------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/bcachefs/sb-downgrade.c:276:4
index 0 is out of range for type '__le16[] __counted_by(nr_errors)' (aka 'unsigned short[]')
CPU: 0 UID: 0 PID: 60 Comm: kworker/u8:4 Not tainted 6.16.0-rc1-syzkaller-g39dfc971e42d #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: btree_update btree_interior_update_work
Call trace:
 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)
 __dump_stack+0x30/0x40 lib/dump_stack.c:94
 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120
 dump_stack+0x1c/0x28 lib/dump_stack.c:129
 ubsan_epilogue+0x14/0x48 lib/ubsan.c:233
 __ubsan_handle_out_of_bounds+0xd0/0xfc lib/ubsan.c:455
 downgrade_table_extra fs/bcachefs/sb-downgrade.c:276 [inline]
 bch2_sb_downgrade_update+0x8e8/0xa70 fs/bcachefs/sb-downgrade.c:399
 bch2_write_super+0xb1c/0x28dc fs/bcachefs/super-io.c:1081
 btree_update_new_nodes_mark_sb fs/bcachefs/btree_update_interior.c:613 [inline]
 btree_update_nodes_written fs/bcachefs/btree_update_interior.c:683 [inline]
 btree_interior_update_work+0x3a0/0x1d28 fs/bcachefs/btree_update_interior.c:867
 process_one_work+0x7e8/0x155c kernel/workqueue.c:3238
 process_scheduled_works kernel/workqueue.c:3321 [inline]
 worker_thread+0x958/0xed8 kernel/workqueue.c:3402
 kthread+0x5fc/0x75c kernel/kthread.c:464
 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847
---[ end trace ]---
bcachefs (loop0): bucket 0:38 gen 0 data type btree sector count overflow: 0 + -256 > U32_MAX
  while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
bcachefs (loop0): bucket 0:41 gen 0 data type btree sector count overflow: 0 + -256 > U32_MAX
  while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0
bcachefs (loop0): bucket 0:26 gen 0 data type btree sector count overflow: 0 + -256 > U32_MAX
  while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
bcachefs (loop0): bucket 0:35 gen 0 data type btree sector count overflow: 0 + -256 > U32_MAX
  while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0
bcachefs (loop0): bucket 0:32 gen 0 different types of data in same bucket: sb, btree
  while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
bcachefs (loop0): bucket 0:29 gen 0 data type btree sector count overflow: 0 + -256 > U32_MAX
  while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0