BUG: memory leak
unreferenced object 0xffff888120c6a940 (size 64):
  comm "syz-executor.3", pid 5294, jiffies 4294955690 (age 17.120s)
  hex dump (first 32 bytes):
    00 00 1a 00 00 00 00 00 ff ff 1a 00 00 00 00 00  ................
    60 b6 2e 03 00 c9 ff ff 60 b6 2e 03 00 c9 ff ff  `.......`.......
  backtrace:
    [<ffffffff816339bd>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline]
    [<ffffffff816339bd>] slab_post_alloc_hook mm/slab.h:766 [inline]
    [<ffffffff816339bd>] slab_alloc_node mm/slub.c:3478 [inline]
    [<ffffffff816339bd>] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517
    [<ffffffff8157e845>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1098
    [<ffffffff8215ec8b>] kmalloc include/linux/slab.h:600 [inline]
    [<ffffffff8215ec8b>] ulist_add_merge fs/btrfs/ulist.c:210 [inline]
    [<ffffffff8215ec8b>] ulist_add_merge+0xcb/0x2b0 fs/btrfs/ulist.c:198
    [<ffffffff821b3964>] add_extent_changeset fs/btrfs/extent-io-tree.c:199 [inline]
    [<ffffffff821b3964>] add_extent_changeset fs/btrfs/extent-io-tree.c:186 [inline]
    [<ffffffff821b3964>] clear_state_bit+0xa4/0x1f0 fs/btrfs/extent-io-tree.c:559
    [<ffffffff821b4b12>] __clear_extent_bit+0x432/0x840 fs/btrfs/extent-io-tree.c:731
    [<ffffffff82169c7d>] __btrfs_qgroup_release_data+0x21d/0x4a0 fs/btrfs/qgroup.c:4123
    [<ffffffff820e2737>] alloc_ordered_extent+0x57/0x2c0 fs/btrfs/ordered-data.c:159
    [<ffffffff820e2dc8>] btrfs_alloc_ordered_extent+0x78/0x4f0 fs/btrfs/ordered-data.c:274
    [<ffffffff820ab67a>] btrfs_create_dio_extent+0xba/0x1b0 fs/btrfs/inode.c:6953
    [<ffffffff820c47ac>] btrfs_get_blocks_direct_write fs/btrfs/inode.c:7343 [inline]
    [<ffffffff820c47ac>] btrfs_dio_iomap_begin+0xcbc/0x11a0 fs/btrfs/inode.c:7594
    [<ffffffff81772039>] iomap_iter+0x219/0x590 fs/iomap/iter.c:91
    [<ffffffff8177968b>] __iomap_dio_rw+0x2bb/0xd40 fs/iomap/direct-io.c:658
    [<ffffffff820c4da3>] btrfs_dio_write+0x73/0xa0 fs/btrfs/inode.c:7798
    [<ffffffff820cf774>] btrfs_direct_write fs/btrfs/file.c:1543 [inline]
    [<ffffffff820cf774>] btrfs_do_write_iter+0x454/0x960 fs/btrfs/file.c:1684
    [<ffffffff816924c4>] call_write_iter include/linux/fs.h:2020 [inline]
    [<ffffffff816924c4>] do_iter_readv_writev+0x154/0x220 fs/read_write.c:735
    [<ffffffff81693c4c>] do_iter_write+0xec/0x370 fs/read_write.c:860

BUG: memory leak
unreferenced object 0xffff88812133c900 (size 64):
  comm "syz-executor.5", pid 5387, jiffies 4294956415 (age 9.870s)
  hex dump (first 32 bytes):
    00 00 21 00 00 00 00 00 ff ff 21 00 00 00 00 00  ..!.......!.....
    60 76 5d 06 00 c9 ff ff 60 76 5d 06 00 c9 ff ff  `v].....`v].....
