CI is broken on loading / using frozen images on x86

[thaJeztah]

Description

relates to:

• Deprecate api/types/strslice.StrSlice and remove its use #50292 (comment)
• Dockerfile: update containerd binary to v1.7.28 #50645 (comment)

---

Debugging in these PRs:

• debugging ci #50656
• [28.x] testing #50658
• dockerfile: download frozen images with skopeo #50659
• ci: use ubuntu-22.04 runners buildkit#6125

CI appears to be broken w.r.t. the frozen images; could be either some path issue, or something else (could newer Dockerfile front-end use the new fancy sub-variants for x86 for example? TARGETVARIANT);

moby/Dockerfile

Lines 110 to 120 in 28df781

	COPY contrib/download-frozen-image-v2.sh /
	ARG TARGETARCH
	ARG TARGETVARIANT
	RUN /download-frozen-image-v2.sh /build \
	busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
	busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \
	debian:bookworm-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 \
	hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
	arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1 \
	hello-world:amd64@sha256:90659bf80b44ce6be8234e6ff90a1ac34acbeb826903b02cfa0da11c82cbc042 \
	hello-world:arm64@sha256:963612c5503f3f1674f315c67089dee577d8cc6afc18565e0b4183ae355fb343

Docker info doesn't show those;

   Kernel Version: 6.11.0-1018-azure
   Operating System: Ubuntu 24.04.2 LTS
   OSType: linux
   Architecture: x86_64

Integration tests;

Building test suite binary /go/src/github.com/docker/docker/integration/service/test.main
Building test suite binary /go/src/github.com/docker/docker/integration/session/test.main
Building test suite binary /go/src/github.com/docker/docker/integration/system/test.main
Building test suite binary /go/src/github.com/docker/docker/integration/volume/test.main
---> Making bundle: .integration-daemon-start (in bundles/test-integration)
Using test binary /usr/local/cli-integration/docker
# DOCKER_EXPERIMENTAL is set: starting daemon with experimental features enabled! 
Starting apparmor (via systemctl): apparmor.service.
Starting dockerd
INFO: Waiting for daemon to start...

Running integration-test (iteration 1)
Running /go/src/github.com/docker/docker/integration/build (amd64.docker.docker.integration.build) flags=-test.v -test.timeout=10m   -test.coverprofile=/go/src/github.com/docker/docker/bundles/test-integration/amd64-docker-docker-integration-build-coverage.out
panic: error loading frozen images: unable to resolve platform: unexpected end of JSON input

goroutine 1 [running, locked to thread]:
github.com/moby/moby/v2/integration/build.TestMain(0xc0000ce5a0)
	/go/src/github.com/docker/docker/integration/build/main_test.go:38 +0x1e9
main.main()
	_testmain.go:97 +0xa8

goroutine 12 [runnable]:
runtime.goexit1()
	/usr/local/go/src/runtime/proc.go:4313 +0x9d
runtime.goexit({})
	/usr/local/go/src/runtime/asm_amd64.s:1701 +0x6
created by go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp.(*client).contextWithStop in goroutine 7
	/go/src/github.com/docker/docker/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp/client.go:382 +0xe5

goroutine 15 [IO wait]:
internal/poll.runtime_pollWait(0x7f895dfe8ed0, 0x72)
	/usr/local/go/src/runtime/netpoll.go:351 +0x85
internal/poll.(*pollDesc).wait(0xc00022d680?, 0xc00051d000?, 0x0)
	/usr/local/go/src/internal/poll/fd_poll_runtime.go:84 +0x27
internal/poll.(*pollDesc).waitRead(...)
	/usr/local/go/src/internal/poll/fd_poll_runtime.go:89
internal/poll.(*FD).Read(0xc00022d680, {0xc00051d000, 0x1000, 0x1000})
	/usr/local/go/src/internal/poll/fd_unix.go:165 +0x27a
net.(*netFD).Read(0xc00022d680, {0xc00051d000?, 0x408494?, 0x0?})
	/usr/local/go/src/net/fd_posix.go:55 +0x25
net.(*conn).Read(0xc00019a7c8, {0xc00051d000?, 0x40828f?, 0xc0005536e0?})
	/usr/local/go/src/net/net.go:194 +0x45
net/http.(*persistConn).Read(0xc0005505a0, {0xc00051d000?, 0x7f49c5?, 0x15c7500?})
	/usr/local/go/src/net/http/transport.go:2122 +0x47
bufio.(*Reader).fill(0xc00055c180)
	/usr/local/go/src/bufio/bufio.go:113 +0x103
bufio.(*Reader).Peek(0xc00055c180, 0x1)
	/usr/local/go/src/bufio/bufio.go:152 +0x53
net/http.(*persistConn).readLoop(0xc0005505a0)
	/usr/local/go/src/net/http/transport.go:2275 +0x172
created by net/http.(*Transport).dialConn in goroutine 13
	/usr/local/go/src/net/http/transport.go:1944 +0x174f

goroutine 16 [select]:
net/http.(*persistConn).writeLoop(0xc0005505a0)
	/usr/local/go/src/net/http/transport.go:2590 +0xe7
created by net/http.(*Transport).dialConn in goroutine 13
	/usr/local/go/src/net/http/transport.go:1945 +0x17a5

=== Failed

Tests;

=== RUN   TestBuildUserNamespaceValidateCapabilitiesAreV2
Loaded image: busybox:latest
Loaded image: busybox:glibc
Loaded image: debian:bookworm-slim
Error unpacking image debian:bookworm-slim: apply layer error for "docker.io/library/debian:bookworm-slim": wrong diff id calculated on extraction "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
Loaded image: hello-world:latest
Loaded image: arm32v7/hello-world:latest
Loaded image: hello-world:amd64
Loaded image: hello-world:arm64
    build_userns_linux_test.go:77: assertion failed: error is not nil: apply layer error for "": wrong diff id calculated on extraction "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
--- FAIL: TestBuildUserNamespaceValidateCapabilitiesAreV2 (0.89s)
FAIL

Error looks to come from containerd vendor; not sure why the i.Name() is empty, but maybe that's expected

moby/vendor/github.com/containerd/containerd/v2/client/image.go

Lines 335 to 338 in 0aa8fe0

	for _, layer := range layers {
	unpacked, err = rootfs.ApplyLayerWithOpts(ctx, layer, chain, sn, a, config.SnapshotOpts, config.ApplyOpts)
	if err != nil {
	return fmt.Errorf("apply layer error for %q: %w", i.Name(), err)

Also see #50292 (comment)

[thaJeztah]

OH! Is it GitHub rate limits?

#73 [dockercli-integration 2/2] RUN --mount=source=hack/dockerfile/cli.sh,target=/download-or-build-cli.sh     --mount=type=cache,id=dockercli-git-linux/amd64,sharing=locked,target=./.git     --mount=type=cache,target=/root/.cache/go-build,id=dockercli-build-linux/amd64         rm -f ./.git/*.lock      && /download-or-build-cli.sh v18.06.3-ce https://github.com/docker/cli.git /build      && /build/docker --version
#73 CANCELED
------
 > [frozen-images 4/4] RUN /download-frozen-image-v2.sh /build         busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209         busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85         debian:bookworm-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9         hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9         arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1         hello-world:amd64@sha256:90659bf80b44ce6be8234e6ff90a1ac34acbeb826903b02cfa0da11c82cbc042         hello-world:arm64@sha256:963612c5503f3f1674f315c67089dee577d8cc6afc18565e0b4183ae355fb343:
1.614 Downloading 'library/busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209' (1 layers)...


