{"id":"CVE-2026-23050","summary":"pNFS: Fix a deadlock when returning a delegation during open()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\npNFS: Fix a deadlock when returning a delegation during open()\n\nBen Coddington reports seeing a hang in the following stack trace:\n  0 [ffffd0b50e1774e0] __schedule at ffffffff9ca05415\n  1 [ffffd0b50e177548] schedule at ffffffff9ca05717\n  2 [ffffd0b50e177558] bit_wait at ffffffff9ca061e1\n  3 [ffffd0b50e177568] __wait_on_bit at ffffffff9ca05cfb\n  4 [ffffd0b50e1775c8] out_of_line_wait_on_bit at ffffffff9ca05ea5\n  5 [ffffd0b50e177618] pnfs_roc at ffffffffc154207b [nfsv4]\n  6 [ffffd0b50e1776b8] _nfs4_proc_delegreturn at ffffffffc1506586 [nfsv4]\n  7 [ffffd0b50e177788] nfs4_proc_delegreturn at ffffffffc1507480 [nfsv4]\n  8 [ffffd0b50e1777f8] nfs_do_return_delegation at ffffffffc1523e41 [nfsv4]\n  9 [ffffd0b50e177838] nfs_inode_set_delegation at ffffffffc1524a75 [nfsv4]\n 10 [ffffd0b50e177888] nfs4_process_delegation at ffffffffc14f41dd [nfsv4]\n 11 [ffffd0b50e1778a0] _nfs4_opendata_to_nfs4_state at ffffffffc1503edf [nfsv4]\n 12 [ffffd0b50e1778c0] _nfs4_open_and_get_state at ffffffffc1504e56 [nfsv4]\n 13 [ffffd0b50e177978] _nfs4_do_open at ffffffffc15051b8 [nfsv4]\n 14 [ffffd0b50e1779f8] nfs4_do_open at ffffffffc150559c [nfsv4]\n 15 [ffffd0b50e177a80] nfs4_atomic_open at ffffffffc15057fb [nfsv4]\n 16 [ffffd0b50e177ad0] nfs4_file_open at ffffffffc15219be [nfsv4]\n 17 [ffffd0b50e177b78] do_dentry_open at ffffffff9c09e6ea\n 18 [ffffd0b50e177ba8] vfs_open at ffffffff9c0a082e\n 19 [ffffd0b50e177bd0] dentry_open at ffffffff9c0a0935\n\nThe issue is that the delegreturn is being asked to wait for a layout\nreturn that cannot complete because a state recovery was initiated. The\nstate recovery cannot complete until the open() finishes processing the\ndelegations it was given.\n\nThe solution is to propagate the existing flags that indicate a\nnon-blocking call to the function pnfs_roc(), so that it knows not to\nwait in this situation.","modified":"2026-04-02T17:29:37.588359615Z","published":"2026-02-04T16:04:19.279Z","related":["SUSE-SU-2026:20838-1","SUSE-SU-2026:20931-1","openSUSE-SU-2026:20416-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23050.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/857bf9056291a16785ae3be1d291026b2437fc48"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a316fd9d3065b753b03d802530004aea481512cc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c57387d447a2bcbaea009ba5f9497adf3de5edeb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d6c75aa9d607044d1e5c8498eff0259eed356c32"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23050.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23050"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"29ade5db12930ec60133f6a02791f4b1a4af2943"},{"fixed":"c57387d447a2bcbaea009ba5f9497adf3de5edeb"},{"fixed":"a316fd9d3065b753b03d802530004aea481512cc"},{"fixed":"d6c75aa9d607044d1e5c8498eff0259eed356c32"},{"fixed":"857bf9056291a16785ae3be1d291026b2437fc48"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23050.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.10.0"},{"fixed":"6.6.130"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.67"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.7"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23050.json"}}],"schema_version":"1.7.5"}