Bug#1092165: docker.io: broken by Trixie packaging

Discussion:

Add Reply

Rob Murray

2025-01-05 15:10:01 UTC

Package: docker.io
Version: 26.1.5+dfsg1 / 26.1.5+dfsg1-4+b1

Hi all, this is related to https://github.com/moby/moby/issues/49197 -
"Cannot connect container to custom bridge network: cannot program
address in sandbox interface because it conflicts with existing
route".

The upstream moby 26.1.5 uses Go package
"github.com/vishvananda/netlink v1.2.1-beta.2". The Trixie-packaged
version seems to be using an updated version, "1.3.0" perhaps. But,
the "vishvananda/netlink" project didn't follow the "semver" rules in
this case - its 1.2.1 release included breaking changes.

The cause of the specific issue reported in the moby ticket above is
described at https://github.com/moby/moby/pull/48368#issuecomment-2307593543
- and was addressed in that PR (to ship in moby 28.0).

Another issue with changes in the netlink package was addressed by
https://github.com/moby/moby/pull/48407.

Ritesh Raj Sarraf

2025-01-14 16:30:01 UTC

Permalink

Package: docker.io
Version: 26.1.5+dfsg1-4+b1
Followup-For: Bug #1092165
X-Debbugs-Cc: ***@debian.org

Dear Maintainer,

For months/years, this setup had been working proper. Only in the last 2 weeks or so,
it failed. Thankfully, a kind user reported on Github upstream and thus resulting in
this bug report as well.

I can confirm the issue as I'm suffering it as well. I didn't investigate the cause
on the Debian stack as to what may have caused the issue. But a quick workaround is to
downgrade to below mentioned version.

```
@ dpkg -l | grep docker │
│hi docker-cli 26.1.5+dfsg1-3 amd64 Linux container runtime -- client │
│ii docker-compose 1.29.2-6.3 all define and run multi-container Docker applications with YAML │
│hi docker.io 26.1.5+dfsg1-3 amd64 Linux container runtime │

```

-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'unstable'), (500, 'stable'), (10, 'experimental'), (10, 'oldstable'), (5, 'oldoldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.8-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=en_IN.UTF-8, LC_CTYPE=en_IN.UTF-8 (charmap=UTF-8), LANGUAGE=en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages docker.io depends on:
ii adduser 3.138
ii containerd 1.7.24~ds1-4
ii init-system-helpers 1.68
ii iptables 1.8.11-2
ii libc6 2.40-5
ii libsystemd0 257.1-7
ii runc 1.1.15+ds1-1+b1
ii sysvinit-utils 3.13-1
ii tini 0.19.0-1

Versions of packages docker.io recommends:
ii apparmor 3.1.7-1+b3
ii ca-certificates 20241223
ii dbus-user-session 1.16.0-1
ii docker-cli 26.1.5+dfsg1-4+b1
ii git 1:2.47.1-1
ii needrestart 3.8-1
ii xz-utils 5.6.3-1+b1

Versions of packages docker.io suggests:
pn aufs-tools <none>
ii btrfs-progs 6.12-1
ii cgroupfs-mount 1.4+nmu1
ii debootstrap 1.0.140
ii docker-doc 26.1.5+dfsg1-4
ii e2fsprogs 1.47.2-1
pn rinse <none>
pn rootlesskit <none>
ii xfsprogs 6.12.0-1
pn zfs-fuse | zfsutils-linux <none>

-- no debconf information

Hunter Turcin

2025-01-20 21:30:01 UTC

Permalink

Package: docker.io
Version: 26.1.5+dfsg1-4+b1
Followup-For: Bug #1092165

Dear Maintainer,

I am writing to share that I am also experiencing this issue, using the
package version listed above. The following steps can be used to
reproduce the problem, as this is the project I most often use with
Docker:

1. `git clone ***@github.com:Weasyl/weasyl.git`
2. `cd weasyl`
3. Follow readme instructions for local setup:
a. `./wzl configure`
b. `./wzl migrate`
c. `./wzl assets`
d. `./wzl up -d`

(This wzl script is a project-specific wrapper for Docker, but the same
issue can be observed using `docker compose up -d`.)

Upon execution of step 3d, the following output is given:

Error response from daemon: failed to create task for container: failed
to create shim task: OCI runtime create failed: runc create failed:
unable to start container process: error during container init: error
running hook #0: error running hook: exit status 1, stdout: , stderr:
failed to add interface veth65ecc5b to sandbox: error setting interface
"veth65ecc5b" IP to 172.31.0.2/16: cannot program address 172.31.0.2/16
in sandbox interface because it conflicts with existing route {Ifindex:
117 Dst: 0.0.0.0/0 Src: <nil> Gw: 172.27.0.1 Flags: [] Table: 254
Realm: 0}: unknown

I can verify this setup had been working for several months before
recent package updates. I hope the reproduction steps help! Please let
me know if you need any additional information and I can send it over
as soon as possible.

Thank you,
Hunter Turcin