####                                                                       5.9%
######################################################################## 100.0%
2.874 
3.661 curl: (22) The requested URL returned error: 429
------
Dockerfile:113
--------------------
 112 |     ARG TARGETVARIANT
 113 | >>> RUN /download-frozen-image-v2.sh /build \
 114 | >>>         busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209 \
 115 | >>>         busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85 \
 116 | >>>         debian:bookworm-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 \
 117 | >>>         hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9 \
 118 | >>>         arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1 \
 119 | >>>         hello-world:amd64@sha256:90659bf80b44ce6be8234e6ff90a1ac34acbeb826903b02cfa0da11c82cbc042 \
 120 | >>>         hello-world:arm64@sha256:963612c5503f3f1674f315c67089dee577d8cc6afc18565e0b4183ae355fb343
 121 |     
--------------------
ERROR: failed to solve: process "/bin/sh -c /download-frozen-image-v2.sh /build         busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209         busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85         debian:bookworm-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9         hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9         arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1         hello-world:amd64@sha256:90659bf80b44ce6be8234e6ff90a1ac34acbeb826903b02cfa0da11c82cbc042         hello-world:arm64@sha256:963612c5503f3f1674f315c67089dee577d8cc6afc18565e0b4183ae355fb343" did not complete successfully: exit code: 22
Build references
Check build summary support
Error: buildx bake failed with: ERROR: failed to solve: process "/bin/sh -c /download-frozen-image-v2.sh /build         busybox:latest@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209         busybox:glibc@sha256:1f81263701cddf6402afe9f33fca0266d9fff379e59b1748f33d3072da71ee85         debian:bookworm-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9         hello-world:latest@sha256:d58e752213a51785838f9eed2b7a498ffa1cb3aa7f946dda11af39286c3db9a9         arm32v7/hello-world:latest@sha256:50b8560ad574c779908da71f7ce370c0a2471c098d44d1c8f6b513c5a55eeeb1         hello-world:amd64@sha256:90659bf80b44ce6be8234e6ff90a1ac34acbeb826903b02cfa0da11c82cbc042         hello-world:arm64@sha256:963612c5503f3f1674f315c67089dee577d8cc6afc18565e0b4183ae355fb343" did not complete successfully: exit code: 22

https://github.com/moby/moby/actions/runs/16800965209/job/47582150830?pr=50654

[thaJeztah]

Docker version, buildx version and Dockerfile front-end from an earlier run Yesterday that was green

Details

Run docker/setup-buildx-action@v3
  with:
    version: edge
    driver-opts: image=moby/buildkit:latest
    buildkitd-flags: --debug
    driver: docker-container
    install: false
    use: true
    keep-state: false
    cache-binary: true
    cleanup: true
  env:
    GO_VERSION: 1.24.5
    GIT_PAGER: cat
    PAGER: cat
    SETUP_BUILDX_VERSION: edge
    SETUP_BUILDKIT_IMAGE: moby/buildkit:latest
    SYSTEMD: true

/usr/bin/docker version
  Client: Docker Engine - Community
   Version:           28.0.4
   API version:       1.48
   Go version:        go1.23.7
   Git commit:        b8034c0
   Built:             Tue Mar 25 15:07:16 2025
   OS/Arch:           linux/amd64
   Context:           default
  
  Server: Docker Engine - Community
   Engine:
    Version:          28.0.4
    API version:      1.48 (minimum version 1.24)
    Go version:       go1.23.7
    Git commit:       6430e49
    Built:            Tue Mar 25 15:07:16 2025
    OS/Arch:          linux/amd64
    Experimental:     false
   containerd:
    Version:          1.7.27
    GitCommit:        05044ec0a9a75232cad458027ca83437aae3f4da
   runc:
    Version:          1.2.5
    GitCommit:        v1.2.5-0-g59923ef
   docker-init:
    Version:          0.19.0
    GitCommit:        de40ad0
  /usr/bin/docker info
  Client: Docker Engine - Community
   Version:    28.0.4
   Context:    default
   Debug Mode: false
   Plugins:
    buildx: Docker Buildx (Docker Inc.)
      Version:  v0.26.1
      Path:     /home/runner/.docker/cli-plugins/docker-buildx
    compose: Docker Compose (Docker Inc.)
      Version:  v2.37.3
      Path:     /usr/libexec/docker/cli-plugins/docker-compose
  
  Server:
   Containers: 1
    Running: 1
    Paused: 0
    Stopped: 0
   Images: 1
   Server Version: 28.0.4
   Storage Driver: overlay2
    Backing Filesystem: extfs
    Supports d_type: true
    Using metacopy: false
    Native Overlay Diff: false
    userxattr: false
   Logging Driver: json-file
   Cgroup Driver: systemd
   Cgroup Version: 2
   Plugins:
    Volume: local
    Network: bridge host ipvlan macvlan null overlay
    Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
   Swarm: inactive
   Runtimes: io.containerd.runc.v2 runc
   Default Runtime: runc
   Init Binary: docker-init
   containerd version: 05044ec0a9a75232cad458027ca83437aae3f4da
   runc version: v1.2.5-0-g59923ef
   init version: de40ad0
   Security Options:
    apparmor
    seccomp
     Profile: builtin
    cgroupns
   Kernel Version: 6.11.0-1018-azure
   Operating System: Ubuntu 24.04.2 LTS
   OSType: linux
   Architecture: x86_64
   CPUs: 4
   Total Memory: 15.62GiB
   Name: pkrvmjbmru5nbw0
   ID: 99adc586-a790-4672-b436-bfce1df3253b
   Docker Root Dir: /var/lib/docker
   Debug Mode: false
   Username: githubactions
   Experimental: false
   Insecure Registries:
    ::1/128
    127.0.0.0/8
   Live Restore Enabled: false

Download buildx from GitHub Releases
  Use 0.26.1 version spec cache key for v0.26.1
  Cache hit for: buildx-dl-bin-0.26.1-linux-x64
  Received 8388608 of 20030103 (41.9%), 8.0 MBs/sec
  Received 20030103 of 20030103 (100.0%), 16.5 MBs/sec
  Cache Size: ~19 MB (20030103 B)
  /usr/bin/tar -xf /home/runner/work/_temp/bda17fe5-7ed2-4027-ba74-17698f8bf84a/cache.tzst -P -C /home/runner/work/moby/moby --use-compress-program unzstd
  Cache restored successfully
  Restored buildx-dl-bin-0.26.1-linux-x64 from GitHub Actions cache
  Cached to hosted tool cache /opt/hostedtoolcache/buildx-dl-bin/0.26.1/linux-x64
  Buildx binary found in /home/runner/.docker/buildx/.bin/0.26.1/linux-x64/docker-buildx

  /usr/bin/docker buildx version
  github.com/docker/buildx v0.26.1 1a8287f22cf5a38339a4c1bf432b803c5f8b2aae

{
    "nodes": [
      {
        "name": "builder-cbbbf260-a918-4b7c-a974-0eb1790bb5c50",
        "endpoint": "unix:///var/run/docker.sock",
        "driver-opts": [
          "image=moby/buildkit:latest"
        ],
        "status": "running",
        "buildkitd-flags": "--debug --allow-insecure-entitlement=network.host",
        "buildkit": "v0.23.2",
        "platforms": "linux/amd64,linux/amd64/v2,linux/amd64/v3,linux/386",
        "features": {
          "Automatically load images to the Docker Engine image store": true,
          "Cache export": true,
          "Direct push": true,
          "Docker exporter": true,
          "Multi-platform build": true,
          "OCI exporter": true
        },
        "labels": {
          "org.mobyproject.buildkit.worker.executor": "oci",
          "org.mobyproject.buildkit.worker.hostname": "56ce05a02cec",
          "org.mobyproject.buildkit.worker.network": "host",
          "org.mobyproject.buildkit.worker.oci.process-mode": "sandbox",
          "org.mobyproject.buildkit.worker.selinux.enabled": "false",
          "org.mobyproject.buildkit.worker.snapshotter": "overlayfs"
        },
        "gcPolicy": [
          {
            "all": false,
            "filter": [
              "type==source.local",
              "type==exec.cachemount",
              "type==source.git.checkout"
            ],
            "keepDuration": "48h0m0s",
            "maxUsedSpace": "488.3MiB"
          },
          {
            "all": false,
            "keepDuration": "1440h0m0s",
            "reservedSpace": "7.451GiB",
            "maxUsedSpace": "54.02GiB",
            "minFreeSpace": "13.97GiB"
          },
          {
            "all": false,
            "reservedSpace": "7.451GiB",
            "maxUsedSpace": "54.02GiB",
            "minFreeSpace": "13.97GiB"
          },
          {
            "all": true,
            "reservedSpace": "7.451GiB",
            "maxUsedSpace": "54.02GiB",
            "minFreeSpace": "13.97GiB"
          }
        ]
      }
    ],
    "name": "builder-cbbbf260-a918-4b7c-a974-0eb1790bb5c5",
    "driver": "docker-container",
    "lastActivity": "2025-08-06T11:03:30.000Z"
  }

#3 resolve image config for docker-image://docker.io/docker/dockerfile:1
#3 ...

