Subnets with duplicated CIDRs could be added to one router if multiple commands are executed at the same time

I have three controller nodes and the Neutron servers on these controllers are set behind Pacemaker and HAProxy to realize active/active HA using DevStack. MariaDB Galera cluster is used as my database backend.I am using the latest codes.

If one router is going to add two subnets as interface, however these two subnets' CIDRs are duplicated, the expected result is the later API request would fail with error message like this
Bad router request: Cidr 192.166.100.0/24 of subnet bee7663c-f0a0-4120-b556-944af7ca40cf overlaps with cidr 192.166.0.0/16 of subnet 697c82cf-82fd-4187-b460-7046c81f13dc.

But when we run the two commands at the same time, both commands would work and the router would end up with two ports, which have duplicated CIDRs. I have tested for more than 20 times and in only once have I received the expected error message.

How to reproduce

Step 1: Create a router
$ neutron router-create router-subnet-test

Step 2: Create two internal networks
$ neutron net-create net1
$ neutron net-create net2

Step 3: Add one subnet to each of these two networks
$ neutron subnet-create --name subnet1 net1 192.166.100.0/24
$ neutron subnet-create --name subnet2 net2 192.166.0.0/16

Here, we are creating two subnets on different networks with duplicated CIDRs.

Step 4: Add the two subnets as one router's interface at the same time
On controller1:
$ neutron router-interface-add router-subnet-test subnet1
On controller2:
$ neutron router-interface-add router-subnet-test subnet2

Both commands would work and we could see that the router now has two ports, which have duplicated CIDRs
http://paste.openstack.org/show/483838/

In [1], we do have a method to _check_for_dup_router_subnet, but when two API requests arrive at the same time, both checks would validate.

[1] https://github.com/openstack/neutron/blob/master/neutron/db/l3_db.py#L590