bcachefs (loop2): invalid bkey in btree_node btree=accounting level=0: u64s 8 type accounting POS_MIN len 0 ver 21474838808: nr_inodes 287 0 0 accounting key with 3 counters, should be 1, deleting ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in fs/bcachefs/disk_accounting.c:238:2 index 31 is out of range for type 'const unsigned int[9]' CPU: 0 UID: 0 PID: 7690 Comm: syz.2.216 Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 dump_stack+0x1c/0x28 lib/dump_stack.c:129 ubsan_epilogue+0x14/0x48 lib/ubsan.c:233 __ubsan_handle_out_of_bounds+0xd0/0xfc lib/ubsan.c:455 bch2_accounting_validate+0xdd8/0xea4 fs/bcachefs/disk_accounting.c:238 bch2_bkey_val_validate+0x188/0x280 fs/bcachefs/bkey_methods.c:143 btree_node_bkey_val_validate fs/bcachefs/btree_io.c:880 [inline] bch2_btree_node_read_done+0x2c90/0x449c fs/bcachefs/btree_io.c:1303 btree_node_read_work+0x320/0xc14 fs/bcachefs/btree_io.c:1440 bch2_btree_node_read+0x814/0x23f8 fs/bcachefs/btree_io.c:-1 __bch2_btree_root_read fs/bcachefs/btree_io.c:1906 [inline] bch2_btree_root_read+0x280/0x3c8 fs/bcachefs/btree_io.c:1928 read_btree_roots+0x218/0x6c0 fs/bcachefs/recovery.c:615 bch2_fs_recovery+0x1bb4/0x2fb4 fs/bcachefs/recovery.c:1006 bch2_fs_start+0x940/0xbec fs/bcachefs/super.c:1213 bch2_fs_get_tree+0x880/0x107c fs/bcachefs/fs.c:2488 vfs_get_tree+0x90/0x28c fs/super.c:1815 do_new_mount+0x278/0x7f4 fs/namespace.c:3808 path_mount+0x5b4/0xde0 fs/namespace.c:4123 do_mount fs/namespace.c:4136 [inline] __do_sys_mount fs/namespace.c:4347 [inline] __se_sys_mount fs/namespace.c:4324 [inline] __arm64_sys_mount+0x3e8/0x468 fs/namespace.c:4324 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x254 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:763 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 ---[ end trace ]--- ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in fs/bcachefs/disk_accounting.c:238:2 index 31 is out of range for type 'const unsigned int[9]' CPU: 0 UID: 0 PID: 7690 Comm: syz.2.216 Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/30/2025 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 dump_stack+0x1c/0x28 lib/dump_stack.c:129 ubsan_epilogue+0x14/0x48 lib/ubsan.c:233 __ubsan_handle_out_of_bounds+0xd0/0xfc lib/ubsan.c:455 bch2_accounting_validate+0xe7c/0xea4 fs/bcachefs/disk_accounting.c:238 bch2_bkey_val_validate+0x188/0x280 fs/bcachefs/bkey_methods.c:143 btree_node_bkey_val_validate fs/bcachefs/btree_io.c:880 [inline] bch2_btree_node_read_done+0x2c90/0x449c fs/bcachefs/btree_io.c:1303 btree_node_read_work+0x320/0xc14 fs/bcachefs/btree_io.c:1440 bch2_btree_node_read+0x814/0x23f8 fs/bcachefs/btree_io.c:-1 __bch2_btree_root_read fs/bcachefs/btree_io.c:1906 [inline] bch2_btree_root_read+0x280/0x3c8 fs/bcachefs/btree_io.c:1928 read_btree_roots+0x218/0x6c0 fs/bcachefs/recovery.c:615 bch2_fs_recovery+0x1bb4/0x2fb4 fs/bcachefs/recovery.c:1006 bch2_fs_start+0x940/0xbec fs/bcachefs/super.c:1213 bch2_fs_get_tree+0x880/0x107c fs/bcachefs/fs.c:2488 vfs_get_tree+0x90/0x28c fs/super.c:1815 do_new_mount+0x278/0x7f4 fs/namespace.c:3808 path_mount+0x5b4/0xde0 fs/namespace.c:4123 do_mount fs/namespace.c:4136 [inline] __do_sys_mount fs/namespace.c:4347 [inline] __se_sys_mount fs/namespace.c:4324 [inline] __arm64_sys_mount+0x3e8/0x468 fs/namespace.c:4324 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x254 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x5c/0x254 arch/arm64/kernel/entry-common.c:744 el0t_64_sync_handler+0x84/0x12c arch/arm64/kernel/entry-common.c:763 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:596 ---[ end trace ]--- bcachefs (loop2): invalid bkey in btree_node btree=accounting level=0: u64s 8 type accounting 2301339409586323456:0:131075 len 0 ver 25769805346: unknown type 31 0 256 0 accounting key with 3 counters, should be 0, deleting bcachefs (loop2): sb invalid before write: Invalid superblock section downgrade: downgrade entry overruns end of superblock section downgrade (size 120): version: 1.9: disk_accounting_v2 recovery passes: check_allocations errors: dev_usage_buckets_wrong,dev_usage_sectors_wrong,dev_usage_fragmented_wrong,fs_usage_hidden_wrong,fs_usage_btree_wrong,fs_usage_data_wrong,fs_usage_cached_wrong,fs_usage_reserved_wrong,fs_usage_nr_inodes_wrong,fs_usage_persistent_reserved_wrong,fs_usage_replicas_wrong,bkey_version_in_future version: 1.10: disk_accounting_v3 recovery passes: check_allocations errors: dev_usage_buckets_wrong,dev_usage_sectors_wrong,dev_usage_fragmented_wrong,fs_usage_hidden_wrong,fs_usage_btree_wrong,fs_usage_data_wrong,fs_usage_cached_wrong,fs_usage_reserved_wrong,fs_usage_nr_inodes_wrong,fs_usage_persistent_reserved_wrong,fs_usage_replicas_wrong,accounting_replicas_not_marked,bkey_version_in_future bcachefs (loop2): error reading btree root btree=accounting level=0: btree_node_read_error, fixing bcachefs (loop2): check_topology... bcachefs (loop2): btree root extents unreadable, must recover from scan bcachefs (loop2): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding bcachefs (loop2): bch2_check_root(): error restart_recovery bcachefs (loop2): scan_for_btree_nodes... bcachefs (loop2): btree node scan found 1 nodes after overwrites done bcachefs (loop2): check_topology... bcachefs (loop2): btree root extents unreadable, must recover from scan bcachefs (loop2): bch2_get_scanned_nodes(): recovery btree=extents level=0 POS_MIN - SPOS_MAX bcachefs (loop2): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c70ab18f40f86f94 written 24 min_key POS_MIN durability: 1 ptr: 0:167:0 gen 0 bcachefs (loop2): empty interior btree node at btree=extents level=1 u64s 5 type btree_ptr SPOS_MAX len 0 ver 0, fixing bcachefs (loop2): bch2_btree_repair_topology_recurse(): error ECHILD bcachefs (loop2): empty btree root extents bcachefs (loop2): btree root snapshots unreadable, must recover from scan bcachefs (loop2): no nodes found for btree snapshots, shutting down error not marked as autofix and not in fsck run fsck, and forward to devs so error can be marked for self-healing bcachefs (loop2): bch2_check_root(): error fsck_errors_not_fixed bcachefs (loop2): error in recovery: fsck_errors_not_fixed bcachefs (loop2): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed bcachefs (loop2): shutting down bcachefs (loop2): shutdown complete bcachefs: bch2_fs_get_tree() error: fsck_errors_not_fixed