Ubuntu, unable to run rootful containers with "Error: netavark: : EOF"

andrico21 commented 10 months ago

Issue Description

Fresh installation of Ubuntu 23.10 (22.04 with Kubic repo gives absolutely the same behavior) with 'podman' package installed. Unable to run any rootful-containers and getting netavark EOF message. Rootless runs fine.

root@pdlab2:~# podman run -d --name dummy-httpd docker.io/library/httpd
Error: netavark: : EOF

Steps to reproduce the issue

apt install podman -y
sudo podman run -d --name dummy-httpd docker.io/library/httpd

Describe the results you received

root@pdlab2:~# podman run -d --name dummy-httpd docker.io/library/httpd Error: netavark: : EOF

root@pdlab2:~# podman run --log-level debug -d docker.io/library/httpd

INFO[0000] podman filtering at log level debug
DEBU[0000] Called run.PersistentPreRunE(podman run --log-level debug -d docker.io/library/httpd)
DEBU[0000] Merged system config "/usr/share/containers/containers.conf"
DEBU[0000] Using conmon: "/usr/bin/conmon"
DEBU[0000] Initializing boltdb state at /var/lib/containers/storage/libpod/bolt_state.db
DEBU[0000] Using graph driver
DEBU[0000] Using graph root /var/lib/containers/storage
DEBU[0000] Using run root /run/containers/storage
DEBU[0000] Using static dir /var/lib/containers/storage/libpod
DEBU[0000] Using tmp dir /run/libpod
DEBU[0000] Using volume path /var/lib/containers/storage/volumes
DEBU[0000] Set libpod namespace to ""
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that metacopy is not being used
DEBU[0000] Cached value indicated that native-diff is usable
DEBU[0000] backingFs=extfs, projectQuotaSupported=false, useNativeDiff=true, usingMetacopy=false
INFO[0000] [graphdriver] using prior storage driver: overlay
DEBU[0000] Initializing event backend journald
DEBU[0000] Configured OCI runtime runj initialization failed: no valid executable found for OCI runtime runj: invalid argument
DEBU[0000] Configured OCI runtime kata initialization failed: no valid executable found for OCI runtime kata: invalid argument
DEBU[0000] Configured OCI runtime runsc initialization failed: no valid executable found for OCI runtime runsc: invalid argument
DEBU[0000] Configured OCI runtime krun initialization failed: no valid executable found for OCI runtime krun: invalid argument
DEBU[0000] Configured OCI runtime runc initialization failed: no valid executable found for OCI runtime runc: invalid argument
DEBU[0000] Using OCI runtime "/usr/bin/crun"
INFO[0000] Setting parallel job count to 7
DEBU[0000] Pulling image docker.io/library/httpd (policy: missing)
DEBU[0000] Looking up image "docker.io/library/httpd" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] }
DEBU[0000] Trying "docker.io/library/httpd:latest" ...
DEBU[0000] parsed reference into "[overlay@/var/lib/containers/storage+/run/containers/storage]@6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441"
DEBU[0000] Found image "docker.io/library/httpd" as "docker.io/library/httpd:latest" in local containers storage
DEBU[0000] Found image "docker.io/library/httpd" as "docker.io/library/httpd:latest" in local containers storage ([overlay@/var/lib/containers/storage+/run/containers/storage]@6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441)
DEBU[0000] exporting opaque data as blob "sha256:6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441"
DEBU[0000] Looking up image "docker.io/library/httpd:latest" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] }
DEBU[0000] Trying "docker.io/library/httpd:latest" ...
DEBU[0000] parsed reference into "[overlay@/var/lib/containers/storage+/run/containers/storage]@6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441"
DEBU[0000] Found image "docker.io/library/httpd:latest" as "docker.io/library/httpd:latest" in local containers storage
DEBU[0000] Found image "docker.io/library/httpd:latest" as "docker.io/library/httpd:latest" in local containers storage ([overlay@/var/lib/containers/storage+/run/containers/storage]@6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441)
DEBU[0000] exporting opaque data as blob "sha256:6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441"
DEBU[0000] Looking up image "docker.io/library/httpd" in local containers storage
DEBU[0000] Normalized platform linux/amd64 to {amd64 linux  [] }
DEBU[0000] Trying "docker.io/library/httpd:latest" ...
DEBU[0000] parsed reference into "[overlay@/var/lib/containers/storage+/run/containers/storage]@6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441"
DEBU[0000] Found image "docker.io/library/httpd" as "docker.io/library/httpd:latest" in local containers storage
DEBU[0000] Found image "docker.io/library/httpd" as "docker.io/library/httpd:latest" in local containers storage ([overlay@/var/lib/containers/storage+/run/containers/storage]@6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441)
