Description of problem: Facing issues where builds are failing due to iptables lock: ~~~ Jun 12 19:18:42 opennode-66-40.hosted.a3.vary.redhat.com atomic-openshift-node[10569]: E0612 19:18:42.463911 10569 kubelet_pods.go:1121] Failed killing the pod "dashing-33-deploy": failed to "KillPodSandbox" for "1ea67f12-6e75-11e8-9c50-0a979bbb7299" with KillPodSandboxError: "rpc error: code = Unknown desc = NetworkPlugin cni failed to teardown pod \"dashing-33-deploy_it-marketing\" network: CNI request failed with status 400: 'Failed to execute iptables-restore: exit status 4 (Another app is currently holding the xtables lock. Perhaps you want to use the -w option?\n)\n'" ~~~ This looks quite a bit like a regression of the BZ below: https://bugzilla.redhat.com/show_bug.cgi?id=1514627 Version-Release number of selected component (if applicable): atomic-openshift-3.9.30-1.git.0.dec1ba7.el7.x86_64 atomic-openshift-node-3.9.30-1.git.0.dec1ba7.el7.x86_64 iptables-1.4.21-24.1.el7_5.x86_64 kernel-3.10.0-862.el7.x86_64 How reproducible: Have not been able to reproduce in lab. Steps to Reproduce: 1.n/a 2. 3. Actual results: Builds are failing due to iptables lock. Expected results: Builds succeed. Additional info:
If this is caused by running `iptables-restore --table=$TABLE` or `ip6tables-restore --table=$TABLE` it may be https://bugzilla.netfilter.org/show_bug.cgi?id=1271, which has a patch fixing the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1673305 may be a duplicate bug of this issue.
*** This bug has been marked as a duplicate of bug 1734009 ***
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days