Ubuntu
update-manager package

apt broken by unattended upgrade in Ubuntu 19.10

Bug #1855259 reported by Urop
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
update-manager (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

I've got this issue on a fresh (last week) Ubuntu-server 19.10 install, with gnome-session installed on top.

From history.log:

Start-Date: 2019-12-04 06:24:37
Commandline: /usr/bin/unattended-upgrade
Install: linux-image-5.3.0-24-generic:amd64 (5.3.0-24.26, automatic), linux-headers-5.3.0-24-generic:amd64 (5.3.0-24.26, automatic), linux-modules-extra-5.3.0-24-generic:amd64 (5.3.0-24.26, automatic), linux-headers-5.3.0-24:amd64 (5.3.0-24.26, automatic), linux-modules-5.3.0-24-generic:amd64 (5.3.0-24.26, automatic)
Upgrade: linux-headers-generic:amd64 (5.3.0.23.27, 5.3.0.24.28), linux-image-generic:amd64 (5.3.0.23.27, 5.3.0.24.28), linux-generic:amd64 (5.3.0.23.27, 5.3.0.24.28)
Error: Sub-process /usr/bin/dpkg returned an error code (1)
End-Date: 2019-12-04 06:25:04 get this error

From term.log:

Log started: 2019-12-04 06:24:37
Selecting previously unselected package linux-modules-5.3.0-24-generic.
(Reading database ... 162957 files and directories currently installed.)
Preparing to unpack .../0-linux-modules-5.3.0-24-generic_5.3.0-24.26_amd64.deb ...
Unpacking linux-modules-5.3.0-24-generic (5.3.0-24.26) ...
dpkg: error processing archive /tmp/apt-dpkg-install-Axvsef/0-linux-modules-5.3.0-24-generic_5.3.0-24.26_amd64.deb (--unpack):
 unable to create new file '/var/lib/dpkg/info/linux-modules-5.3.0-24-generic.list-new': Operation not permitted
dpkg (subprocess): unable to execute rm command for cleanup (rm): Operation not permitted
dpkg: error while cleaning up:
 rm command for cleanup subprocess returned error exit status 2
Selecting previously unselected package linux-image-5.3.0-24-generic.
Preparing to unpack .../1-linux-image-5.3.0-24-generic_5.3.0-24.26_amd64.deb ...
Unpacking linux-image-5.3.0-24-generic (5.3.0-24.26) ...
Selecting previously unselected package linux-modules-extra-5.3.0-24-generic.
Preparing to unpack .../2-linux-modules-extra-5.3.0-24-generic_5.3.0-24.26_amd64.deb ...
Unpacking linux-modules-extra-5.3.0-24-generic (5.3.0-24.26) ...
dpkg: error processing archive /tmp/apt-dpkg-install-Axvsef/2-linux-modules-extra-5.3.0-24-generic_5.3.0-24.26_amd64.deb (--unpack):
 unable to open '/lib/modules/5.3.0-24-generic/kernel/net/wireless/lib80211.ko.dpkg-new': Operation not permitted
Preparing to unpack .../3-linux-generic_5.3.0.24.28_amd64.deb ...
Unpacking linux-generic (5.3.0.24.28) over (5.3.0.23.27) ...
Preparing to unpack .../4-linux-image-generic_5.3.0.24.28_amd64.deb ...
Unpacking linux-image-generic (5.3.0.24.28) over (5.3.0.23.27) ...
Selecting previously unselected package linux-headers-5.3.0-24.
Preparing to unpack .../5-linux-headers-5.3.0-24_5.3.0-24.26_all.deb ...
Unpacking linux-headers-5.3.0-24 (5.3.0-24.26) ...
dpkg: error processing archive /tmp/apt-dpkg-install-Axvsef/5-linux-headers-5.3.0-24_5.3.0-24.26_all.deb (--unpack):
 unable to create new file '/var/lib/dpkg/info/linux-headers-5.3.0-24.list-new': Operation not permitted
Selecting previously unselected package linux-headers-5.3.0-24-generic.
Preparing to unpack .../6-linux-headers-5.3.0-24-generic_5.3.0-24.26_amd64.deb ...
Unpacking linux-headers-5.3.0-24-generic (5.3.0-24.26) ...
Preparing to unpack .../7-linux-headers-generic_5.3.0.24.28_amd64.deb ...
Unpacking linux-headers-generic (5.3.0.24.28) over (5.3.0.23.27) ...
Errors were encountered while processing:
 /tmp/apt-dpkg-install-Axvsef/0-linux-modules-5.3.0-24-generic_5.3.0-24.26_amd64.deb
 /tmp/apt-dpkg-install-Axvsef/2-linux-modules-extra-5.3.0-24-generic_5.3.0-24.26_amd64.deb
 /tmp/apt-dpkg-install-Axvsef/5-linux-headers-5.3.0-24_5.3.0-24.26_all.deb
Log ended: 2019-12-04 06:25:04