#4 [auth] docker/dockerfile:pull token for registry-1.docker.io
#4 DONE 0.0s

#3 resolve image config for docker-image://docker.io/docker/dockerfile:1
#3 DONE 0.9s

#5 docker-image://docker.io/docker/dockerfile:1@sha256:38387523653efa0039f8e1c89bb74a30504e76ee9f565e25c9a09841f9427b05
#5 resolve docker.io/docker/dockerfile:1@sha256:38387523653efa0039f8e1c89bb74a30504e76ee9f565e25c9a09841f9427b05 done
#5 sha256:fdbb657bc4fdee228c0c20080da3a4cc193ef22c6637ae12109c8feba99debea 0B / 14.09MB 0.2s
#5 sha256:fdbb657bc4fdee228c0c20080da3a4cc193ef22c6637ae12109c8feba99debea 14.09MB / 14.09MB 0.3s done
#5 extracting sha256:fdbb657bc4fdee228c0c20080da3a4cc193ef22c6637ae12109c8feba99debea 0.1s done
#5 DONE 0.4s

And from a failing one;

Details

Run docker/setup-buildx-action@v3
  with:
    version: edge
    driver-opts: image=moby/buildkit:latest
    buildkitd-flags: --debug
    driver: docker-container
    install: false
    use: true
    keep-state: false
    cache-binary: true
    cleanup: true
  env:
    GO_VERSION: 1.24.5
    GOTESTLIST_VERSION: v0.3.1
    TESTSTAT_VERSION: v0.1.25
    ITG_CLI_MATRIX_SIZE: 6
    DOCKER_EXPERIMENTAL: 1
    DOCKER_GRAPHDRIVER: overlay2
    TEST_INTEGRATION_USE_SNAPSHOTTER: 
    SETUP_BUILDX_VERSION: edge
    SETUP_BUILDKIT_IMAGE: moby/buildkit:latest
    OTEL_EXPORTER_OTLP_ENDPOINT: http://172.17.0.1:4318
    DOCKER_ROOTLESS: 1
    CACHE_DEV_SCOPE: dev

  Client: Docker Engine - Community
   Version:           28.0.4
   API version:       1.48
   Go version:        go1.23.7
   Git commit:        b8034c0
   Built:             Tue Mar 25 15:07:11 2025
   OS/Arch:           linux/amd64
   Context:           default
  
  Server: Docker Engine - Community
   Engine:
    Version:          28.0.4
    API version:      1.48 (minimum version 1.24)
    Go version:       go1.23.7
    Git commit:       6430e49
    Built:            Tue Mar 25 15:07:11 2025
    OS/Arch:          linux/amd64
    Experimental:     true
   containerd:
    Version:          1.7.27
    GitCommit:        05044ec0a9a75232cad458027ca83437aae3f4da
   runc:
    Version:          1.2.5
    GitCommit:        v1.2.5-0-g59923ef
   docker-init:
    Version:          0.19.0
    GitCommit:        de40ad0
  /usr/bin/docker info
  Client: Docker Engine - Community
   Version:    28.0.4
   Context:    default
   Debug Mode: false
   Plugins:
    buildx: Docker Buildx (Docker Inc.)
      Version:  v0.26.1
      Path:     /home/runner/.docker/cli-plugins/docker-buildx
    compose: Docker Compose (Docker Inc.)
      Version:  v2.37.3
      Path:     /usr/libexec/docker/cli-plugins/docker-compose
  
  Server:
   Containers: 2
    Running: 2
    Paused: 0
    Stopped: 0
   Images: 16
   Server Version: 28.0.4
   Storage Driver: overlay2
    Backing Filesystem: extfs
    Supports d_type: true
    Using metacopy: false
    Native Overlay Diff: true
    userxattr: false
   Logging Driver: json-file
   Cgroup Driver: systemd
   Cgroup Version: 2
   Plugins:
    Volume: local
    Network: bridge host ipvlan macvlan null overlay
    Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
   Swarm: inactive
   Runtimes: io.containerd.runc.v2 runc
   Default Runtime: runc
   Init Binary: docker-init
   containerd version: 05044ec0a9a75232cad458027ca83437aae3f4da
   runc version: v1.2.5-0-g59923ef
   init version: de40ad0
   Security Options:
    apparmor
    seccomp
     Profile: builtin
    cgroupns
   Kernel Version: 6.8.0-1031-azure
   Operating System: Ubuntu 22.04.5 LTS
   OSType: linux
   Architecture: x86_64
   CPUs: 4
   Total Memory: 15.62GiB
   Name: pkrvm76nib4usnx
   ID: 493d157d-15c6-4f8f-bd57-a14e094ad5ad
   Docker Root Dir: /var/lib/docker
   Debug Mode: false
   Username: githubactions
   Experimental: true
   Insecure Registries:
    ::1/128
    127.0.0.0/8
   Live Restore Enabled: true

  /usr/bin/docker buildx version
  github.com/docker/buildx v0.26.1 1a8287f22cf5a38339a4c1bf432b803c5f8b2aae

          "org.mobyproject.buildkit.worker.executor": "oci",
          "org.mobyproject.buildkit.worker.hostname": "1d94d1786118",
          "org.mobyproject.buildkit.worker.network": "host",
          "org.mobyproject.buildkit.worker.oci.process-mode": "sandbox",
          "org.mobyproject.buildkit.worker.selinux.enabled": "false",
          "org.mobyproject.buildkit.worker.snapshotter": "overlayfs"
        },
        "gcPolicy": [
          {
            "all": false,
            "filter": [
              "type==source.local",
              "type==exec.cachemount",
              "type==source.git.checkout"
            ],
            "keepDuration": "48h0m0s",
            "maxUsedSpace": "488.3MiB"
          },
          {
            "all": false,
            "keepDuration": "1440h0m0s",
            "reservedSpace": "7.451GiB",
            "maxUsedSpace": "54.95GiB",
            "minFreeSpace": "13.97GiB"
          },
          {
            "all": false,
            "reservedSpace": "7.451GiB",
            "maxUsedSpace": "54.95GiB",
            "minFreeSpace": "13.97GiB"
          },
          {
            "all": true,
            "reservedSpace": "7.451GiB",
            "maxUsedSpace": "54.95GiB",
            "minFreeSpace": "13.97GiB"
          }
        ]
      }
    ],
    "name": "builder-deb4fcae-501f-4f2a-8b43-349b82ecb256",
    "driver": "docker-container",
    "lastActivity": "2025-08-07T10:25:43.000Z"
  }

#3 resolve image config for docker-image://docker.io/docker/dockerfile:1
#3 ...

