In function iscsi_if_recv_msg() at drivers/scsi/scsi_transport_iscsi.c:3491, the call to iscsi_lookup_endpoint() in line 3575 may fail, and thus function iscsi_if_recv_msg() will return the value of variable 'err'. And, the function iscsi_if_recv_msg() will return 0 at last when it runs well. So the function iscsi_if_recv_msg() will return 0 to its caller functions when it runs error because of the failing call to iscsi_lookup_endpoint(), leading to a wrong return value in function iscsi_if_recv_msg(). The related code snippets in iscsi_if_recv_msg() are as following. iscsi_if_recv_msg @@ drivers/scsi/scsi_transport_iscsi.c:3491 3491 static int 3492 iscsi_if_recv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, uint32_t *group) 3493 { 3494 int err = 0; ...... 3575 ep = iscsi_lookup_endpoint(ev->u.b_conn.transport_eph); 3576 if (ep) { 3577 ep->conn = conn; 3578 3579 mutex_lock(&conn->ep_mutex); 3580 conn->ep = ep; 3581 mutex_unlock(&conn->ep_mutex); 3582 } else 3583 iscsi_cls_conn_printk(KERN_ERR, conn, 3584 "Could not set ep conn " 3585 "binding\n"); 3586 break; ...... 3679 return err; 3680 } Generally, the return value of caller functions which call function iscsi_lookup_endpoint() shall be set to a negative number when the call to iscsi_lookup_endpoint() fails, like the following codes in another file. beiscsi_conn_bind @@ drivers/scsi/be2iscsi/be_iscsi.cīŧ195 195 int beiscsi_conn_bind(struct iscsi_cls_session *cls_session, 196 struct iscsi_cls_conn *cls_conn, 197 u64 transport_fd, int is_leading) 198 { ...... 208 ep = iscsi_lookup_endpoint(transport_fd); 209 if (!ep) 210 return -EINVAL; ...... 238 } Thank you RUC_Soft_Sec