Manual partitioning with encrypted root and unencrypted swap gets stuck

There is an error when configuring an encrypted root with unencrypted swap - specifically when steps are taken to resolve the 'Unsafe swap space detected' message that (rightly) pops up. After triggering that message, no amount of changing partitions around or re-writing the partition table seems to work. Either the message pops up again even with a valid configuration, or the installer fails to mount the partition that is allocated for / (root).

To duplicate the issue, run the installer (I've been using KVM via virt-manager) and go through the install process until disk partitioning.

I used the following for each partition: when prompted "How to use this free space", use "Create a new partition". Size I give in each step below. Type is "Primary" each time, and "Location for the new partition" is "Beginning" each time.

Steps to reproduce:

1. Choose "Manual" partitioning method.

2. Select the disk to be used - ensure any existing partition table is empty or create a new one on the disk when prompted.

3. Add a /boot partition - 512MB ext4, size shouldn't matter.

4. Add a partition, any size, leaving some space for a swap partition. Under "Use As" choose "physical volume for encryption". Leave all the defaults and choose "Done setting up the partition".

5. Add a partition using the remaining space. Under "Use As" choose "swap area".

6. Back in the main "Partition Disks" menu, select "Configure encrypted volumes"

7. When prompted, "Write the changes to disk and configure encrypted volumes?" choose "Yes".

8. Choose "Create encrypted volumes". Select the partition you will use for root - in my KVM instance it is /dev/sda2. Select "Continue" and back at the main "Encryption configuration actions" dialog, choose "Finish".

The installer will pop up a red screen warning that "Unsafe swap space [is] detected". Select "Continue".

9. Pick the swap partition (in my case #3), under "Use as", change it to "physical volume for encryption". Leave all the defaults and select "Done setting up the partition".

10. Choose "Configure encrypted volumes" again back at the main partition menu.

11. Select "Yes" when prompted to "Keep current partition layout and configure encrypted volumes?"

12. Choose "Create encrypted volumes", and select both /dev/sda2 and /dev/sda3 (root, and swap partitions respectively). Choose "Continue" and then "Finish".

Here's the bug. The "Unsafe swap space detected" alert will pop up again, despite there being no configured swap any longer.

I tried to work around it by deleting the third partition entirely, writing the partition table, and then configuring encrypted disks to setup / on the allocated partition. All proceeds well, I can configure an ext4 filesystem on the encrypted /dev/sda2 (sda2_crypt), and add encrypted swap to sda3_crypt.

However, when finalizing the configuration that way, the installer fails with a message "The attempt to mount a file system with type ext4 in Encrypted volume (sda2_crypt) at / failed." At which point I'm prompted to go back to the partitioning menu.

I should also note that this behaviour is reproducible in the Xenial installer as well, so it is not new. I would hazard a guess that it is present in most previous versions that have encryption support built in.