#4 [auth] docker/dockerfile:pull token for registry-1.docker.io
#4 DONE 0.0s

#3 resolve image config for docker-image://docker.io/docker/dockerfile:1
#3 DONE 1.5s

#5 docker-image://docker.io/docker/dockerfile:1@sha256:38387523653efa0039f8e1c89bb74a30504e76ee9f565e25c9a09841f9427b05
#5 resolve docker.io/docker/dockerfile:1@sha256:38387523653efa0039f8e1c89bb74a30504e76ee9f565e25c9a09841f9427b05 0.0s done
#5 sha256:fdbb657bc4fdee228c0c20080da3a4cc193ef22c6637ae12109c8feba99debea 3.15MB / 14.09MB 0.2s
#5 sha256:fdbb657bc4fdee228c0c20080da3a4cc193ef22c6637ae12109c8feba99debea 14.09MB / 14.09MB 0.2s done
#5 extracting sha256:fdbb657bc4fdee228c0c20080da3a4cc193ef22c6637ae12109c8feba99debea 0.1s done
#5 DONE 0.4s

Difference:

Good:

   Kernel Version: 6.11.0-1018-azure
   Operating System: Ubuntu 24.04.2 LTS

Bad:

   Kernel Version: 6.8.0-1031-azure
   Operating System: Ubuntu 22.04.5 LTS

Same Dockerfile front-end, so that's not it:

#5 docker-image://docker.io/docker/dockerfile:1@sha256:38387523653efa0039f8e1c89bb74a30504e76ee9f565e25c9a09841f9427b05

docker-image://docker.io/docker/dockerfile:1@sha256:38387523653efa0039f8e1c89bb74a30504e76ee9f565e25c9a09841f9427b05

[thaJeztah]

Difference:

Good:

   Kernel Version: 6.11.0-1018-azure
   Operating System: Ubuntu 24.04.2 LTS

Bad:

   Kernel Version: 6.8.0-1031-azure
   Operating System: Ubuntu 22.04.5 LTS

Ugh; I picked the wrong ones to compare; realised that this is comparing Ubuntu 22.04 and 24.04 (we still run 22.04 for some checks)

[thaJeztah]

panic: error loading frozen images: invalid diffID for layer 0:
expected "sha256:9c27e219663c25e0f28493790cc0b88bc973ba3b1686355f221c38a36978ac63",
got "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"

So; e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 is the digest for nil; https://go.dev/play/p/FA77z66YhZh

package main

import (
	"crypto/sha256"
	"fmt"
)

func main() {
	fmt.Printf("sha256:%x\n", sha256.Sum256(nil))
}

[thaJeztah]

Sad runner (from #50656 - https://github.com/moby/moby/actions/runs/16807541714/job/47608623418?pr=50656)

Details

 Current runner version: '2.327.1'
 ##[group]Runner Image Provisioner
 Hosted Compute Agent
 Version: 20250711.363
 Commit: 6785254374ce925a23743850c1cb91912ce5c14c
 Build Date: 2025-07-11T20:04:25Z
 ##[endgroup]
 ##[group]Operating System
 Ubuntu
 24.04.2
 LTS
 ##[endgroup]
 ##[group]Runner Image
 Image: ubuntu-24.04
 Version: 20250728.1.0
 Included Software: https://github.com/actions/runner-images/blob/ubuntu24/20250728.1/images/ubuntu/Ubuntu2404-Readme.md
 Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20250728.1
 ##[endgroup]
 ##[group]GITHUB_TOKEN Permissions
 Contents: read
 Metadata: read
 ##[endgroup]
 Secret source: None
 Prepare workflow directory
 Prepare all required actions
 Getting action download info
 ##[group]Download immutable action package 'actions/checkout@v4'
 Version: 4.2.2
 Digest: sha256:ccb2698953eaebd21c7bf6268a94f9c26518a7e38e27e0b83c1fe1ad049819b1
 Source commit SHA: 11bd71901bbe5b1630ceea73d27597364c9af683
 ##[endgroup]
 ##[group]Download immutable action package 'docker/setup-buildx-action@v3'
 Version: 3.11.1
 Digest: sha256:b58e632d2d812e161c8abeba6def9f56b420aa9ae41d825a8408241bcad0f303
 Source commit SHA: e468171a9de216ec08956ac3ada2f0791b6bd435
 ##[endgroup]
 ##[group]Download immutable action package 'docker/bake-action@v6'
 Version: 6.8.0
 Digest: sha256:7fbcff47cb6998ecbd933414724b9577ec30c51801a92c0376dd209e54207530
 Source commit SHA: 37816e747588cb137173af99ab33873600c46ea8
 ##[endgroup]
 Download action repository 'codecov/codecov-action@v4' (SHA:b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238)
 ##[group]Download immutable action package 'actions/upload-artifact@v4'
 Version: 4.6.2
 Digest: sha256:290722aa3281d5caf23d0acdc3dbeb3424786a1a01a9cc97e72f147225e37c38
 Source commit SHA: ea165f8d65b6e75b540449e92b4886f43607fa02
 ##[endgroup]
 Uses: moby/moby/.github/workflows/.test.yml@refs/pull/50656/merge (1b31dc2d3a687dfaaef0b108a8fe76f6a718a3d2)
 ##[group] Inputs
   storage: snapshotter
 ##[endgroup]
 Complete job name: test (snapshotter) / integration (ubuntu-24.04, iptables+firewalld)
 ##[group]Run actions/checkout@v4
 with:
   repository: moby/moby
   token: ***
   ssh-strict: true
   ssh-user: git
   persist-credentials: true
   clean: true
   sparse-checkout-cone-mode: true
   fetch-depth: 1
   fetch-tags: false
   show-progress: true
   lfs: false
   submodules: false
   set-safe-directory: true
 env:
   GO_VERSION: 1.24.5
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.25
   ITG_CLI_MATRIX_SIZE: 6
   DOCKER_EXPERIMENTAL: 1
   DOCKER_GRAPHDRIVER: overlayfs
   TEST_INTEGRATION_USE_SNAPSHOTTER: 1
   SETUP_BUILDX_VERSION: edge
   SETUP_BUILDKIT_IMAGE: moby/buildkit:latest
 ##[endgroup]
 Syncing repository: moby/moby
 ##[group]Getting Git version info
 Working directory is '/home/runner/work/moby/moby'
 [command]/usr/bin/git version
 git version 2.50.1
 ##[endgroup]
 Temporarily overriding HOME='/home/runner/work/_temp/f0b66cae-0ab1-4cbc-a12d-8206ec455f59' before making global git config changes
 Adding repository directory to the temporary git global config as a safe directory
 [command]/usr/bin/git config --global --add safe.directory /home/runner/work/moby/moby
 Deleting the contents of '/home/runner/work/moby/moby'
 ##[group]Initializing the repository
 [command]/usr/bin/git init /home/runner/work/moby/moby
 hint: Using 'master' as the name for the initial branch. This default branch name
 hint: is subject to change. To configure the initial branch name to use in all
 hint: of your new repositories, which will suppress this warning, call:
 hint:
 hint: 	git config --global init.defaultBranch <name>
 hint:
 hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
 hint: 'development'. The just-created branch can be renamed via this command:
 hint:
 hint: 	git branch -m <name>
 hint:
 hint: Disable this message with "git config set advice.defaultBranchName false"
 Initialized empty Git repository in /home/runner/work/moby/moby/.git/
 [command]/usr/bin/git remote add origin https://github.com/moby/moby
 ##[endgroup]
 ##[group]Disabling automatic garbage collection
 [command]/usr/bin/git config --local gc.auto 0
 ##[endgroup]
 ##[group]Setting up auth
 [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
 [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
 [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
 [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
 [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
 ##[endgroup]
 ##[group]Fetching the repository
 [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +1b31dc2d3a687dfaaef0b108a8fe76f6a718a3d2:refs/remotes/pull/50656/merge
 From https://github.com/moby/moby
  * [new ref]         1b31dc2d3a687dfaaef0b108a8fe76f6a718a3d2 -> pull/50656/merge
 ##[endgroup]
 ##[group]Determining the checkout info
 ##[endgroup]
 [command]/usr/bin/git sparse-checkout disable
 [command]/usr/bin/git config --local --unset-all extensions.worktreeConfig
 ##[group]Checking out the ref
 [command]/usr/bin/git checkout --progress --force refs/remotes/pull/50656/merge
 Note: switching to 'refs/remotes/pull/50656/merge'.
 
 You are in 'detached HEAD' state. You can look around, make experimental
 changes and commit them, and you can discard any commits you make in this
 state without impacting any branches by switching back to a branch.
 
