Failed to lock byte 100

Qemu is affected and effectively the trigger, but the fix will have to take place in libvirt - so I added a task but set it to won't fix to reflect that.

This bug was fixed in the package libvirt - 3.6.0-1ubuntu1

---------------
libvirt (3.6.0-1ubuntu1) artful; urgency=medium

  * Merged with Debian unstable (3.6)
    This closes several bugs:
    - aarch64: improved chardev handling (LP: #1697610)
    - Forbid locking memory without memtune (LP: #1708305)
  * Remaining changes:
    - Disable sheepdog (universe dependency)
    - Disable libssh2 support (universe dependency)
    - Disable firewalld support (universe dependency)
    - Disable selinux
    - Set qemu-group to kvm (for compat with older ubuntu)
    - Regularly clear AppArmor profiles for vms that no longer exist
    - Additional apport package-hook
    - Modifications to adapt for our delayed switch away from libvirt-bin (can
      be dropped >18.04).
      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
        to old service name so that old references work
      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
        to old service name so that old references work
      + d/control: transitional package with the old name and maintainer
        scripts to handle the transition
    - Backwards compatible handling of group rename (can be dropped >18.04).
    - config details and autostart of default bridged network. Creating that is
      now the default in general, yet our solution provides the following on
      top as of today:
      + nat only on some ports <port start='1024' end='65535'/>
      + autostart the default network by default
      + do not autostart if 192.168.122.0 is already taken (e.g. in containers)
    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
      the group based access to libvirt functions as it was used in Ubuntu
      for quite long.
      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
        due to the group access change.
    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
      which provided a separate kvm-spice.
    - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
      section that adapts the path of the emulator to the Debian/Ubuntu
      packaging is kept.
    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
      set VRAM to minimum requirements
    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
    - Add libxl log directory
    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
      Xen dom0 via user profile (was missing on changelogs before)
    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
      included_files to avoid build failures due to duplicate definitions.
    - Update README.Debian with Ubuntu changes
    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
    - Enable some additional features on ppc64el and s390x (for arch parity)
      + systemtap, zfs, numa and numad on s390x.
      + systemtap on ppc64el.
    - fix conffile upgrade handling to avoid obsolete files
      and inactive duplica...

Affects Artful and Bionic

Here is published fix for qemu:

https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg06405.html

Hi kvaps, what you reported is a particular discussion on the handling of snapshots.
The bug here was the general introduction of image locking that caused some issues in formerly working cases.

The patch you referred to never made it upstream and that indicates that there was either another solution or it was found that it is actually a config/setup issue.
In fact I have neither found a similar change/title since then in git.

Would you mind filing this as a new Launchpad bug to keep the discussion separate.
There I'd be happy if you could outline steps to reproduce the issue with snapshot usage that formerly worked.

If you happen to find how the discussion continued in another thread please add it there too.

 I have just faced that bug after upgrade from ubuntu 16.04 to 18.04.1.

 I create VMs with qcow2 volumes backed by physical raw drives. Now it is unable to create VM via virt-install because of "unable to lock byte 100" bug. So, since libvirt version in 18.04.1 is already 4.0.0, is there a regression since 3.6 or what?

 Any working workaround is very appreciated. Can I shut down that locking? I don't need it at all.

Problem is just in qcow2 backed by physical drives, -- if no backing file of it is just a file then all is ok. So, is it possible to disable locking in such cases?

"Solved" it. Added "/dev/sd* rk" in /etc/apparmor.d/abstractions/libvirt-qemu.

A similar error occurs when creating an arm virtual machine with libvirt 8.0.0 on jammy. I get the "qemu-system-arm: Failed to lock byte 100" at the beginning of installation. journalctl shows that apparmor denied the file_lock operation for /usr/share/AAVMF/AAVMF32_CODE.fd.

This bug has been fixed upstream. See https://gitlab.com/libvirt/libvirt/-/commit/2b98d5d91d95087d8a96d6450fa96414ed05ba5c. It, and related bugs, can be fixed with the attached patch. This brings the file_lock permissions in line with the current master branch of libvirt.

Hello and thanks for this bug report. Given that we are many versions away from the libvirt version this bug was filed for I filed a separate bug report for the issue you reported, LP #1989078. I subscribed you to it and pointed to your original comment. Thanks for raising the issue and for pointing to the correct upstream patch.

I just encountered this on Focal/ARM64.

Applying https://gitlab.com/libvirt/libvirt/-/commit/2b98d5d91d95087d8a96d6450fa96414ed05ba5c and restarting the services fixed the issue:

systemctl reload apparmor.service; systemctl restart libvirtd

ii libvirt-clients 6.0.0-0ubuntu8.16 arm64 Programs for the libvirt library
ii libvirt-daemon 6.0.0-0ubuntu8.16 arm64 Virtualization daemon
ii libvirt-daemon-driver-qemu 6.0.0-0ubuntu8.16 arm64 Virtualization daemon QEMU connection driver
ii libvirt-daemon-driver-storage-rbd 6.0.0-0ubuntu8.16 arm64 Virtualization daemon RBD storage driver
ii libvirt-daemon-system 6.0.0-0ubuntu8.16 arm64 Libvirt daemon configuration files
ii libvirt-daemon-system-systemd 6.0.0-0ubuntu8.16 arm64 Libvirt daemon configuration files (systemd)
ii libvirt0:arm64 6.0.0-0ubuntu8.16 arm64 library for interfacing with different virtualization systems

You are right Alan, thanks for the ping.
That is already handled in bug 1989078 which fixed it for Jammy, but is also needed for Focal.
Please track and/or chime in there for the further steps.