffffe4 RDI: ffffffff8fd81df0
RBP: ffffc90001a979b0 R08: ffff888000794980 R09: 0000000000000003
R10: 00000000fffffffb R11: 0000000000000002 R12: dffffc0000000000
R13: ffffffffffffffe4 R14: ffff888040cc8001 R15: ffff888047bae6f0
FS:  00007f4025f0b6c0(0000) GS:ffff88808cf1b000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fb7d1224e9c CR3: 0000000012bc4000 CR4: 0000000000352ef0
Call Trace:
 <TASK>
 btrfs_delete_unused_bgs+0xdaf/0x1170 fs/btrfs/block-group.c:1721
 btrfs_remount_ro fs/btrfs/super.c:1369 [inline]
 btrfs_reconfigure+0xbc0/0x2160 fs/btrfs/super.c:1551
 reconfigure_super+0x227/0x8a0 fs/super.c:1077
 do_remount fs/namespace.c:3264 [inline]
 path_mount+0xd3e/0x1000 fs/namespace.c:4014
 do_mount fs/namespace.c:4035 [inline]
 __do_sys_mount fs/namespace.c:4224 [inline]
 __se_sys_mount+0x31d/0x420 fs/namespace.c:4201
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4024f9acb9
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4025f0b028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f4025216090 RCX: 00007f4024f9acb9
RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000000
RBP: 00007f4025008bf7 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000021 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f4025216128 R14: 00007f4025216090 R15: 00007ffe72b6b028
 </TASK>
----------------
Code disassembly (best guess):
   0:	bb dc fd e9 12       	mov    $0x12e9fddc,%ebx
   5:	01 00                	add    %eax,(%rax)
   7:	00 e8                	add    %ch,%al
   9:	b4 68                	mov    $0x68,%ah
   b:	c2 fd 84             	ret    $0x84fd
   e:	c0 74 28 e8 bb       	shlb   $0xbb,-0x18(%rax,%rbp,1)
  13:	bb dc fd e9 ff       	mov    $0xffe9fddc,%ebx
  18:	00 00                	add    %al,(%rax)
  1a:	00 e8                	add    %ch,%al
  1c:	b1 bb                	mov    $0xbb,%cl
  1e:	dc fd                	fdivr  %st,%st(5)
  20:	48 8d 3d ea 30 f2 0b 	lea    0xbf230ea(%rip),%rdi        # 0xbf23111
  27:	44 89 ee             	mov    %r13d,%esi
* 2a:	67 48 0f b9 3a       	ud1    (%edx),%rdi <-- trapping instruction
  2f:	e9 35 f9 ff ff       	jmp    0xfffff969
  34:	e8 d8 c0 94 07       	call   0x794c111
  39:	e8 73 c7 94 07       	call   0x794c7b1
  3e:	41                   	rex.B
  3f:	89                   	.byte 0x89