CNI bridge: `failed (add): failed to set bridge addr: could not set bridge's mac: invalid argument`

[apostasie]

Description

I do not have a simple reproducer for this.

This is just regularly popping up with custom deployment tooling as part of a large plan.

sudo nerdctl container run -d --name dns --hostname dns-magnetar.local --read-only --restart always --cap-add NET_BIND_SERVICE --env LOG_LEVEL=info --env DNS_STUFF_MDNS=false --network hadron-bridge --publish 4242:4242/tcp --volume data-dns:/magnetar/user/data --label org.hadron.core.version=v0.1-dev --label org.hadron.plan.description=some_plan_descriptor --label org.hadron.plan.name=plan_name --label org.hadron.plan.sha=7841eb9910d7b9d49f49e5940a73ca9d9a0dd6c4975640fd5eea4b39f5376744 --label org.hadron.plan.tag=2025/05/22-14:06:09-2EF02181-EF3C-4E68-9218-3C66599DC459 dubodubonduponey/dns:bookworm-2024-09-01

failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running createRuntime hook #0: exit status 1, stdout: , stderr: time=\"2025-05-22T14:06:52-07:00\" level=fatal msg=\"failed to call cni.Setup: plugin type=\\\"bridge\\\" failed (add): failed to set bridge addr: could not set bridge's mac: invalid argument\""

Network is:

{
  "cniVersion": "1.0.0",
  "name": "hadron-bridge",
  "nerdctlID": "f510b1557a7a8a34b10de53d186d9f44ae3ac06983994403aae8364fb6e4c6b6",
  "nerdctlLabels": {
    "org.hadron.core.version": "v0.1-dev",
    "org.hadron.plan.description": "some_plan_descriptor",
    "org.hadron.plan.name": "plan_name",
    "org.hadron.plan.sha": "cae39eec27f94285311914ffe6af492685fd5b162ef41c7f55fdbd8e75183138",
    "org.hadron.plan.tag": "2025/05/20-17:15:29-CC9CCD90-E6ED-4735-B34D-5570D3431248"
  },
  "plugins": [
    {
      "type": "bridge",
      "bridge": "br-f510b1557a7a",
      "isGateway": true,
      "ipMasq": true,
      "hairpinMode": true,
      "ipam": {
        "ranges": [
          [
            {
              "gateway": "10.4.1.1",
              "subnet": "10.4.1.0/24"
            }
          ]
        ],
        "routes": [
          {
            "dst": "0.0.0.0/0"
          }
        ],
        "type": "host-local"
      }
    },
    {
      "type": "portmap",
      "capabilities": {
        "portMappings": true
      }
    },
    {
      "type": "firewall",
      "ingressPolicy": "same-bridge"
    },
    {
      "type": "tuning"
    }
  ]
}

The error comes (obviously) from CNI bridge (func ensureAddr(br netlink.Link, family int, ipn *net.IPNet, forceAddress bool) error {), and suggests that netlink.Attrs in certain circumstances fails to produce an actual hardware addr.

Steps to reproduce the issue

na

Describe the results you received and expected

Work.

What version of nerdctl are you using?

main

Are you using a variant of nerdctl? (e.g., Rancher Desktop)

None

Host information

No response

[fahedouch]

should be tagged external right ? there is fix need on cni repo

[apostasie]

should be tagged external right ? there is fix need on cni repo

Presumably, yes.

Maybe we can workaround that in nerdctl though.
Need a full diagnosis first though.