 If you want to create a new branch to retain commits you create, you may
 do so (now or later) by using -c with the switch command. Example:
 
   git switch -c <new-branch-name>
 
 Or undo this operation with:
 
   git switch -
 
 Turn off this advice by setting config variable advice.detachedHead to false
 
 HEAD is now at 1b31dc2 Merge a54650c74c8da77d64a52a06b6815bf58bf63c0a into e628fa0409b521371f7898c1c43b39bce6825144
 ##[endgroup]
 [command]/usr/bin/git log -1 --format=%H
 1b31dc2d3a687dfaaef0b108a8fe76f6a718a3d2
 Prepare all required actions
 ##[group]Run ./.github/actions/setup-runner
 env:
   GO_VERSION: 1.24.5
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.25
   ITG_CLI_MATRIX_SIZE: 6
   DOCKER_EXPERIMENTAL: 1
   DOCKER_GRAPHDRIVER: overlayfs
   TEST_INTEGRATION_USE_SNAPSHOTTER: 1
   SETUP_BUILDX_VERSION: edge
   SETUP_BUILDKIT_IMAGE: moby/buildkit:latest
 ##[endgroup]
 ##[group]Run sudo modprobe ip_vs
 �[36;1msudo modprobe ip_vs�[0m
 �[36;1msudo modprobe ipv6�[0m
 �[36;1msudo modprobe ip6table_filter�[0m
 �[36;1msudo modprobe -r overlay�[0m
 �[36;1msudo modprobe overlay redirect_dir=off�[0m
 shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
 env:
   GO_VERSION: 1.24.5
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.25
   ITG_CLI_MATRIX_SIZE: 6
   DOCKER_EXPERIMENTAL: 1
   DOCKER_GRAPHDRIVER: overlayfs
   TEST_INTEGRATION_USE_SNAPSHOTTER: 1
   SETUP_BUILDX_VERSION: edge
   SETUP_BUILDKIT_IMAGE: moby/buildkit:latest
 ##[endgroup]
 ##[group]Run if [ ! -e /etc/docker/daemon.json ]; then
 �[36;1mif [ ! -e /etc/docker/daemon.json ]; then�[0m
 �[36;1m echo '{}' | sudo tee /etc/docker/daemon.json >/dev/null�[0m
 �[36;1mfi�[0m
 �[36;1mDOCKERD_CONFIG=$(jq '.+{"experimental":true,"live-restore":true,"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' /etc/docker/daemon.json)�[0m
 �[36;1msudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null�[0m
 �[36;1msudo service docker restart�[0m
 shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
 env:
   GO_VERSION: 1.24.5
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.25
   ITG_CLI_MATRIX_SIZE: 6
   DOCKER_EXPERIMENTAL: 1
   DOCKER_GRAPHDRIVER: overlayfs
   TEST_INTEGRATION_USE_SNAPSHOTTER: 1
   SETUP_BUILDX_VERSION: edge
   SETUP_BUILDKIT_IMAGE: moby/buildkit:latest
 ##[endgroup]
 ##[group]Run ./contrib/check-config.sh || true
 �[36;1m./contrib/check-config.sh || true�[0m
 shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
 env:
   GO_VERSION: 1.24.5
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.25
   ITG_CLI_MATRIX_SIZE: 6
   DOCKER_EXPERIMENTAL: 1
   DOCKER_GRAPHDRIVER: overlayfs
   TEST_INTEGRATION_USE_SNAPSHOTTER: 1
   SETUP_BUILDX_VERSION: edge
   SETUP_BUILDKIT_IMAGE: moby/buildkit:latest
 ##[endgroup]
 warning: /proc/config.gz does not exist, searching other paths for kernel config ...
 info: reading kernel config from /boot/config-6.11.0-1018-azure ...
 
 Generally Necessary:
 - cgroup hierarchy: cgroupv2
   Controllers:
   - cpu: available
   - cpuset: available
   - io: available
   - memory: available
   - pids: available
 - apparmor: enabled and tools installed
 - CONFIG_NAMESPACES: enabled
 - CONFIG_NET_NS: enabled
 - CONFIG_PID_NS: enabled
 - CONFIG_IPC_NS: enabled
 - CONFIG_UTS_NS: enabled
 - CONFIG_CGROUPS: enabled
 - CONFIG_CGROUP_CPUACCT: enabled
 - CONFIG_CGROUP_DEVICE: enabled
 - CONFIG_CGROUP_FREEZER: enabled
 - CONFIG_CGROUP_SCHED: enabled
 - CONFIG_CPUSETS: enabled
 - CONFIG_MEMCG: enabled
 - CONFIG_KEYS: enabled
 - CONFIG_VETH: enabled (as module)
 - CONFIG_BRIDGE: enabled (as module)
 - CONFIG_BRIDGE_NETFILTER: enabled (as module)
 - CONFIG_IP_NF_FILTER: enabled (as module)
 - CONFIG_IP_NF_MANGLE: enabled (as module)
 - CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
 - CONFIG_IP6_NF_FILTER: enabled (as module)
 - CONFIG_IP6_NF_MANGLE: enabled (as module)
 - CONFIG_IP6_NF_TARGET_MASQUERADE: enabled (as module)
 - CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
 - CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
 - CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module)
 - CONFIG_NETFILTER_XT_MARK: enabled (as module)
 - CONFIG_IP_NF_RAW: enabled (as module)
 - CONFIG_IP_NF_NAT: enabled (as module)
 - CONFIG_NF_NAT: enabled (as module)
 - CONFIG_IP6_NF_RAW: enabled (as module)
 - CONFIG_IP6_NF_NAT: enabled (as module)
 - CONFIG_NF_NAT: enabled (as module)
 - CONFIG_POSIX_MQUEUE: enabled
 - CONFIG_CGROUP_BPF: enabled
 
 Optional Features:
 - CONFIG_USER_NS: enabled
 - CONFIG_SECCOMP: enabled
 - CONFIG_SECCOMP_FILTER: enabled
 - CONFIG_CGROUP_PIDS: enabled
     (cgroup swap accounting is currently enabled)
 - CONFIG_BLK_CGROUP: enabled
 - CONFIG_BLK_DEV_THROTTLING: enabled
 - CONFIG_CGROUP_PERF: enabled
 - CONFIG_CGROUP_HUGETLB: enabled
 - CONFIG_NET_CLS_CGROUP: enabled (as module)
 - CONFIG_CGROUP_NET_PRIO: enabled
 - CONFIG_CFS_BANDWIDTH: enabled
 - CONFIG_FAIR_GROUP_SCHED: enabled
 - CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module)
 - CONFIG_IP_VS: enabled (as module)
 - CONFIG_IP_VS_NFCT: enabled
 - CONFIG_IP_VS_PROTO_TCP: enabled
 - CONFIG_IP_VS_PROTO_UDP: enabled
 - CONFIG_IP_VS_RR: enabled (as module)
 - CONFIG_SECURITY_SELINUX: enabled
 - CONFIG_SECURITY_APPARMOR: enabled
 - CONFIG_NFT_CT: enabled (as module)
 - CONFIG_NFT_FIB_IPV4: enabled (as module)
 - CONFIG_NFT_FIB_IPV6: enabled (as module)
 - CONFIG_NFT_FIB: enabled (as module)
 - CONFIG_NFT_MASQ: enabled (as module)
 - CONFIG_NFT_NAT: enabled (as module)
 - CONFIG_NF_TABLES: enabled (as module)
 - CONFIG_EXT4_FS: enabled
 - CONFIG_EXT4_FS_POSIX_ACL: enabled
 - CONFIG_EXT4_FS_SECURITY: enabled
 - Network Drivers:
   - "overlay":
     - CONFIG_VXLAN: enabled
     - CONFIG_BRIDGE_VLAN_FILTERING: enabled
       Optional (for encrypted networks):
       - CONFIG_CRYPTO: enabled
       - CONFIG_CRYPTO_AEAD: enabled
       - CONFIG_CRYPTO_GCM: enabled
       - CONFIG_CRYPTO_SEQIV: enabled
       - CONFIG_CRYPTO_GHASH: enabled
       - CONFIG_XFRM: enabled
       - CONFIG_XFRM_USER: enabled (as module)
       - CONFIG_XFRM_ALGO: enabled (as module)
       - CONFIG_INET_ESP: enabled (as module)
       - CONFIG_NETFILTER_XT_MATCH_BPF: enabled (as module)
   - "ipvlan":
     - CONFIG_IPVLAN: enabled (as module)
   - "macvlan":
     - CONFIG_MACVLAN: enabled (as module)
     - CONFIG_DUMMY: enabled (as module)
   - "ftp,tftp client in container":
     - CONFIG_NF_NAT_FTP: enabled (as module)
     - CONFIG_NF_CONNTRACK_FTP: enabled (as module)
     - CONFIG_NF_NAT_TFTP: enabled (as module)
     - CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
 - Storage Drivers:
   - "btrfs":
     - CONFIG_BTRFS_FS: enabled (as module)
     - CONFIG_BTRFS_FS_POSIX_ACL: enabled
   - "overlay":
     - CONFIG_OVERLAY_FS: enabled (as module)
   - "zfs":
     - /dev/zfs: present
     - zfs command: missing
     - zpool command: missing
 
