[bug report] Potential atomicity bug in fs/btrfs/compression.c, between btrfs_put_workspace() and free_workspace_manager()
From: Ginger
Date: Thu Apr 23 2026 - 00:56:48 EST
Dear Linux kernel maintainers,
My research-based static analyzer found a potential atomicity bug
within the 'fs/btrfs' subsystem, more specifically, in
'fs/btrfs/compression.c'.
Kernel version: long-term kernel v6.18.9
Potential concurrent triggering executions:
T0:
btrfs_put_workspace
--> ws_lock = fs_info->compr_wsm[type]->ws_lock;
--> spin_lock(ws_lock)
--> list_add(ws, gwsm->idl_ws)
--> spin_unlock(ws_lock)
T1:
free_workspace_manager
--> gwsm = fs_info->compr_wsm[type];
--> while(!list_empty(gwsm->idle_ws))
In T1, the accesses to the idle_ws are plain memory reads and writes,
without holding the 'ws_lock' to protect against potential data races.
Please kindly check at your convenience. Thank you for your time and
consideration.
Best regards,
Ginger