CVE-2026-23050

In the Linux kernel, the following vulnerability has been resolved:

pNFS: Fix a deadlock when returning a delegation during open()

Ben Coddington reports seeing a hang in the following stack trace: 0 [ffffd0b50e1774e0] __schedule at ffffffff9ca05415 1 [ffffd0b50e177548] schedule at ffffffff9ca05717 2 [ffffd0b50e177558] bit_wait at ffffffff9ca061e1 3 [ffffd0b50e177568] __waitonbit at ffffffff9ca05cfb 4 [ffffd0b50e1775c8] outoflinewaitonbit at ffffffff9ca05ea5 5 [ffffd0b50e177618] pnfsroc at ffffffffc154207b [nfsv4] 6 [ffffd0b50e1776b8] nfs4procdelegreturn at ffffffffc1506586 [nfsv4] 7 [ffffd0b50e177788] nfs4procdelegreturn at ffffffffc1507480 [nfsv4] 8 [ffffd0b50e1777f8] nfsdoreturndelegation at ffffffffc1523e41 [nfsv4] 9 [ffffd0b50e177838] nfsinodesetdelegation at ffffffffc1524a75 [nfsv4] 10 [ffffd0b50e177888] nfs4processdelegation at ffffffffc14f41dd [nfsv4] 11 [ffffd0b50e1778a0] nfs4opendatatonfs4state at ffffffffc1503edf [nfsv4] 12 [ffffd0b50e1778c0] nfs4openandgetstate at ffffffffc1504e56 [nfsv4] 13 [ffffd0b50e177978] nfs4doopen at ffffffffc15051b8 [nfsv4] 14 [ffffd0b50e1779f8] nfs4doopen at ffffffffc150559c [nfsv4] 15 [ffffd0b50e177a80] nfs4atomicopen at ffffffffc15057fb [nfsv4] 16 [ffffd0b50e177ad0] nfs4fileopen at ffffffffc15219be [nfsv4] 17 [ffffd0b50e177b78] dodentryopen at ffffffff9c09e6ea 18 [ffffd0b50e177ba8] vfsopen at ffffffff9c0a082e 19 [ffffd0b50e177bd0] dentryopen at ffffffff9c0a0935

The issue is that the delegreturn is being asked to wait for a layout return that cannot complete because a state recovery was initiated. The state recovery cannot complete until the open() finishes processing the delegations it was given.

The solution is to propagate the existing flags that indicate a non-blocking call to the function pnfs_roc(), so that it knows not to wait in this situation.