syzbot

bcachefs (loop0): check_subvolume_structure... done
bcachefs (loop0): check_directory_structure... done
bcachefs (loop0): check_nlinks... done
bcachefs (loop0): resume_logged_ops... done
bcachefs (loop0): delete_dead_inodes... done
bcachefs (loop0): set_fs_needs_rebalance... done
bcachefs (loop0): reading quotas
------------[ cut here ]------------
kernel BUG at fs/bcachefs/quota.c:232!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 1 UID: 0 PID: 5822 Comm: syz-executor846 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:bch2_quota_check_limit+0xd48/0xd70 fs/bcachefs/quota.c:232
Code: de e8 4c b4 ac 00 e9 9b fa ff ff e8 62 d3 52 fd 48 c7 c7 d0 11 f7 8e 48 89 de e8 33 b4 ac 00 e9 d8 fa ff ff e8 49 d3 52 fd 90 <0f> 0b e8 41 d3 52 fd 90 0f 0b e8 39 d3 52 fd 90 0f 0b e8 31 d3 52
RSP: 0000:ffffc90003a26eb0 EFLAGS: 00010293
RAX: ffffffff846c7bf7 RBX: 0000000000000000 RCX: ffff888034491e00
RDX: 0000000000000000 RSI: f7c0f28a20bd2430 RDI: 0000000000000000
RBP: f7c0f28a20bd2418 R08: ffffffff846c6f3f R09: f7c0f28a20bd2418
R10: dffffc0000000000 R11: fffffbfff20346cf R12: ffff88801c2ab000
R13: 0000000000000000 R14: f7c0f28a20bd2430 R15: ffffc90003a26fe0
FS:  0000555575981380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005593feb8d028 CR3: 0000000034268000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 bch2_quota_acct+0x3fb/0x750 fs/bcachefs/quota.c:299
 bch2_fs_quota_read_inode fs/bcachefs/quota.c:514 [inline]
 bch2_fs_quota_read+0x13d7/0x24b0 fs/bcachefs/quota.c:536
 bch2_fs_recovery+0x307d/0x3de0 fs/bcachefs/recovery.c:988
 bch2_fs_start+0x37c/0x610 fs/bcachefs/super.c:1041
 bch2_fs_get_tree+0xd8d/0x1740 fs/bcachefs/fs.c:2203
 vfs_get_tree+0x90/0x2b0 fs/super.c:1814
 do_new_mount+0x2be/0xb40 fs/namespace.c:3560
 do_mount fs/namespace.c:3900 [inline]
 __do_sys_mount fs/namespace.c:4111 [inline]
 __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:4088
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f175b6dcf6a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffc927aa508 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007ffc927aa520 RCX: 00007f175b6dcf6a
RDX: 0000400000000000 RSI: 0000400000000200 RDI: 00007ffc927aa520
RBP: 0000400000000200 R08: 00007ffc927aa560 R09: 000000000000f631
R10: 0000000002a18414 R11: 0000000000000282 R12: 0000400000000000
R13: 00007ffc927aa560 R14: 0000000000000003 R15: 0000000002a18414
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:bch2_quota_check_limit+0xd48/0xd70 fs/bcachefs/quota.c:232
Code: de e8 4c b4 ac 00 e9 9b fa ff ff e8 62 d3 52 fd 48 c7 c7 d0 11 f7 8e 48 89 de e8 33 b4 ac 00 e9 d8 fa ff ff e8 49 d3 52 fd 90 <0f> 0b e8 41 d3 52 fd 90 0f 0b e8 39 d3 52 fd 90 0f 0b e8 31 d3 52
RSP: 0000:ffffc90003a26eb0 EFLAGS: 00010293
RAX: ffffffff846c7bf7 RBX: 0000000000000000 RCX: ffff888034491e00
RDX: 0000000000000000 RSI: f7c0f28a20bd2430 RDI: 0000000000000000
RBP: f7c0f28a20bd2418 R08: ffffffff846c6f3f R09: f7c0f28a20bd2418
R10: dffffc0000000000 R11: fffffbfff20346cf R12: ffff88801c2ab000
R13: 0000000000000000 R14: f7c0f28a20bd2430 R15: ffffc90003a26fe0
FS:  0000555575981380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00005607afcf4000 CR3: 0000000034268000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400