DEBU[0000] exporting opaque data as blob "sha256:6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441"
DEBU[0000] Inspecting image 6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441
DEBU[0000] exporting opaque data as blob "sha256:6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441"
DEBU[0000] Inspecting image 6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441
DEBU[0000] Inspecting image 6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441
DEBU[0000] Inspecting image 6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441
DEBU[0000] using systemd mode: false
DEBU[0000] No hostname set; container's hostname will default to runtime default
DEBU[0000] Found apparmor_parser binary in /sbin/apparmor_parser
DEBU[0000] Loading seccomp profile from "/usr/share/containers/seccomp.json"
DEBU[0000] Successfully loaded 1 networks
DEBU[0000] Allocated lock 6 for container 59c421d07244bd5508c9f25ec6cd314f3451bca473fff63a1cc86faf3bbaf9b9
DEBU[0000] parsed reference into "[overlay@/var/lib/containers/storage+/run/containers/storage]@6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441"
DEBU[0000] exporting opaque data as blob "sha256:6fd77d7e5eb732dacab601d4556c04a6c312928fb8989fe3b0a47d82db772441"
DEBU[0000] Cached value indicated that idmapped mounts for overlay are supported
DEBU[0000] Created container "59c421d07244bd5508c9f25ec6cd314f3451bca473fff63a1cc86faf3bbaf9b9"
DEBU[0000] Container "59c421d07244bd5508c9f25ec6cd314f3451bca473fff63a1cc86faf3bbaf9b9" has work directory "/var/lib/containers/storage/overlay-containers/59c421d07244bd5508c9f25ec6cd314f3451bca473fff63a1cc86faf3bbaf9b9/userdata"
DEBU[0000] Container "59c421d07244bd5508c9f25ec6cd314f3451bca473fff63a1cc86faf3bbaf9b9" has run directory "/run/containers/storage/overlay-containers/59c421d07244bd5508c9f25ec6cd314f3451bca473fff63a1cc86faf3bbaf9b9/userdata"
DEBU[0000] Made network namespace at /run/netns/netns-fbb0c9e7-c4b6-d04c-72ca-cd04f4041ad2 for container 59c421d07244bd5508c9f25ec6cd314f3451bca473fff63a1cc86faf3bbaf9b9
[DEBUG netavark::network::validation] "Validating network namespace..."
[DEBUG netavark::commands::setup] "Setting up..."
[INFO  netavark::firewall] Using iptables firewall driver
[DEBUG netavark::network::bridge] Setup network podman
[DEBUG netavark::network::bridge] Container interface name: eth0 with IP addresses [10.88.0.8/16]
[DEBUG netavark::network::bridge] Bridge name: podman0 with IP addresses [10.88.0.1/16]
[DEBUG netavark::network::core_utils] Setting sysctl value for net.ipv4.ip_forward to 1
DEBU[0000] [graphdriver] trying provided driver "overlay"
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that overlay is supported
DEBU[0000] Cached value indicated that metacopy is not being used
DEBU[0000] backingFs=extfs, projectQuotaSupported=false, useNativeDiff=true, usingMetacopy=false
DEBU[0000] overlay: mount_data=lowerdir=/var/lib/containers/storage/overlay/l/IZ55M6ER4OCAPYK5Y3Q5N42P4F:/var/lib/containers/storage/overlay/l/J3SBPBAFHGUMQSLNFVGAUVGWNR:/var/lib/containers/storage/overlay/l/W233CSEBKCRSY6YHKXG2VY6MI4:/var/lib/containers/storage/overlay/l/GNACV2HYMEO2TI6EII32BDEJIR:/var/lib/containers/storage/overlay/l/AAYE6P3LXFHQ4YIFHJJTOJ4E7Z:/var/lib/containers/storage/overlay/l/4MCO6JRGLKPHTNB7NNTV2X4C7Y,upperdir=/var/lib/containers/storage/overlay/2ae378697a59a863459538afeeb687b6c112e5b65d1d469f4db14ceeb845c46a/diff,workdir=/var/lib/containers/storage/overlay/2ae378697a59a863459538afeeb687b6c112e5b65d1d469f4db14ceeb845c46a/work,
DEBU[0000] Mounted container "59c421d07244bd5508c9f25ec6cd314f3451bca473fff63a1cc86faf3bbaf9b9" at "/var/lib/containers/storage/overlay/2ae378697a59a863459538afeeb687b6c112e5b65d1d469f4db14ceeb845c46a/merged"
DEBU[0000] Created root filesystem for container 59c421d07244bd5508c9f25ec6cd314f3451bca473fff63a1cc86faf3bbaf9b9 at /var/lib/containers/storage/overlay/2ae378697a59a863459538afeeb687b6c112e5b65d1d469f4db14ceeb845c46a/merged
[DEBUG netavark::network::core_utils] Setting sysctl value for /proc/sys/net/ipv6/conf/eth0/autoconf to 0
[INFO  netavark::network::netlink] Adding route (dest: 0.0.0.0/0 ,gw: 10.88.0.1, metric 100)
DEBU[0000] Unmounted container "59c421d07244bd5508c9f25ec6cd314f3451bca473fff63a1cc86faf3bbaf9b9"
DEBU[0000] Network is already cleaned up, skipping...
DEBU[0000] Cleaning up container 59c421d07244bd5508c9f25ec6cd314f3451bca473fff63a1cc86faf3bbaf9b9
DEBU[0000] Network is already cleaned up, skipping...
DEBU[0000] Container 59c421d07244bd5508c9f25ec6cd314f3451bca473fff63a1cc86faf3bbaf9b9 storage is already unmounted, skipping...
DEBU[0000] ExitCode msg: "netavark: : eof"
Error: netavark: : EOF

