On Sun, Dec 11, 2022 at 11:08:30AM +0200, Leon Romanovsky wrote: > From: Patrisious Haddad <phaddad@xxxxxxxxxx> > > resolve_prepare_src() changes the destination address of the id, > regardless of success, and on failure zeroes it out. > > Instead on function failure keep the original destination address > of the id. > > Since the id could have been already added to the cm id tree and > zeroing its destination address, could result in a key mismatch or > multiple ids having the same key(zero) in the tree which could lead to: Oh, this can't be right The destination address is variable and it is changed by resolve even in good cases. So this part of the rb search is nonsense: result = compare_netdev_and_ip( node_id_priv->id.route.addr.dev_addr.bound_dev_if, cma_dst_addr(node_id_priv), this); The only way to fix it is to freeze the dst_addr before inserting things into the rb tree. ie completely block resolve_prepare_src() Most probably this suggests that the id is being inserted into the rbtree at the wrong time, before the dst_add becomes unchangable. Jason
