I understand that without reproducible scenarios, its hard to debug ... But the point is, this issue is fully random and of very low frequency.
For the setup, it is CentOS 7.3 upgraded to kernel 4.4. Whenever a system comes up on the network, he provides his credentials and after successful authentication, his IP is added in an IPSET which is having access to certain resources.