 Limits:
 - /proc/sys/kernel/keys/root_maxkeys: 1000000
 
 ##[group]Run docker info
 �[36;1mdocker info�[0m
 shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
 env:
   GO_VERSION: 1.24.5
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.25
   ITG_CLI_MATRIX_SIZE: 6
   DOCKER_EXPERIMENTAL: 1
   DOCKER_GRAPHDRIVER: overlayfs
   TEST_INTEGRATION_USE_SNAPSHOTTER: 1
   SETUP_BUILDX_VERSION: edge
   SETUP_BUILDKIT_IMAGE: moby/buildkit:latest
 ##[endgroup]
 Client: Docker Engine - Community
  Version:    28.0.4
  Context:    default
  Debug Mode: false
  Plugins:
   buildx: Docker Buildx (Docker Inc.)
     Version:  v0.26.1
     Path:     /usr/libexec/docker/cli-plugins/docker-buildx
   compose: Docker Compose (Docker Inc.)
     Version:  v2.37.3
     Path:     /usr/libexec/docker/cli-plugins/docker-compose
 
 Server:
  Containers: 0
   Running: 0
   Paused: 0
   Stopped: 0
  Images: 0
  Server Version: 28.0.4
  Storage Driver: overlay2
   Backing Filesystem: extfs
   Supports d_type: true
   Using metacopy: false
   Native Overlay Diff: true
   userxattr: false
  Logging Driver: json-file
  Cgroup Driver: systemd
  Cgroup Version: 2
  Plugins:
   Volume: local
   Network: bridge host ipvlan macvlan null overlay
   Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
  Swarm: inactive
  Runtimes: io.containerd.runc.v2 runc
  Default Runtime: runc
  Init Binary: docker-init
  containerd version: 05044ec0a9a75232cad458027ca83437aae3f4da
  runc version: v1.2.5-0-g59923ef
  init version: de40ad0
  Security Options:
   apparmor
   seccomp
    Profile: builtin
   cgroupns
  Kernel Version: 6.11.0-1018-azure
  Operating System: Ubuntu 24.04.2 LTS
  OSType: linux
  Architecture: x86_64
  CPUs: 4
  Total Memory: 15.62GiB
  Name: pkrvmjbmru5nbw0
  ID: 99adc586-a790-4672-b436-bfce1df3253b
  Docker Root Dir: /var/lib/docker
  Debug Mode: false
  Username: githubactions
  Experimental: true
  Insecure Registries:
   ::1/128
   127.0.0.0/8
  Live Restore Enabled: true

Happy runner (from #50591 - https://github.com/moby/moby/actions/runs/16775096813/job/47502815879?pr=50591)

Details

 Current runner version: '2.327.1'
 ##[group]Runner Image Provisioner
 Hosted Compute Agent
 Version: 20250711.363
 Commit: 6785254374ce925a23743850c1cb91912ce5c14c
 Build Date: 2025-07-11T20:04:25Z
 ##[endgroup]
 ##[group]Operating System
 Ubuntu
 24.04.2
 LTS
 ##[endgroup]
 ##[group]Runner Image
 Image: ubuntu-24.04
 Version: 20250728.1.0
 Included Software: https://github.com/actions/runner-images/blob/ubuntu24/20250728.1/images/ubuntu/Ubuntu2404-Readme.md
 Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20250728.1
 ##[endgroup]
 ##[group]GITHUB_TOKEN Permissions
 Contents: read
 Metadata: read
 ##[endgroup]
 Secret source: None
 Prepare workflow directory
 Prepare all required actions
 Getting action download info
 ##[group]Download immutable action package 'actions/checkout@v4'
 Version: 4.2.2
 Digest: sha256:ccb2698953eaebd21c7bf6268a94f9c26518a7e38e27e0b83c1fe1ad049819b1
 Source commit SHA: 11bd71901bbe5b1630ceea73d27597364c9af683
 ##[endgroup]
 ##[group]Download immutable action package 'docker/setup-buildx-action@v3'
 Version: 3.11.1
 Digest: sha256:b58e632d2d812e161c8abeba6def9f56b420aa9ae41d825a8408241bcad0f303
 Source commit SHA: e468171a9de216ec08956ac3ada2f0791b6bd435
 ##[endgroup]
 ##[group]Download immutable action package 'docker/bake-action@v6'
 Version: 6.8.0
 Digest: sha256:7fbcff47cb6998ecbd933414724b9577ec30c51801a92c0376dd209e54207530
 Source commit SHA: 37816e747588cb137173af99ab33873600c46ea8
 ##[endgroup]
 Download action repository 'codecov/codecov-action@v4' (SHA:b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238)
 ##[group]Download immutable action package 'actions/upload-artifact@v4'
 Version: 4.6.2
 Digest: sha256:290722aa3281d5caf23d0acdc3dbeb3424786a1a01a9cc97e72f147225e37c38
 Source commit SHA: ea165f8d65b6e75b540449e92b4886f43607fa02
 ##[endgroup]
 Uses: moby/moby/.github/workflows/.test.yml@refs/pull/50591/merge (cb09f210f03f18c76123af427fba772ecbb86530)
 ##[group] Inputs
   storage: snapshotter
 ##[endgroup]
 Complete job name: test (snapshotter) / integration (ubuntu-24.04, iptables+firewalld)
 ##[group]Run actions/checkout@v4
 with:
   repository: moby/moby
   token: ***
   ssh-strict: true
   ssh-user: git
   persist-credentials: true
   clean: true
   sparse-checkout-cone-mode: true
   fetch-depth: 1
   fetch-tags: false
   show-progress: true
   lfs: false
   submodules: false
   set-safe-directory: true
 env:
   GO_VERSION: 1.24.5
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.25
   ITG_CLI_MATRIX_SIZE: 6
   DOCKER_EXPERIMENTAL: 1
   DOCKER_GRAPHDRIVER: overlayfs
   TEST_INTEGRATION_USE_SNAPSHOTTER: 1
   SETUP_BUILDX_VERSION: edge
   SETUP_BUILDKIT_IMAGE: moby/buildkit:latest
 ##[endgroup]
 Syncing repository: moby/moby
 ##[group]Getting Git version info
 Working directory is '/home/runner/work/moby/moby'
 [command]/usr/bin/git version
 git version 2.50.1
 ##[endgroup]
 Temporarily overriding HOME='/home/runner/work/_temp/e36efe12-8945-4c8f-af9d-7d879c1ff5e2' before making global git config changes
 Adding repository directory to the temporary git global config as a safe directory
 [command]/usr/bin/git config --global --add safe.directory /home/runner/work/moby/moby
 Deleting the contents of '/home/runner/work/moby/moby'
 ##[group]Initializing the repository
 [command]/usr/bin/git init /home/runner/work/moby/moby
 hint: Using 'master' as the name for the initial branch. This default branch name
 hint: is subject to change. To configure the initial branch name to use in all
 hint: of your new repositories, which will suppress this warning, call:
 hint:
 hint: 	git config --global init.defaultBranch <name>
 hint:
 hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
 hint: 'development'. The just-created branch can be renamed via this command:
 hint:
 hint: 	git branch -m <name>
 hint:
 hint: Disable this message with "git config set advice.defaultBranchName false"
 Initialized empty Git repository in /home/runner/work/moby/moby/.git/
 [command]/usr/bin/git remote add origin https://github.com/moby/moby
 ##[endgroup]
 ##[group]Disabling automatic garbage collection
 [command]/usr/bin/git config --local gc.auto 0
 ##[endgroup]
 ##[group]Setting up auth
 [command]/usr/bin/git config --local --name-only --get-regexp core\.sshCommand
 [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
 [command]/usr/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
 [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
 [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
 ##[endgroup]
 ##[group]Fetching the repository
 [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +cb09f210f03f18c76123af427fba772ecbb86530:refs/remotes/pull/50591/merge
 From https://github.com/moby/moby
  * [new ref]         cb09f210f03f18c76123af427fba772ecbb86530 -> pull/50591/merge
 ##[endgroup]
 ##[group]Determining the checkout info
 ##[endgroup]
 [command]/usr/bin/git sparse-checkout disable
 [command]/usr/bin/git config --local --unset-all extensions.worktreeConfig
 ##[group]Checking out the ref
 [command]/usr/bin/git checkout --progress --force refs/remotes/pull/50591/merge
 Note: switching to 'refs/remotes/pull/50591/merge'.
 