Try to fix it, following apt instructions. From term.log:

Start-Date: 2019-12-04 23:32:41
Commandline: apt --fix-broken install
Requested-By: ### (1000)
Install: linux-modules-extra-5.3.0-24-generic:amd64 (5.3.0-24.26, automatic)
Upgrade: linux-headers-5.3.0-24:amd64 (5.3.0-24.26, 5.3.0-24.26), linux-modules-5.3.0-24-generic:amd64 (5.3.0-24.26, 5.3.0-24.26)
Error: Sub-process /usr/bin/dpkg returned an error code (1)
End-Date: 2019-12-04 23:33:01

From history.log:

Log started: 2019-12-04 23:32:41
(Reading database ... 174863 files and directories currently installed.)
Preparing to unpack .../linux-modules-5.3.0-24-generic_5.3.0-24.26_amd64.deb ...
Unpacking linux-modules-5.3.0-24-generic (5.3.0-24.26) over (5.3.0-24.26) ...
Preparing to unpack .../linux-modules-extra-5.3.0-24-generic_5.3.0-24.26_amd64.deb ...
Unpacking linux-modules-extra-5.3.0-24-generic (5.3.0-24.26) ...
dpkg: error processing archive /var/cache/apt/archives/linux-modules-extra-5.3.0-24-generic_5.3.0-24.26_amd64.deb (--unpack):
 unable to open '/lib/modules/5.3.0-24-generic/kernel/sound/soc/codecs/snd-soc-rt5640.ko.dpkg-new': Operation not permitted
Preparing to unpack .../linux-headers-5.3.0-24_5.3.0-24.26_all.deb ...
Unpacking linux-headers-5.3.0-24 (5.3.0-24.26) over (5.3.0-24.26) ...
Errors were encountered while processing:
 /var/cache/apt/archives/linux-modules-extra-5.3.0-24-generic_5.3.0-24.26_amd64.deb
Log ended: 2019-12-04 23:33:01

Fails. Tried apt clean, apt autoclean, to no avail. apt is now broken.

Revision history for this message
Urop (urop) wrote :

For info, when I run "sudo apt --fix-broken install" it sometimes fails with a segmentation fault. Also, it seems to report "Operation not permitted" errors on a different drivers each time I run it. It's not repeatable.

Is there a way that I can uninstall the 5.3.0-24 kernel (apt purge doesn't work) and then blacklist it to prevent automatically upgrading to it again, so that I can continue to use apt until this issue has been fixed?

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in update-manager (Ubuntu):
status: New → Confirmed
Revision history for this message
Mike (t0mm1gun) wrote :

Hi,

I have totally the same issue. Nothing helps at the moment.
Any suggestions how to fix?

Thank you in advance!

Revision history for this message
Alexander Herriott (herriott101) wrote :

Hi,

Same error.

