nerdctl icon indicating copy to clipboard operation
nerdctl copied to clipboard
verified publisher icon containerd

CNI bridge: `failed (add): failed to set bridge addr: could not set bridge's mac: invalid argument`

Open apostasie opened this issue 7 months ago • 2 comments

Description

I do not have a simple reproducer for this.

This is just regularly popping up with custom deployment tooling as part of a large plan.

sudo nerdctl container run -d --name dns --hostname dns-magnetar.local --read-only --restart always --cap-add NET_BIND_SERVICE --env LOG_LEVEL=info --env DNS_STUFF_MDNS=false --network hadron-bridge --publish 4242:4242/tcp --volume data-dns:/magnetar/user/data --label org.hadron.core.version=v0.1-dev --label org.hadron.plan.description=some_plan_descriptor --label org.hadron.plan.name=plan_name --label org.hadron.plan.sha=7841eb9910d7b9d49f49e5940a73ca9d9a0dd6c4975640fd5eea4b39f5376744 --label org.hadron.plan.tag=2025/05/22-14:06:09-2EF02181-EF3C-4E68-9218-3C66599DC459 dubodubonduponey/dns:bookworm-2024-09-01

failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running createRuntime hook #0: exit status 1, stdout: , stderr: time=\"2025-05-22T14:06:52-07:00\" level=fatal msg=\"failed to call cni.Setup: plugin type=\\\"bridge\\\" failed (add): failed to set bridge addr: could not set bridge's mac: invalid argument\""

Network is:

{
  "cniVersion": "1.0.0",
  "name": "hadron-bridge",
  "nerdctlID": "f510b1557a7a8a34b10de53d186d9f44ae3ac06983994403aae8364fb6e4c6b6",
  "nerdctlLabels": {
    "org.hadron.core.version": "v0.1-dev",
    "org.hadron.plan.description": "some_plan_descriptor",
    "org.hadron.plan.name": "plan_name",
    "org.hadron.plan.sha": "cae39eec27f94285311914ffe6af492685fd5b162ef41c7f55fdbd8e75183138",
    "org.hadron.plan.tag": "2025/05/20-17:15:29-CC9CCD90-E6ED-4735-B34D-5570D3431248"
  },
  "plugins": [
    {
      "type": "bridge",
      "bridge": "br-f510b1557a7a",
      "isGateway": true,
      "ipMasq": true,
      "hairpinMode": true,
      "ipam": {
        "ranges": [
          [
            {
              "gateway": "10.4.1.1",
              "subnet": "10.4.1.0/24"
            }
          ]
        ],
        "routes": [
          {
            "dst": "0.0.0.0/0"
          }
        ],
        "type": "host-local"
      }
    },
    {
      "type": "portmap",
      "capabilities": {
        "portMappings": true
      }
    },
    {
      "type": "firewall",
      "ingressPolicy": "same-bridge"
    },
    {
      "type": "tuning"
    }
  ]
}

The error comes (obviously) from CNI bridge (func ensureAddr(br netlink.Link, family int, ipn *net.IPNet, forceAddress bool) error {), and suggests that netlink.Attrs in certain circumstances fails to produce an actual hardware addr.

Steps to reproduce the issue

na

Describe the results you received and expected

Work.

What version of nerdctl are you using?

main

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

None

Host information

No response

apostasie avatar May 22 '25 21:05 apostasie

should be tagged external right ? there is fix need on cni repo

fahedouch avatar May 25 '25 12:05 fahedouch

should be tagged external right ? there is fix need on cni repo

Presumably, yes.

Maybe we can workaround that in nerdctl though. Need a full diagnosis first though.

apostasie avatar Jun 06 '25 19:06 apostasie