 You are in 'detached HEAD' state. You can look around, make experimental
 changes and commit them, and you can discard any commits you make in this
 state without impacting any branches by switching back to a branch.
 
 If you want to create a new branch to retain commits you create, you may
 do so (now or later) by using -c with the switch command. Example:
 
   git switch -c <new-branch-name>
 
 Or undo this operation with:
 
   git switch -
 
 Turn off this advice by setting config variable advice.detachedHead to false
 
 HEAD is now at cb09f21 Merge a9d15fc8775f9110814beeb62a95f0806a2b004f into 18940b6c9b7766d783905428b00a70ec6872f3fe
 ##[endgroup]
 [command]/usr/bin/git log -1 --format=%H
 cb09f210f03f18c76123af427fba772ecbb86530
 Prepare all required actions
 ##[group]Run ./.github/actions/setup-runner
 env:
   GO_VERSION: 1.24.5
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.25
   ITG_CLI_MATRIX_SIZE: 6
   DOCKER_EXPERIMENTAL: 1
   DOCKER_GRAPHDRIVER: overlayfs
   TEST_INTEGRATION_USE_SNAPSHOTTER: 1
   SETUP_BUILDX_VERSION: edge
   SETUP_BUILDKIT_IMAGE: moby/buildkit:latest
 ##[endgroup]
 ##[group]Run sudo modprobe ip_vs
 �[36;1msudo modprobe ip_vs�[0m
 �[36;1msudo modprobe ipv6�[0m
 �[36;1msudo modprobe ip6table_filter�[0m
 �[36;1msudo modprobe -r overlay�[0m
 �[36;1msudo modprobe overlay redirect_dir=off�[0m
 shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
 env:
   GO_VERSION: 1.24.5
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.25
   ITG_CLI_MATRIX_SIZE: 6
   DOCKER_EXPERIMENTAL: 1
   DOCKER_GRAPHDRIVER: overlayfs
   TEST_INTEGRATION_USE_SNAPSHOTTER: 1
   SETUP_BUILDX_VERSION: edge
   SETUP_BUILDKIT_IMAGE: moby/buildkit:latest
 ##[endgroup]
 ##[group]Run if [ ! -e /etc/docker/daemon.json ]; then
 �[36;1mif [ ! -e /etc/docker/daemon.json ]; then�[0m
 �[36;1m echo '{}' | sudo tee /etc/docker/daemon.json >/dev/null�[0m
 �[36;1mfi�[0m
 �[36;1mDOCKERD_CONFIG=$(jq '.+{"experimental":true,"live-restore":true,"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' /etc/docker/daemon.json)�[0m
 �[36;1msudo tee /etc/docker/daemon.json <<<"$DOCKERD_CONFIG" >/dev/null�[0m
 �[36;1msudo service docker restart�[0m
 shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
 env:
   GO_VERSION: 1.24.5
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.25
   ITG_CLI_MATRIX_SIZE: 6
   DOCKER_EXPERIMENTAL: 1
   DOCKER_GRAPHDRIVER: overlayfs
   TEST_INTEGRATION_USE_SNAPSHOTTER: 1
   SETUP_BUILDX_VERSION: edge
   SETUP_BUILDKIT_IMAGE: moby/buildkit:latest
 ##[endgroup]
 ##[group]Run ./contrib/check-config.sh || true
 �[36;1m./contrib/check-config.sh || true�[0m
 shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
 env:
   GO_VERSION: 1.24.5
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.25
   ITG_CLI_MATRIX_SIZE: 6
   DOCKER_EXPERIMENTAL: 1
   DOCKER_GRAPHDRIVER: overlayfs
   TEST_INTEGRATION_USE_SNAPSHOTTER: 1
   SETUP_BUILDX_VERSION: edge
   SETUP_BUILDKIT_IMAGE: moby/buildkit:latest
 ##[endgroup]
 warning: /proc/config.gz does not exist, searching other paths for kernel config ...
 info: reading kernel config from /boot/config-6.11.0-1018-azure ...
 
 Generally Necessary:
 - cgroup hierarchy: cgroupv2
   Controllers:
   - cpu: available
   - cpuset: available
   - io: available
   - memory: available
   - pids: available
 - apparmor: enabled and tools installed
 - CONFIG_NAMESPACES: enabled
 - CONFIG_NET_NS: enabled
 - CONFIG_PID_NS: enabled
 - CONFIG_IPC_NS: enabled
 - CONFIG_UTS_NS: enabled
 - CONFIG_CGROUPS: enabled
 - CONFIG_CGROUP_CPUACCT: enabled
 - CONFIG_CGROUP_DEVICE: enabled
 - CONFIG_CGROUP_FREEZER: enabled
 - CONFIG_CGROUP_SCHED: enabled
 - CONFIG_CPUSETS: enabled
 - CONFIG_MEMCG: enabled
 - CONFIG_KEYS: enabled
 - CONFIG_VETH: enabled (as module)
 - CONFIG_BRIDGE: enabled (as module)
 - CONFIG_BRIDGE_NETFILTER: enabled (as module)
 - CONFIG_IP_NF_FILTER: enabled (as module)
 - CONFIG_IP_NF_MANGLE: enabled (as module)
 - CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
 - CONFIG_IP6_NF_FILTER: enabled (as module)
 - CONFIG_IP6_NF_MANGLE: enabled (as module)
 - CONFIG_IP6_NF_TARGET_MASQUERADE: enabled (as module)
 - CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
 - CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
 - CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module)
 - CONFIG_NETFILTER_XT_MARK: enabled (as module)
 - CONFIG_IP_NF_RAW: enabled (as module)
 - CONFIG_IP_NF_NAT: enabled (as module)
 - CONFIG_NF_NAT: enabled (as module)
 - CONFIG_IP6_NF_RAW: enabled (as module)
 - CONFIG_IP6_NF_NAT: enabled (as module)
 - CONFIG_NF_NAT: enabled (as module)
 - CONFIG_POSIX_MQUEUE: enabled
 - CONFIG_CGROUP_BPF: enabled
 