I get a similar result when I try to install:

udo apt-get install linux-modules-extra-5.3.0-24-genericReading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed
  linux-modules-extra-5.3.0-24-generic
0 to upgrade, 1 to newly install, 0 to remove and 0 not to upgrade.
8 not fully installed or removed.
Need to get 0 B/38.1 MB of archives.
After this operation, 188 MB of additional disk space will be used.
(Reading database ... 225829 files and directories currently installed.)
Preparing to unpack .../linux-modules-extra-5.3.0-24-generic_5.3.0-24.26_amd64.deb ...
Unpacking linux-modules-extra-5.3.0-24-generic (5.3.0-24.26) ...
dpkg: error processing archive /var/cache/apt/archives/linux-modules-extra-5.3.0-24-generic_5.3.0-24.26_amd64.deb (--unpack):
 unable to open '/lib/modules/5.3.0-24-generic/kernel/drivers/media/common/videobuf2/videobuf2-memops.ko.dpkg-new': Operation not permitted
Errors were encountered while processing:
 /var/cache/apt/archives/linux-modules-extra-5.3.0-24-generic_5.3.0-24.26_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

Revision history for this message
Urop (urop) wrote :

In case these are in any way relevant (I have no idea):

- I have secure boot enabled.
- Prior to encountering this issue, I had recently installed the nvidia-driver-435 package.

On another computer, also running a fresh Ubuntu 19.10 server install with gnome-session on top, with secure boot enabled but *without* the nvidia-driver-435 package installed, I haven't encountered this problem.

Revision history for this message
Mike (t0mm1gun) wrote :

I do not know, if it make sense or related. But, previously, I have install Ubuntu 19.10 with option "Install on zfs (Experimental)". I have just reinstall OS using ext4 and upgraded with not issues.

Revision history for this message
Urop (urop) wrote :

My system was installed using the LVM with full-disk encryption option of the alternative installer, and uses the default ext4 filesystem, so the filesystem doesn't appear to the problem.

I previously reported that I didn't have the problem on a system with a very similar software setup, but without the nvidia-driver-435 package installed. However, I did unexpectedly encounter a very similar error on that machine yesterday when installing the youtube-dl package. apt failed during install of the package. Fortunately, this time, it was fixable. Running the `apt update` and `apt full-upgrade` was sufficient to sort it out.

This should be marked as important and as a security issue, because I haven't had any security updates (well, any updates!) in a week now because of it.

Revision history for this message
Roger Yu (sciencefire) wrote :

I think I figured out a partial solution.

I found a similar bug report here on Launchpad, Bug #1739991. I turned off Sophos real-time scanning, and I was able to successfully run 'sudo apt --fix-broken install'. It seems like there are multiple causes for this issue, but I hope this helps somewhat.

Revision history for this message
Urop (urop) wrote :

Yes! I can't thank you enough. Sophos AV was the culprit. The following was able to get my system fully updated again:

sudo systemctl stop sav-protect.service
sudo apt --fix-broken install
sudo apt update
sudo apt full-upgrade
sudo apt autoremove
sudo systemctl start sav-protect.service

I'll have to report this to Sophos. The reason for using Sophos was its on-demand scanning. If I have to permanently disable it to prevent it from breaking kernel updates, then that's far from ideal. I'll have to switch to a different AV product.

Revision history for this message
Paulo Bueno Bruno (paulob.bruno) wrote :

Nice tks!
Same error and Sophos was the responsible

Revision history for this message
Urop (urop) wrote :

Paulo, please note:

a) Repairing a system using the steps in comment #9 doesn't address the underlying problem, and so it could potentially break again.

b) Sophos doesn't support newer kernels and Ubuntu 19.10 is explicitly not supported at present. While it mostly works, their released Talpa on-access scanning component does not successfully compile for Ubuntu 19.10, and so Sophos falls back to using fanotify for that functionality (if support for it is available in the kernel). So, it turns out that the root cause of this particular problem is either a bug in fanotify itself, or a bug in the way Sophos is using it. (I couldn't say which.) A patch for Sophos' Talpa component that will supposedly get it compiling and working on 19.10 is apparently available, but I haven't tried it myself: https://github.com/sophos/talpa/issues/17 More details can be found here: https://community.sophos.com/products/server-protection-integration/f/sophos-anti-virus-for-linux-basic/117256/sav-protect-service-breaks-system-updates-on-ubuntu

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.