Description

RunPodSandbox may timeout due to an issue in runc 1.0-rc93 that causes runc init to occasionally block. When this happens, RunPodSandbox will attempt to teardown the pod network but it doesn't invoke the CNI plugin because the context is already done.

With weave this causes IP addresses to be leaked.

Steps to reproduce the issue:
The issue is difficult to reproduce because creating pods usually does not cause runc init to block.

Describe the results you received:
Containerd logs have these two errors

Apr 29 23:36:45 containerd[31496]: time="2021-04-29T23:36:45.508150505Z" level=error msg="Failed to destroy network for sandbox \"0b144833243817a427ae76dfc604279fe5ff52558d3c852ff22aea7481316f65\"" error="netplugin failed with no error message: context deadline exceeded"
Apr 29 23:36:45 containerd[31496]: time="2021-04-29T23:36:45.508447550Z" level=error msg="RunPodSandbox for &PodSandboxMetadata{Name:proxy-54d75f5bf4-4vkq4,Uid:7a4c0ac7-0c23-48cb-970c-92cc6b4b0983,Namespace:default,Attempt:0,} failed, error" error="failed to start sandbox container task \"0b144833243817a427ae76dfc604279fe5ff52558d3c852ff22aea7481316f65\": context deadline exceeded: unknown"

Describe the results you expected:
The net plugin should be invoked even when RunPodSandbox has a context deadline exceeded error.

What version of containerd are you using:
1.4.4

$ containerd --version

Any other relevant information (runC version, CRI configuration, OS/Kernel version, etc.):

runc version 1.0.0-rc93

Linux areed-gp 5.4.0-1042-gcp #45~18.04.1-Ubuntu SMP Tue Apr 13 18:51:16 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

$ runc --version

$ crictl info

$ uname -a