Describe the results you expected

Rootful container up and running.

podman info output

host:
  arch: amd64
  buildahVersion: 1.28.2
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon_2.1.6+ds1-1_amd64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.6, commit: unknown'
  cpuUtilization:
    idlePercent: 98.2
    systemPercent: 0.7
    userPercent: 1.1
  cpus: 2
  distribution:
    codename: mantic
    distribution: ubuntu
    version: "23.10"
  eventLogger: journald
  hostname: pdlab2
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 6.5.0-14-generic
  linkmode: dynamic
  logDriver: journald
  memFree: 7066255360
  memTotal: 8315506688
  networkBackend: netavark
  ociRuntime:
    name: crun
    package: crun_1.8.5-1_amd64
    path: /usr/bin/crun
    version: |-
      crun version 1.8.5
      commit: b6f80f766c9a89eb7b1440c0a70ab287434b17ed
      rundir: /run/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +WASM:wasmedge +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: true
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns_1.2.0-1_amd64
    version: |-
      slirp4netns version 1.2.0
      commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
      libslirp: 4.7.0
      SLIRP_CONFIG_VERSION_MAX: 4
      libseccomp: 2.5.4
  swapFree: 0
  swapTotal: 0
  uptime: 0h 16m 32.00s
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries: {}
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 6
    paused: 0
    running: 0
    stopped: 6
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 40483942400
  graphRootUsed: 2086621184
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 2
  runRoot: /run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.3.1
  Built: 0
  BuiltTime: Thu Jan  1 00:00:00 1970
  GitCommit: ""
  GoVersion: go1.21.1
  Os: linux
  OsArch: linux/amd64
  Version: 4.3.1

Podman in a container

No

Privileged Or Rootless

Privileged

Upstream Latest Release

No

Additional environment details

kvm/qemu based VM

podman version

Client:       Podman Engine
Version:      4.3.1
API Version:  4.3.1
Go Version:   go1.21.1
Built:        Thu Jan  1 00:00:00 1970
OS/Arch:      linux/amd64

dpkg --status podman

Package: podman
Status: install ok installed
Priority: optional
Section: admin
Installed-Size: 36303
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Source: libpod
Version: 4.3.1+ds1-8ubuntu1
Depends: libc6 (>= 2.38), libdevmapper1.02.1 (>= 2:1.02.97), libgpgme11 (>= 1.4.1), libseccomp2 (>= 2.5.0), libsubid4 (>= 1:4.11.1), conmon (>= 2.0.18~), golang-github-containers-common, crun | runc (>= 1.0.0~rc92~)
Recommends: buildah (>= 1.28), dbus-user-session, fuse-overlayfs (>= 1.0.0~), slirp4netns (>= 0.4.1~), catatonit | tini | dumb-init, uidmap
Suggests: containers-storage, docker-compose, iptables
Breaks: buildah (<< 1.10.1-6), fuse-overlayfs (<< 0.7.1), slirp4netns (<< 0.4.1)
Conffiles:
 /etc/cni/net.d/87-podman-bridge.conflist a87c090f17c5274af878e7106e969b60
 /etc/containers/libpod.conf ceec5a77b5f6a56d212eeed7b707d322
Description: engine to run OCI-based containers in Pods
 Podman is an engine for running OCI-based containers in Pods.
 Podman provides a CLI interface for managing Pods, Containers, and
 Container Images.
 .
 At a high level, the scope of libpod and podman is the following:
  * Support multiple image formats including the OCI and Docker image
    formats.
  * Support for multiple means to download images including trust & image
    verification.
  * Container image management (managing image layers, overlay filesystems,
    etc).
  * Full management of container lifecycle.
  * Support for pods to manage groups of containers together.
  * Resource isolation of containers and pods.
  * Support for a Docker-compatible CLI interface through Podman.
 .
 Podman is a daemon-less alternative to Docker.
Original-Maintainer: Debian Go Packaging Team <pkg-go-maintainers@lists.alioth.debian.org>
Built-Using: containerd (= 1.6.20~ds1-1ubuntu2), docker-registry (= 2.8.2+ds1-1build1), docker.io (= 20.10.24+dfsg1-1ubuntu2), golang-1.21 (= 1.21.1-1), golang-dbus (= 5.1.0-1), golang-fsnotify (= 1.6.0-2), golang-ginkgo (= 1.16.5-3), golang-github-acarl005-stripansi (= 0.0~git20180116.5a71ef0-3), golang-github-appc-cni (= 1.1.2-1), golang-github-blang-semver (= 4.0.0-1), golang-github-buger-goterm (= 0.0+git20181115.c206103-3), golang-github-cespare-xxhash (= 2.1.1-2), golang-github-checkpoint-restore-go-criu (= 5.3.0-2), golang-github-chzyer-readline (= 1.4.39.g2972be2-3), golang-github-containerd-stargz-snapshotter (= 0.12.0-2build1), golang-github-containernetworking-plugins (= 1.1.1+ds1-3build1), golang-github-containers-buildah (= 1.28.2+ds1-3build1), golang-github-containers-common (= 0.50.1+ds1-4ubuntu1), golang-github-containers-image (= 5.23.1-4), golang-github-containers-ocicrypt (= 1.0.3-1), golang-github-containers-psgo (= 1.7.1+ds1-1), golang-github-containers-storage (= 1.43.0+ds1-8build1), golang-github-coreos-bbolt (= 1.3.6-2), golang-github-coreos-go-systemd (= 22.3.2-1), golang-github-cyphar-filepath-securejoin (= 0.2.3-1), golang-github-davecgh-go-spew (= 1.1.1-3), golang-github-disiqueira-gotree (= 3.0.2-2), golang-github-docker-docker-credential-helpers (= 0.6.4+ds1-1build1), golang-github-docker-go-connections (= 0.4.0-4), golang-github-docker-go-units (= 0.4.0-4), golang-github-docker-libtrust (= 0.0~git20150526.0.9cbd2a1-3.1), golang-github-fsouza-go-dockerclient (= 1.8.1-1), golang-github-fullsailor-pkcs7 (= 0.0~git20210826.33d0574-1ubuntu1), golang-github-ghodss-yaml (= 1.0.0+git20220118.d8423dc-2), golang-github-golang-protobuf-1-3 (= 1.3.5-4build1), golang-github-google-go-cmp (= 0.5.9-1), golang-github-google-go-intervals (= 0.0.2-2), golang-github-google-gofuzz (= 1.2.0-1), golang-github-google-shlex (= 0.0~git20191202.e7afc7f-1), golang-github-google-uuid (= 1.3.0-1), golang-github-gorilla-handlers (= 1.5.1-3), golang-github-gorilla-mux (= 1.8.0-1), golang-github-gorilla-schema (= 1.2.0-2), golang-github-hashicorp-errwrap (= 1.1.0-1), golang-github-hashicorp-go-multierror (= 1.1.1-2), golang-github-jinzhu-copier (= 0.3.2-2), golang-github-json-iterator-go (= 1.1.12-1), golang-github-klauspost-compress (= 1.15.12+ds1-3), golang-github-klauspost-pgzip (= 1.2.5-2), golang-github-kr-fs (= 0.1.0-2), golang-github-manifoldco-promptui (= 0.9.0-1), golang-github-mattn-go-isatty (= 0.0.19-1), golang-github-mattn-go-runewidth (= 0.0.14-1), golang-github-mattn-go-shellwords (= 1.0.12-1), golang-github-moby-sys (= 0.0~git20220606.416188a-1), golang-github-moby-term (= 0.0~git20230502.9c3c875-1), golang-github-modern-go-concurrent (= 1.0.3-1.1), golang-github-modern-go-reflect2 (= 1.0.2-2), golang-github-morikuni-aec (= 1.0.0-3), golang-github-nxadm-tail (= 1.4.5+ds1-5), golang-github-opencontainers-go-digest (= 1.0.0-2), golang-github-opencontainers-image-spec (= 1.1.0~rc2-3), golang-github-opencontainers-runtime-tools (= 0.9.0.109.ge931285-1), golang-github-opencontainers-selinux (= 1.10.0+ds1-1), golang-github-opencontainers-specs (= 1.1.0~rc3-1), golang-github-openshift-imagebuilder (= 1.2.3+ds1-2build1), golang-github-pkg-errors (= 0.9.1-3), golang-github-pkg-sftp (= 1.13.5-2), golang-github-pmezard-go-difflib (= 1.0.0-3), golang-github-proglottis-gpgme (= 0.1.1-2), golang-github-rivo-uniseg (= 0.4.2-1), golang-github-spf13-cobra (= 1.7.0-1), golang-github-spf13-pflag (= 1.0.6~git20210604-d5e0c0615ace-1), golang-github-sylabs-sif (= 2.8.3-2build1), golang-github-ulikunitz-xz (= 0.5.6-2), golang-github-vbatts-tar-split (= 0.11.2+ds1-1build1), golang-github-vbauerster-mpb (= 7.3.2-1), golang-github-vishvananda-netlink (= 1.1.0.125.gf243826-4), golang-github-vishvananda-netns (= 0.0~git20211101.5004558-1), golang-github-vividcortex-ewma (= 1.1.1-2), golang-github-xeipuuv-gojsonpointer (= 0.0~git20190905.02993c4-3), golang-github-xeipuuv-gojsonreference (= 0.0~git20180127.bd5ef7b-3), golang-github-xeipuuv-gojsonschema (= 1.2.0-3), golang-go-patricia (= 2.3.1-1), golang-go-zfs (= 3.0.0-1), golang-go.crypto (= 1:0.4.0-1), golang-gocapability-dev (= 0.0+git20200815.42c35b4-2), golang-gogoprotobuf (= 1.3.2-3build1), golang-golang-x-net (= 1:0.10.0-1), golang-golang-x-sync (= 0.2.0-1), golang-golang-x-sys (= 0.8.0-1), golang-golang-x-term (= 0.8.0-1), golang-golang-x-text (= 0.9.0-1), golang-gomega (= 1.27.10-1), golang-google-genproto (= 0.0~git20200413.b5235f6-3), golang-google-grpc (= 1.38.0+really1.33.3-1build1), golang-google-protobuf (= 1.28.1-3build1), golang-gopkg-inf.v0 (= 0.9.1-2), golang-gopkg-square-go-jose.v2 (= 2.6.0-2), golang-gopkg-tomb.v1 (= 0.0~git20141024.0.dd63297-8), golang-gopkg-yaml.v3 (= 3.0.1-3), golang-k8s-sigs-yaml (= 1.3.0-1), golang-logrus (= 1.9.0-1), golang-toml (= 1.2.1-1), golang-yaml.v2 (= 2.4.0-4), rootlesskit (= 1.1.1-1build1), runc (= 1.1.7-0ubuntu2)
Homepage: https://github.com/containers/podman