 Optional Features:
 - CONFIG_USER_NS: enabled
 - CONFIG_SECCOMP: enabled
 - CONFIG_SECCOMP_FILTER: enabled
 - CONFIG_CGROUP_PIDS: enabled
     (cgroup swap accounting is currently enabled)
 - CONFIG_BLK_CGROUP: enabled
 - CONFIG_BLK_DEV_THROTTLING: enabled
 - CONFIG_CGROUP_PERF: enabled
 - CONFIG_CGROUP_HUGETLB: enabled
 - CONFIG_NET_CLS_CGROUP: enabled (as module)
 - CONFIG_CGROUP_NET_PRIO: enabled
 - CONFIG_CFS_BANDWIDTH: enabled
 - CONFIG_FAIR_GROUP_SCHED: enabled
 - CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module)
 - CONFIG_IP_VS: enabled (as module)
 - CONFIG_IP_VS_NFCT: enabled
 - CONFIG_IP_VS_PROTO_TCP: enabled
 - CONFIG_IP_VS_PROTO_UDP: enabled
 - CONFIG_IP_VS_RR: enabled (as module)
 - CONFIG_SECURITY_SELINUX: enabled
 - CONFIG_SECURITY_APPARMOR: enabled
 - CONFIG_NFT_CT: enabled (as module)
 - CONFIG_NFT_FIB_IPV4: enabled (as module)
 - CONFIG_NFT_FIB_IPV6: enabled (as module)
 - CONFIG_NFT_FIB: enabled (as module)
 - CONFIG_NFT_MASQ: enabled (as module)
 - CONFIG_NFT_NAT: enabled (as module)
 - CONFIG_NF_TABLES: enabled (as module)
 - CONFIG_EXT4_FS: enabled
 - CONFIG_EXT4_FS_POSIX_ACL: enabled
 - CONFIG_EXT4_FS_SECURITY: enabled
 - Network Drivers:
   - "overlay":
     - CONFIG_VXLAN: enabled
     - CONFIG_BRIDGE_VLAN_FILTERING: enabled
       Optional (for encrypted networks):
       - CONFIG_CRYPTO: enabled
       - CONFIG_CRYPTO_AEAD: enabled
       - CONFIG_CRYPTO_GCM: enabled
       - CONFIG_CRYPTO_SEQIV: enabled
       - CONFIG_CRYPTO_GHASH: enabled
       - CONFIG_XFRM: enabled
       - CONFIG_XFRM_USER: enabled (as module)
       - CONFIG_XFRM_ALGO: enabled (as module)
       - CONFIG_INET_ESP: enabled (as module)
       - CONFIG_NETFILTER_XT_MATCH_BPF: enabled (as module)
   - "ipvlan":
     - CONFIG_IPVLAN: enabled (as module)
   - "macvlan":
     - CONFIG_MACVLAN: enabled (as module)
     - CONFIG_DUMMY: enabled (as module)
   - "ftp,tftp client in container":
     - CONFIG_NF_NAT_FTP: enabled (as module)
     - CONFIG_NF_CONNTRACK_FTP: enabled (as module)
     - CONFIG_NF_NAT_TFTP: enabled (as module)
     - CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
 - Storage Drivers:
   - "btrfs":
     - CONFIG_BTRFS_FS: enabled (as module)
     - CONFIG_BTRFS_FS_POSIX_ACL: enabled
   - "overlay":
     - CONFIG_OVERLAY_FS: enabled (as module)
   - "zfs":
     - /dev/zfs: present
     - zfs command: missing
     - zpool command: missing
 
 Limits:
 - /proc/sys/kernel/keys/root_maxkeys: 1000000
 
 ##[group]Run docker info
 �[36;1mdocker info�[0m
 shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0}
 env:
   GO_VERSION: 1.24.5
   GOTESTLIST_VERSION: v0.3.1
   TESTSTAT_VERSION: v0.1.25
   ITG_CLI_MATRIX_SIZE: 6
   DOCKER_EXPERIMENTAL: 1
   DOCKER_GRAPHDRIVER: overlayfs
   TEST_INTEGRATION_USE_SNAPSHOTTER: 1
   SETUP_BUILDX_VERSION: edge
   SETUP_BUILDKIT_IMAGE: moby/buildkit:latest
 ##[endgroup]
 Client: Docker Engine - Community
  Version:    28.0.4
  Context:    default
  Debug Mode: false
  Plugins:
   buildx: Docker Buildx (Docker Inc.)
     Version:  v0.26.1
     Path:     /usr/libexec/docker/cli-plugins/docker-buildx
   compose: Docker Compose (Docker Inc.)
     Version:  v2.37.3
     Path:     /usr/libexec/docker/cli-plugins/docker-compose
 
 Server:
  Containers: 0
   Running: 0
   Paused: 0
   Stopped: 0
  Images: 0
  Server Version: 28.0.4
  Storage Driver: overlay2
   Backing Filesystem: extfs
   Supports d_type: true
   Using metacopy: false
   Native Overlay Diff: true
   userxattr: false
  Logging Driver: json-file
  Cgroup Driver: systemd
  Cgroup Version: 2
  Plugins:
   Volume: local
   Network: bridge host ipvlan macvlan null overlay
   Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
  Swarm: inactive
  Runtimes: io.containerd.runc.v2 runc
  Default Runtime: runc
  Init Binary: docker-init
  containerd version: 05044ec0a9a75232cad458027ca83437aae3f4da
  runc version: v1.2.5-0-g59923ef
  init version: de40ad0
  Security Options:
   apparmor
   seccomp
    Profile: builtin
   cgroupns
  Kernel Version: 6.11.0-1018-azure
  Operating System: Ubuntu 24.04.2 LTS
  OSType: linux
  Architecture: x86_64
  CPUs: 4
  Total Memory: 15.62GiB
  Name: pkrvmjbmru5nbw0
  ID: 99adc586-a790-4672-b436-bfce1df3253b
  Docker Root Dir: /var/lib/docker
  Debug Mode: false
  Username: githubactions
  Experimental: true
  Insecure Registries:
   ::1/128
   127.0.0.0/8
  Live Restore Enabled: true

[thaJeztah]

OK, so both are the same, no runners updated 🤔

diff --git a/happy.txt b/sad.txt
index 33e11c8d9..d1059f8d1 100644
--- a/happy.txt
+++ b/sad.txt
@@ -45,7 +45,7 @@
  Digest: sha256:290722aa3281d5caf23d0acdc3dbeb3424786a1a01a9cc97e72f147225e37c38
  Source commit SHA: ea165f8d65b6e75b540449e92b4886f43607fa02
  ##[endgroup]
- Uses: moby/moby/.github/workflows/.test.yml@refs/pull/50591/merge (cb09f210f03f18c76123af427fba772ecbb86530)
+ Uses: moby/moby/.github/workflows/.test.yml@refs/pull/50656/merge (1b31dc2d3a687dfaaef0b108a8fe76f6a718a3d2)
  ##[group] Inputs
    storage: snapshotter
  ##[endgroup]
@@ -82,7 +82,7 @@
  [command]/usr/bin/git version
  git version 2.50.1
  ##[endgroup]
- Temporarily overriding HOME='/home/runner/work/_temp/e36efe12-8945-4c8f-af9d-7d879c1ff5e2' before making global git config changes
+ Temporarily overriding HOME='/home/runner/work/_temp/f0b66cae-0ab1-4cbc-a12d-8206ec455f59' before making global git config changes
  Adding repository directory to the temporary git global config as a safe directory
  [command]/usr/bin/git config --global --add safe.directory /home/runner/work/moby/moby
  Deleting the contents of '/home/runner/work/moby/moby'
@@ -114,17 +114,17 @@
  [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
  ##[endgroup]
  ##[group]Fetching the repository
- [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +cb09f210f03f18c76123af427fba772ecbb86530:refs/remotes/pull/50591/merge
+ [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +1b31dc2d3a687dfaaef0b108a8fe76f6a718a3d2:refs/remotes/pull/50656/merge
  From https://github.com/moby/moby
-  * [new ref]         cb09f210f03f18c76123af427fba772ecbb86530 -> pull/50591/merge
+  * [new ref]         1b31dc2d3a687dfaaef0b108a8fe76f6a718a3d2 -> pull/50656/merge
  ##[endgroup]
  ##[group]Determining the checkout info
  ##[endgroup]
  [command]/usr/bin/git sparse-checkout disable
  [command]/usr/bin/git config --local --unset-all extensions.worktreeConfig
  ##[group]Checking out the ref
- [command]/usr/bin/git checkout --progress --force refs/remotes/pull/50591/merge
- Note: switching to 'refs/remotes/pull/50591/merge'.
+ [command]/usr/bin/git checkout --progress --force refs/remotes/pull/50656/merge
+ Note: switching to 'refs/remotes/pull/50656/merge'.
 
  You are in 'detached HEAD' state. You can look around, make experimental
  changes and commit them, and you can discard any commits you make in this
@@ -141,10 +141,10 @@
 
  Turn off this advice by setting config variable advice.detachedHead to false
 
- HEAD is now at cb09f21 Merge a9d15fc8775f9110814beeb62a95f0806a2b004f into 18940b6c9b7766d783905428b00a70ec6872f3fe
+ HEAD is now at 1b31dc2 Merge a54650c74c8da77d64a52a06b6815bf58bf63c0a into e628fa0409b521371f7898c1c43b39bce6825144
  ##[endgroup]
  [command]/usr/bin/git log -1 --format=%H
- cb09f210f03f18c76123af427fba772ecbb86530
+ 1b31dc2d3a687dfaaef0b108a8fe76f6a718a3d2
  Prepare all required actions
  ##[group]Run ./.github/actions/setup-runner
  env: