podman: Using "--preserve-fds" sometimes prints "Error: error attaching to container" ... "read unixpacket @->/proc/self/fd/16/attach: read: connection reset by peer"

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

When using podman run with the command-line option --preserve-fds I sometimes see this error message

Error: error attaching to container 74939f1723c3d69ca3632b7a859b4c89d2da663767aa1e0ed6070e712cef2a5c: read unixpacket @->/proc/self/fd/16/attach: read: connection reset by peer

I ran the same command twice. Only one time the error message was shown.

Steps to reproduce the issue:

1. Create a new user account

[root@fedora ~]# useradd -m erikdev2
[root@fedora ~]# machinectl shell erikdev2@
Connected to the local host. Press ^] three times within 1s to exit session.
[erikdev2@fedora ~]$ 

1. Pull the image docker.io/library/fedora

[erikdev2@fedora ~]$ podman pull docker.io/library/fedora
Trying to pull docker.io/library/fedora:latest...
Getting image source signatures
Copying blob b9705287bb9f done  
Copying config dce66322d6 done  
Writing manifest to image destination
Storing signatures
dce66322d6472e195c624cd3bd0c6c13918c00d1022c653a95341491a1597f52
[erikdev2@fedora ~]$

1. Run these commands

[erikdev2@fedora ~]$ echo hello > file.txt
[erikdev2@fedora ~]$ echo | podman run --security-opt label=disable  --rm -i --preserve-fds 1 --pull=never docker.io/library/fedora sh -c "cat <&3" 3< file.txt
hello
[erikdev2@fedora ~]$ echo | podman run --security-opt label=disable  --rm -i --preserve-fds 1 --pull=never docker.io/library/fedora sh -c "cat <&3" 3< file.txt
hello
Error: error attaching to container 74939f1723c3d69ca3632b7a859b4c89d2da663767aa1e0ed6070e712cef2a5c: read unixpacket @->/proc/self/fd/16/attach: read: connection reset by peer
[erikdev2@fedora ~]$ 

Describe the results you received:

I see the error message

Error: error attaching to container 74939f1723c3d69ca3632b7a859b4c89d2da663767aa1e0ed6070e712cef2a5c: read unixpacket @->/proc/self/fd/16/attach: read: connection reset by peer

Describe the results you expected:

I didn’t expect to see the error message.

Additional information you deem important (e.g. issue happens only occasionally):

It is not deterministic. I created a new user erikdev3 and followed the same steps. Now the result was: first four times with the error message, and then one time without the error message.

[erikdev3@fedora ~]$ echo | podman run --security-opt label=disable  --rm -i --preserve-fds 1 --pull=never docker.io/library/fedora sh -c "cat <&3" 3< file.txt
hello
Error: error attaching to container a7af2de9d3e1d13a65f663c10bff87dcc8413f5060719c2d53f1b72370c45bd9: read unixpacket @->/proc/self/fd/16/attach: read: connection reset by peer
[erikdev3@fedora ~]$ echo | podman run --security-opt label=disable  --rm -i --preserve-fds 1 --pull=never docker.io/library/fedora sh -c "cat <&3" 3< file.txt
hello
Error: error attaching to container 44cf91df37d32d585bdc5ea6c53097d5850b3f6da0901da29ad23265d93bd8f3: read unixpacket @->/proc/self/fd/16/attach: read: connection reset by peer
[erikdev3@fedora ~]$ echo | podman run --security-opt label=disable  --rm -i --preserve-fds 1 --pull=never docker.io/library/fedora sh -c "cat <&3" 3< file.txt
hello
Error: error attaching to container cfbf8939df37a06e70b98488ea4c8432fce2d1448a93e636b94beb1ec6a3ab47: read unixpacket @->/proc/self/fd/16/attach: read: connection reset by peer
[erikdev3@fedora ~]$ echo | podman run --security-opt label=disable  --rm -i --preserve-fds 1 --pull=never docker.io/library/fedora sh -c "cat <&3" 3< file.txt
hello
Error: error attaching to container 0627b1600dfab91ac80a554fb422628635d8886c8230ebf6b8d9eb6743a8bac1: read unixpacket @->/proc/self/fd/16/attach: read: connection reset by peer
[erikdev3@fedora ~]$ echo | podman run --security-opt label=disable  --rm -i --preserve-fds 1 --pull=never docker.io/library/fedora sh -c "cat <&3" 3< file.txt
hello
[erikdev3@fedora ~]$ 

Output of podman version:

podman version 3.3.1

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.22.3
  cgroupControllers: []
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.0.29-2.fc34.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.29, commit: '
  cpus: 16
  distribution:
    distribution: fedora
    version: "34"
  eventLogger: journald
  hostname: fedora
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1003
      size: 1
    - container_id: 1
      host_id: 296608
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1003
      size: 1
    - container_id: 1
      host_id: 296608
      size: 65536
  kernel: 5.13.13-200.fc34.x86_64
  linkmode: dynamic
  memFree: 5732679680
  memTotal: 7689117696
  ociRuntime:
    name: crun
    package: crun-1.0-1.fc34.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.0
      commit: 139dc6971e2f1d931af520188763e984d6cdfbf8
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1003/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.12-2.fc34.x86_64
    version: |-
      slirp4netns version 1.1.12
      commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.0
  swapFree: 7688155136
  swapTotal: 7688155136
  uptime: 1h 12m 54.02s (Approximately 0.04 days)
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /home/erikdev2/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/erikdev2/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 1
  runRoot: /run/user/1003/containers
  volumePath: /home/erikdev2/.local/share/containers/storage/volumes
version:
  APIVersion: 3.3.1
  Built: 1630356396
  BuiltTime: Mon Aug 30 23:46:36 2021
  GitCommit: ""
  GoVersion: go1.16.6
  OsArch: linux/amd64
  Version: 3.3.1

Package info (e.g. output of rpm -q podman or apt list podman):

podman-3.3.1-1.fc34.x86_64

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

I was logged in to the computer via SSH.