bcachefs (loop1): bucket incorrectly unset in freespace btree
  u64s 5 type deleted 0:25:0 len 0 ver 0, , continuing
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/bcachefs/sb-downgrade.c:276:4
index 0 is out of range for type '__le16[] __counted_by(nr_errors)' (aka 'unsigned short[]')
CPU: 1 UID: 0 PID: 2055 Comm: kworker/u8:7 Not tainted 6.16.0-rc1-syzkaller-g39dfc971e42d #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: btree_update btree_interior_update_work
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 dump_stack+0x1c/0x28 lib/dump_stack.c:129
 ubsan_epilogue+0x14/0x48 lib/ubsan.c:233
 __ubsan_handle_out_of_bounds+0xd0/0xfc lib/ubsan.c:455
 downgrade_table_extra fs/bcachefs/sb-downgrade.c:276 [inline]
 bch2_sb_downgrade_update+0x8e8/0xa70 fs/bcachefs/sb-downgrade.c:399
 bch2_write_super+0xb1c/0x28dc fs/bcachefs/super-io.c:1081
 btree_update_new_nodes_mark_sb fs/bcachefs/btree_update_interior.c:613 [inline]
 btree_update_nodes_written fs/bcachefs/btree_update_interior.c:683 [inline]
 btree_interior_update_work+0x3a0/0x1d28 fs/bcachefs/btree_update_interior.c:867
 process_one_work+0x7e8/0x155c kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3321 [inline]
 worker_thread+0x958/0xed8 kernel/workqueue.c:3402
 kthread+0x5fc/0x75c kernel/kthread.c:464
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847
---[ end trace ]---
bcachefs (loop1): bucket 0:38 gen 0 data type btree sector count overflow: 0 + -256 > U32_MAX
  while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
bcachefs (loop1): bucket incorrectly unset in freespace btree
  u64s 5 type deleted 0:26:0 len 0 ver 0, , continuing
bcachefs (loop1): bucket 0:41 gen 0 data type btree sector count overflow: 0 + -256 > U32_MAX
  while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0
bcachefs (loop1): bucket incorrectly unset in freespace btree
  u64s 13 type alloc_v4 0:27:0 len 0 ver 0: 
    gen 0 oldest_gen 0 data_type free
    journal_seq_nonempty 0
    journal_seq_empty    0
    need_discard         0
    need_inc_gen         0
    dirty_sectors        0
    stripe_sectors       0
    cached_sectors       0
    stripe               0
    stripe_redundancy    0
    io_time[READ]        0
    io_time[WRITE]       0
    fragmentation     0
    bp_start          8
  , , continuing
bcachefs (loop1): bucket 0:31 gen 0 data type btree sector count overflow: 0 + -256 > U32_MAX
  while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key R POS_MIN durability: 1 ptr: 0:31:0 gen 0
bcachefs (loop1): bucket incorrectly unset in freespace btree
  u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing
bcachefs (loop1): bucket incorrectly unset in freespace btree
  u64s 5 type deleted 0:30:0 len 0 ver 0, , continuing
bcachefs (loop1): bucket incorrectly unset in freespace btree
  u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing
bcachefs (loop1): bucket incorrectly unset in freespace btree
  u64s 5 type deleted 0:30:0 len 0 ver 0, , continuing
bcachefs (loop1): bucket incorrectly unset in freespace btree
  u64s 13 type alloc_v4 0:31:0 len 0 ver 0: 
    gen 0 oldest_gen 0 data_type free
    journal_seq_nonempty 0
    journal_seq_empty    0
    need_discard         0
    need_inc_gen         0
    dirty_sectors        0
    stripe_sectors       0
    cached_sectors       0
    stripe               0
    stripe_redundancy    0
    io_time[READ]        0
    io_time[WRITE]       0
    fragmentation     0
    bp_start          8
  , , continuing
bcachefs (loop1): bucket incorrectly unset in freespace btree
  u64s 5 type deleted 0:32:0 len 0 ver 0, , continuing
bcachefs (loop1): bucket incorrectly unset in freespace btree
  u64s 5 type deleted 0:33:0 len 0 ver 0, , continuing
bcachefs (loop1): bucket incorrectly unset in freespace btree
  u64s 5 type deleted 0:34:0 len 0 ver 0, , continuing
  Ratelimiting new instances of previous error
bcachefs (loop1): bucket 0:35 gen 0 data type btree sector count overflow: 0 + -256 > U32_MAX
  while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0