static ip address is already allocated, but that container is already deleted #25422
Description
Issue Description
After rebooting a server a rootless container is spawned by systemd service and failed with information: IP address is already allocated.
This was already reported in #24915 and #15708 but it is now happening for me only if lingering is enabled for the rootless user.
If I disable lingering and restart the pc, the container will start again without this error and the static IP address assigned.
Attached you can find two logs. One with enabled linger (container startup is failing) and one with linger disabled (container starts successfully once user is logging in via ssh).
boot-linger-disabled.log
boot-linger-enabled.log
Steps to reproduce the issue
Steps to reproduce the issue
- Install podman
- enable linger for rootless user
- enable attached quadlets
- reboot system
Describe the results you received
The container fails to start while starting the container after reboot with the following error:
Error: starting container e1231c28dcddb6f10e4fde3e080ecc2e6db8bc0f89f293179354caef859bd58c: IPAM error: requested ip address 172.21.0.2 is already allocated to container ID 3c9
Describe the results you expected
I would expect the container to start after boot with the predefined static ip because it is not assigned to another container.
podman info output
host:
arch: amd64
buildahVersion: 1.39.0
cgroupControllers:
- cpu
- memory
- pids
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon_2.1.12-4_amd64
path: /usr/bin/conmon
version: 'conmon version 2.1.12, commit: unknown'
cpuUtilization:
idlePercent: 99.42
systemPercent: 0.42
userPercent: 0.17
cpus: 12
databaseBackend: sqlite
distribution:
codename: trixie
distribution: debian
version: unknown
eventLogger: journald
freeLocks: 2045
hostname: raimund
idMappings:
gidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
uidmap:
- container_id: 0
host_id: 1000
size: 1
- container_id: 1
host_id: 100000
size: 65536
kernel: 6.1.0-31-amd64
linkmode: dynamic
logDriver: journald
memFree: 40896307200
memTotal: 41777610752
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns_1.12.2-2_amd64
path: /usr/lib/podman/aardvark-dns
version: aardvark-dns 1.12.2
package: netavark_1.12.1-9_amd64
path: /usr/lib/podman/netavark
version: netavark 1.12.1
ociRuntime:
name: crun
package: crun_1.20-1_amd64
path: /usr/bin/crun
version: |-
crun version 1.20
commit: 9c9a76ac11994701dd666c4f0b869ceffb599a66
rundir: /run/user/1000/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +WASM:wasmedge +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt_0.0~git20250217.a1e48a0-1_amd64
version: ""
remoteSocket:
exists: true
path: /run/user/1000/podman/podman.sock
rootlessNetworkCmd: pasta
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: true
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns_1.2.1-1+b1_amd64
version: |-
slirp4netns version 1.2.1
commit: 09e31e92fa3d2a1d3ca261adaeb012c8d75a8194
libslirp: 4.8.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.4
swapFree: 1024454656
swapTotal: 1024454656
uptime: 0h 1m 54.00s
variant: ""
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries: {}
store:
configFile: /home/bernhard/.config/containers/storage.conf
containerStore:
number: 2
paused: 0
running: 2
stopped: 0
graphDriverName: overlay
graphOptions: {}
graphRoot: /home/bernhard/.local/share/containers/storage
graphRootAllocated: 123886837760
graphRootUsed: 2909896704
graphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "true"
Supports d_type: "true"
Supports shifting: "false"
Supports volatile: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 3
runRoot: /run/user/1000/containers
transientStore: false
volumePath: /home/bernhard/.local/share/containers/storage/volumes
version:
APIVersion: 5.4.0
Built: 1739713871
BuiltTime: Sun Feb 16 14:51:11 2025
GitCommit: ""
GoVersion: go1.24.0
Os: linux
OsArch: linux/amd64
Version: 5.4.0Podman in a container
No
Privileged Or Rootless
Rootless
Upstream Latest Release
Yes
Additional environment details
I have installed Debian 12.9 with unstable repo enabled but Pin-Priority set to 100 so I can install only podman from the unstable repo. Becuase current podman version in the debian stable version does not support quadlets.
Additional information
Happens only when lingering is enabled
Quadlet files to preproduce:
traefik.network
[Network]
Driver=bridge
IPv6=true
Subnet=172.21.0.0/16
Subnet=fd00:dead:beef::/48
traefik.container
[Container]
Image=docker.io/traefik:latest
Pod=traefik.pod
traefik.pod
[Pod]
PublishPort=1050:80
Network=traefik.network:ip=172.21.0.2
PodmanArgs=--log-level debug
[Install]
WantedBy=multi-user.target default.target