CVE-2026-53026

In the Linux kernel, the following vulnerability has been resolved:

NFSD: fix nfs4 file access extra count in nfsd4 add rdaccess to wrdeleg

In nfsd4 add rdaccess to wrdeleg, if fp->fi fds[O RDONLY] is already set by another thread, nfs4 file get access should not be called to increment the nfs4 file access count since that was already done by the thread that added READ access to the file. The extra fi access count in nfs4 file can prevent the corresponding nfsd file from being freed.

When stopping nfs-server service, these extra access counts trigger a BUG in kmem cache destroy() that shows nfsd file object remaining on kmem cache shutdown.

This problem can be reproduced by running the Git project's test suite over NFS.