Additional information

It works for rootless, but I'm unable to run classic rootful-container.

root@pdlab2:~# dmesg --clear; podman run -d docker.io/library/httpd; dmesg

Error: netavark: : EOF
[ 2128.102506] podman0: port 1(veth0) entered blocking state
[ 2128.102512] podman0: port 1(veth0) entered disabled state
[ 2128.103311] veth0: entered allmulticast mode
[ 2128.103364] veth0: entered promiscuous mode
[ 2128.105222] podman0: port 1(veth0) entered blocking state
[ 2128.105226] podman0: port 1(veth0) entered forwarding state
[ 2128.105323] traps: netavark[2698] trap invalid opcode ip:5580e800bd10 sp:7ffcc0c36320 error:0 in netavark[5580e7f22000+294000]
[ 2128.245205] evict_inodes inode 00000000d4f02bd5, i_count = 1, was skipped!
[ 2128.245211] evict_inodes inode 00000000127c8e9f, i_count = 1, was skipped!
[ 2128.245212] evict_inodes inode 00000000586ef38b, i_count = 1, was skipped!
[ 2128.245214] evict_inodes inode 0000000082773c4f, i_count = 1, was skipped!
[ 2128.245215] evict_inodes inode 00000000f8f45852, i_count = 1, was skipped!
[ 2128.245216] evict_inodes inode 000000004bb22934, i_count = 1, was skipped!
[ 2128.245217] evict_inodes inode 0000000008ce5315, i_count = 1, was skipped!
[ 2128.245218] evict_inodes inode 000000003382d002, i_count = 1, was skipped!
[ 2128.245219] evict_inodes inode 00000000c9898d1a, i_count = 1, was skipped!

Luap99 commented 10 months ago

see https://github.com/containers/podman/issues/16194, you should try using a newer netavark which should contain a new sha2 code which caused this problem

andrico21 commented 10 months ago

just to make this issue more informative for future - added stack:

#0  0x000055b8c8d863cb in _ZN4sha26sha5123x8627sha512_compress_x86_64_avx217he658abd7db629edfE.llvm.10846658284507516593 ()
#1  0x000055b8c8c71c79 in netavark::network::core_utils::CoreUtils::create_network_hash ()
#2  0x000055b8c8c6fa04 in netavark::network::bridge::Bridge::get_firewall_conf ()
#3  0x000055b8c8c6d2b6 in <netavark::network::bridge::Bridge as netavark::network::driver::NetworkDriver>::setup ()
#4  0x000055b8c8d180e7 in netavark::commands::setup::Setup::exec ()
#5  0x000055b8c8bf782c in netavark::main ()
#6  0x000055b8c8bfa5f3 in std::sys_common::backtrace::__rust_begin_short_backtrace ()
#7  0x000055b8c8bf7f09 in _ZN3std2rt10lang_start28_$u7b$$u7b$closure$u7d$$u7d$17hea9e91d4d6771513E.llvm.10229266140333461407 ()
#8  0x000055b8c8ff6281 in core::ops::function::impls::{impl#2}::call_once<(), (dyn core::ops::function::Fn<(), Output=i32> + core::marker::Sync + core::panic::unwind_safe::RefUnwindSafe)> (self=..., args=<optimized out>) at /build/rustc-ZOqcvC/rustc-1.61.0+dfsg1/library/core/src/ops/function.rs:259
#9  std::panicking::try::do_call<&(dyn core::ops::function::Fn<(), Output=i32> + core::marker::Sync + core::panic::unwind_safe::RefUnwindSafe), i32> (data=<optimized out>) at library/std/src/panicking.rs:492
#10 std::panicking::try<i32, &(dyn core::ops::function::Fn<(), Output=i32> + core::marker::Sync + core::panic::unwind_safe::RefUnwindSafe)> (f=...) at library/std/src/panicking.rs:456
#11 std::panic::catch_unwind<&(dyn core::ops::function::Fn<(), Output=i32> + core::marker::Sync + core::panic::unwind_safe::RefUnwindSafe), i32> (f=...) at library/std/src/panic.rs:137
#12 std::rt::lang_start_internal::{closure#2} () at library/std/src/rt.rs:128
#13 std::panicking::try::do_call<std::rt::lang_start_internal::{closure_env#2}, isize> (data=<optimized out>) at library/std/src/panicking.rs:492
#14 std::panicking::try<isize, std::rt::lang_start_internal::{closure_env#2}> (f=...) at library/std/src/panicking.rs:456
#15 std::panic::catch_unwind<std::rt::lang_start_internal::{closure_env#2}, isize> (f=...) at library/std/src/panic.rs:137
#16 std::rt::lang_start_internal (main=..., argc=<optimized out>, argv=<optimized out>) at library/std/src/rt.rs:128
#17 0x000055b8c8bf7ef2 in main ()

containers / podman