Signed integer overflow in mean_and_variance.c:130:52

[thememika]

Commit: 54c7bbb4308a0928872efba599ae7d1d8424b57a
FS upgrade from 1.13 to 1.15.
Recovery pass not ran, instead mount finished early.
Signed integer overflow is undefined behavior.

[   51.327352] [    T1] bcachefs (dm-26): starting version 1.13: inode_has_child_snapshots opts=ro,str_hash=crc32c,usrquota,grpquota,prjquota,read_only
[   51.327480] [    T1] bcachefs (dm-26): recovering from clean shutdown, journal seq 19452793
[   51.327502] [    T1] bcachefs (dm-26): Doing compatible version upgrade from 1.13: inode_has_child_snapshots to 1.15: disk_accounting_big_endian
                          running recovery passes: check_allocations,check_backpointers_to_extents,check_extents_to_backpointers
[   51.350464] [    T1] bcachefs (dm-26): accounting_read...
[   51.410735] [    T1] ------------[ cut here ]------------
[   51.410737] [    T1] UBSAN: signed-integer-overflow in fs/bcachefs/mean_and_variance.c:130:52
[   51.410740] [    T1] 12253116916 * 12205253179 cannot be represented in type 's64' (aka 'long long')
[   51.410742] [    T1] CPU: 3 UID: 0 PID: 1 Comm: limeup Not tainted 6.12.0-blahaj-lts-rt-DEBUG #239
[   51.410747] [    T1] Call Trace:
[   51.410748] [    T1]  <TASK>
[   51.410750] [    T1]  handle_overflow+0xf9/0x190
[   51.410760] [    T1]  ? rt_spin_lock+0xaa/0x1c0
[   51.410766] [    T1]  ? lock_acquire+0xcc/0x230
[   51.410769] [    T1]  ? rt_spin_lock+0xaa/0x1c0
[   51.410775] [    T1]  mean_and_variance_weighted_update+0x2b4/0x380
[   51.410781] [    T1]  ? lockdep_hardirqs_on_prepare+0x18f/0x270
[   51.410788] [    T1]  time_stats_update_one+0x1a6/0x4c0
[   51.410796] [    T1]  __bch2_time_stats_update+0x8e/0x120
[   51.410802] [    T1]  bch2_btree_node_read_done+0x1dcf/0x1fb0
[   51.410807] [    T1]  ? local_clock_noinstr+0x30/0xc0
[   51.410830] [    T1]  ? bch2_btree_node_read_done+0x18ef/0x1fb0
[   51.410838] [    T1]  btree_node_read_work+0x20f/0x990
[   51.410855] [    T1]  bch2_btree_node_read+0xf04/0x1080
[   51.410857] [    T1]  ? rt_mutex_slowunlock.11827+0x30/0x1c0
[   51.410865] [    T1]  ? sched_clock_noinstr+0xd/0x10
[   51.410869] [    T1]  ? local_clock_noinstr+0x30/0xc0
[   51.410876] [    T1]  ? sched_clock_noinstr+0xd/0x10
[   51.410879] [    T1]  ? local_clock_noinstr+0x30/0xc0
[   51.410883] [    T1]  ? lock_release+0x14b/0x5c0
[   51.410890] [    T1]  ? bch2_btree_node_fill+0x62b/0xa80
[   51.410894] [    T1]  bch2_btree_node_fill+0x7df/0xa80
[   51.410898] [    T1]  ? btree_cache_find+0x34d/0x450
[   51.410903] [    T1]  ? __bch2_btree_node_get+0x32f/0x620
[   51.410910] [    T1]  __bch2_btree_node_get+0x32f/0x620
[   51.410914] [    T1]  ? bch2_accounting_read+0xa25/0x27d0
[   51.410926] [    T1]  bch2_btree_node_get+0x175/0x4e0
[   51.410935] [    T1]  bch2_btree_path_traverse_one+0x98c/0xfe0
[   51.410946] [    T1]  ? bch2_accounting_read+0xa25/0x27d0