  backtrace:
    [<ffffffff816339bd>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline]
    [<ffffffff816339bd>] slab_post_alloc_hook mm/slab.h:766 [inline]
    [<ffffffff816339bd>] slab_alloc_node mm/slub.c:3478 [inline]
    [<ffffffff816339bd>] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517
    [<ffffffff8157e845>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1098
    [<ffffffff8215ec8b>] kmalloc include/linux/slab.h:600 [inline]
    [<ffffffff8215ec8b>] ulist_add_merge fs/btrfs/ulist.c:210 [inline]
    [<ffffffff8215ec8b>] ulist_add_merge+0xcb/0x2b0 fs/btrfs/ulist.c:198
    [<ffffffff821b3964>] add_extent_changeset fs/btrfs/extent-io-tree.c:199 [inline]
    [<ffffffff821b3964>] add_extent_changeset fs/btrfs/extent-io-tree.c:186 [inline]
    [<ffffffff821b3964>] clear_state_bit+0xa4/0x1f0 fs/btrfs/extent-io-tree.c:559
    [<ffffffff821b4b12>] __clear_extent_bit+0x432/0x840 fs/btrfs/extent-io-tree.c:731
    [<ffffffff82169c7d>] __btrfs_qgroup_release_data+0x21d/0x4a0 fs/btrfs/qgroup.c:4123
    [<ffffffff820e2737>] alloc_ordered_extent+0x57/0x2c0 fs/btrfs/ordered-data.c:159
    [<ffffffff820e2dc8>] btrfs_alloc_ordered_extent+0x78/0x4f0 fs/btrfs/ordered-data.c:274
    [<ffffffff820ab67a>] btrfs_create_dio_extent+0xba/0x1b0 fs/btrfs/inode.c:6953
    [<ffffffff820c47ac>] btrfs_get_blocks_direct_write fs/btrfs/inode.c:7343 [inline]
    [<ffffffff820c47ac>] btrfs_dio_iomap_begin+0xcbc/0x11a0 fs/btrfs/inode.c:7594
    [<ffffffff81772039>] iomap_iter+0x219/0x590 fs/iomap/iter.c:91
    [<ffffffff8177968b>] __iomap_dio_rw+0x2bb/0xd40 fs/iomap/direct-io.c:658
    [<ffffffff820c4da3>] btrfs_dio_write+0x73/0xa0 fs/btrfs/inode.c:7798
    [<ffffffff820cf774>] btrfs_direct_write fs/btrfs/file.c:1543 [inline]
    [<ffffffff820cf774>] btrfs_do_write_iter+0x454/0x960 fs/btrfs/file.c:1684
    [<ffffffff816924c4>] call_write_iter include/linux/fs.h:2020 [inline]
    [<ffffffff816924c4>] do_iter_readv_writev+0x154/0x220 fs/read_write.c:735
    [<ffffffff81693c4c>] do_iter_write+0xec/0x370 fs/read_write.c:860

BUG: memory leak
unreferenced object 0xffff888120d090c0 (size 64):
  comm "syz-executor.6", pid 5557, jiffies 4294956547 (age 8.550s)
  hex dump (first 32 bytes):
    00 00 0e 00 00 00 00 00 ff ff 0e 00 00 00 00 00  ................
    60 b6 25 07 00 c9 ff ff 60 b6 25 07 00 c9 ff ff  `.%.....`.%.....
  backtrace:
    [<ffffffff816339bd>] kmemleak_alloc_recursive include/linux/kmemleak.h:42 [inline]
    [<ffffffff816339bd>] slab_post_alloc_hook mm/slab.h:766 [inline]
    [<ffffffff816339bd>] slab_alloc_node mm/slub.c:3478 [inline]
    [<ffffffff816339bd>] __kmem_cache_alloc_node+0x2dd/0x3f0 mm/slub.c:3517
    [<ffffffff8157e845>] kmalloc_trace+0x25/0x90 mm/slab_common.c:1098
    [<ffffffff8215ec8b>] kmalloc include/linux/slab.h:600 [inline]
    [<ffffffff8215ec8b>] ulist_add_merge fs/btrfs/ulist.c:210 [inline]
    [<ffffffff8215ec8b>] ulist_add_merge+0xcb/0x2b0 fs/btrfs/ulist.c:198
    [<ffffffff821b3964>] add_extent_changeset fs/btrfs/extent-io-tree.c:199 [inline]
    [<ffffffff821b3964>] add_extent_changeset fs/btrfs/extent-io-tree.c:186 [inline]
    [<ffffffff821b3964>] clear_state_bit+0xa4/0x1f0 fs/btrfs/extent-io-tree.c:559
    [<ffffffff821b4b12>] __clear_extent_bit+0x432/0x840 fs/btrfs/extent-io-tree.c:731
    [<ffffffff82169c7d>] __btrfs_qgroup_release_data+0x21d/0x4a0 fs/btrfs/qgroup.c:4123
    [<ffffffff820e2737>] alloc_ordered_extent+0x57/0x2c0 fs/btrfs/ordered-data.c:159
    [<ffffffff820e2dc8>] btrfs_alloc_ordered_extent+0x78/0x4f0 fs/btrfs/ordered-data.c:274
    [<ffffffff820ab67a>] btrfs_create_dio_extent+0xba/0x1b0 fs/btrfs/inode.c:6953
    [<ffffffff820c47ac>] btrfs_get_blocks_direct_write fs/btrfs/inode.c:7343 [inline]
    [<ffffffff820c47ac>] btrfs_dio_iomap_begin+0xcbc/0x11a0 fs/btrfs/inode.c:7594
    [<ffffffff81772039>] iomap_iter+0x219/0x590 fs/iomap/iter.c:91
    [<ffffffff8177968b>] __iomap_dio_rw+0x2bb/0xd40 fs/iomap/direct-io.c:658
    [<ffffffff820c4da3>] btrfs_dio_write+0x73/0xa0 fs/btrfs/inode.c:7798
    [<ffffffff820cf774>] btrfs_direct_write fs/btrfs/file.c:1543 [inline]
    [<ffffffff820cf774>] btrfs_do_write_iter+0x454/0x960 fs/btrfs/file.c:1684
    [<ffffffff816924c4>] call_write_iter include/linux/fs.h:2020 [inline]
    [<ffffffff816924c4>] do_iter_readv_writev+0x154/0x220 fs/read_write.c:735
    [<ffffffff81693c4c>] do_iter_write+0xec/0x370 fs/read_write.c:860