[   51.410952] [    T1]  ? lock_acquire+0xcc/0x230
[   51.410956] [    T1]  ? bch2_btree_path_traverse_one+0x470/0xfe0
[   51.410964] [    T1]  bch2_btree_iter_peek_max+0x2c1/0xec0
[   51.410973] [    T1]  ? bch2_path_get+0x294/0x400
[   51.410976] [    T1]  ? bch2_accounting_read+0xc3/0x27d0
[   51.410985] [    T1]  bch2_accounting_read+0xa25/0x27d0
[   51.410993] [    T1]  ? trace_hardirqs_on+0x78/0xf0
[   51.410997] [    T1]  ? vprintk_store+0x44d/0x4b0
[   51.411010] [    T1]  ? bch2_accounting_read+0xc3/0x27d0
[   51.411019] [    T1]  ? bch2_accounting_read+0xc3/0x27d0
[   51.411025] [    T1]  ? __bch2_print+0xbf/0x100
[   51.411028] [    T1]  ? bch2_run_recovery_passes+0x182/0x430
[   51.411038] [    T1]  bch2_run_recovery_passes+0x182/0x430
[   51.411047] [    T1]  bch2_fs_recovery+0xd1d/0x17f0
[   51.411051] [    T1]  ? sched_clock_noinstr+0xd/0x10
[   51.411054] [    T1]  ? local_clock_noinstr+0x30/0xc0
[   51.411065] [    T1]  ? bch2_get_next_online_dev+0x28a/0x340
[   51.411067] [    T1]  ? bch2_get_next_online_dev+0x54/0x340
[   51.411075] [    T1]  ? bch2_fs_get_tree+0x270/0x860
[   51.411078] [    T1]  bch2_fs_start+0x260/0x470
[   51.411084] [    T1]  bch2_fs_get_tree+0x270/0x860
[   51.411125] [    T1]  vfs_get_tree+0x33/0x160
[   51.411130] [    T1]  ? mount_capable+0x6c/0x80
[   51.411136] [    T1]  do_new_mount+0x270/0x4c0
[   51.411149] [    T1]  path_mount+0x3ce/0x5f0
[   51.411158] [    T1]  __se_sys_mount+0x111/0x200
[   51.411167] [    T1]  __x64_sys_mount+0x29/0x30
[   51.411170] [    T1]  x64_sys_call+0x68b/0x2d30
[   51.411185] [    T1]  ? trace_hardirqs_on+0x78/0xf0
[   51.411187] [    T1]  do_syscall_64+0x65/0xf0
[   51.411191] [    T1]  entry_SYSCALL_64_after_hwframe+0x62/0x6a
[   51.411195] [    T1] RIP: 0033:0x7ffff7dddaaa
[   51.411198] [    T1] Code: 48 8b 0d 71 c3 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 3e c3 0c 00 f7 d8 64 89 01 48
[   51.411200] [    T1] RSP: 002b:00007fffffffe9b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[   51.411204] [    T1] RAX: ffffffffffffffda RBX: 00007fffffffeb88 RCX: 00007ffff7dddaaa
[   51.411205] [    T1] RDX: 00007fffffffef7b RSI: 00007fffffffefae RDI: 00007fffffffef9f
[   51.411206] [    T1] RBP: 00007fffffffef9f R08: 00005555556662e0 R09: 0000000000000000
[   51.411208] [    T1] R10: 0000000000008001 R11: 0000000000000206 R12: 00007fffffffefae
[   51.411209] [    T1] R13: 00007fffffffef7b R14: 0000000000008001 R15: 00007fffffffeda0
[   51.411225] [    T1]  </TASK>
[   51.411225] [    T1] ---[ end trace ]---
[   79.116010] [    T1] bcachefs (dm-26): alloc_read... done
[   79.177762] [    T1] bcachefs (dm-26): stripes_read... done
[   79.177781] [    T1] bcachefs (dm-26): snapshots_read... done
[   79.177893] [    T1] bcachefs (dm-26): reading quotas
[  417.044481] [    T1] bcachefs (dm-26): quotas done
[  417.045250] [    T1] bcachefs (dm-26): done starting filesystem