16.04 LTS Partition /boot fills up with Kernel images, gets underwear in a twist

Bug #1675079 reported by Bryce Nesbitt on 2017-03-22
44
This bug affects 7 people
Affects Status Importance Assigned to Milestone
unattended-upgrades (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Artful
Undecided
Unassigned
update-manager (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Artful
Undecided
Unassigned

Bug Description

[Impact]

 * Update-manager and unattended-upgrades install many kernel packages during the lifetime of a release but does not remove them automatically leading to those packages filling disk space potentially completely filling /boot and making the system unable to install updates or even boot.
 * Stable release users are impacted by this bug for years and their systems already collected many autoremovable unused kernel packages, thus they would benefit from backporting the fix greatly.
 * The bug is fixed by removing autoremovable (not currently booted) kernel packages when running unattended-upgrades or update-manager. Update manager offers the kernel removals when there are other updates to be installed.

[Test Case]

 1. Install kernel packages to be removed, mark them auto-installed and run apt's kernel hook script to make apt consider them autoremovable:

  sudo apt install -y linux-image-extra-4.4.0-92-generic linux-image-extra-4.4.0-93-generic
  sudo apt-mark auto linux-image-extra-4.4.0-92-generic linux-image-extra-4.4.0-93-generic
  sudo /etc/kernel/postinst.d/apt-auto-removal

 2. Also downgrade a package to be upgraded:

   sudo apt-get install -y --allow-downgrades ca-certificates=20160104ubuntu1

 3. (update-manager). Run update-manager and observe that kernel packages are offered for removal in Details of updates.

  sudo update-manager

 4. (update-manager) Click on Install Now and observe that the kernel packages are removed.

 3. (unattended-upgrades) Run unattended-upgrades manually and observe the removal of the autoremovable kernel packages:

  sudo unattended-upgrade -v

[Regression Potential]

 The change may cause update-manager or unattanded-upgrades to remove used kernel packages or fail to install other package updates.

[Other Info]

The unattended-upgrades fix is uploaded with many other fixes and those may cause regressions in other areas in unattended-upgrades.

[Original bug text]

On a 16.04LTS system, the /boot partition will eventually fill with Kernel images, until the point where "apt-get autoremove" can't complete.

This issue has previously been reported as fixed, but it is not fixed:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1357093

Generally what I see is the final kernel image that fills the drive is incompletely installed (the header package does not make it). "apt-get autoremove" tries to work, but fails. I must manually remove kernel images to free enough space.

I see this on a machine used by my elderly parents, where 'Download and install updates automatically' is set. And on my home machines, where the setting is elsewhere.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unattended-upgrades (Ubuntu):
status: New → Confirmed
Jarno Suni (jarnos) wrote :

Is this more than just a duplicate of Bug #1624644?

Bryce Nesbitt (bryce2) wrote :

Bug #1624644 is a very old one, marked as fixed, with considerable discussion and confusion.

This bug is a clear indication that as of 16.04LTS, a bug exists with /boot filling up. Maybe it's the same cause, maybe it's different cause. This bug is trivial to reproduce: it happens on freshly installed stock no-changes versions of 16.04 if LVM is chosen, and the machine is left idle for 3 or more update cycles.

Jarno Suni (jarnos) wrote :

It is not that old and not marked as fixed.

Do you claim that the bug happens even if no kernel updates are being installed by Software Updater or by e.g. apt, but only by unattended-upgrades?

tags: added: xenial
Jarno Suni (jarnos) on 2017-04-27
tags: added: pecise trusty
tags: removed: pecise trusty
tags: added: full-boot
Jarno Suni (jarnos) wrote :

Could you attach logs in
/var/log/unattended-upgrades/
from such a system?

Jarno Suni (jarnos) wrote :

Also please show the output of:
dpkg-query -Wf'${db:Status-Abbrev} ${Package}\n' | grep -E ' linux-(.*-)?image-[0-9]'

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.0ubuntu1

---------------
unattended-upgrades (1.0ubuntu1) bionic; urgency=medium

  * Merge from Debian unstable
    - Remaining changes:
      - unattended-upgrades: Do not automatically upgrade the development
        release of Ubuntu unless Unattended-Upgrade::DevRelease is true.
    - Dropped changes, included in Debian:
      - Run upgrade-between-snapshots only on amd64.
        The test exercises only unattented-upgrade's Python code and uses
        dependencies from the frozen Debian snapshot archive thus running
        it on all architectures would provide little benefit.

unattended-upgrades (1.0) unstable; urgency=medium

  [ Simon Arlott ]
  * Revert sending mails on WARNINGS when in MailOnlyOnError mode"
  * Consider conffile prompts to be errors (Closes: #852465)
    Flag packages that have to be upgraded manually because of a conffile
    prompt and consider this to be an error when sending email or exiting.

  [ Simon McVittie ]
  * Add python, python3, setuptools, DistutilsExtra to Build-Depends.
    They are needed for `clean`, so Build-Depends-Indep is not enough.
  * Add .gitignore and debian/.gitignore
  * Remove bzr configuration.
    This is unnecessary now that u-u is in git.

  [ Michael Vogt ]
  * unattended-upgrades: tweak mail-on-warnings PR
  * unattended-upgrade: extract is_autoremove_valid helper

  [ Balint Reczey ]
  * Run upgrade-between-snapshots only on amd64.
    The test exercises only unattented-upgrade's Python code and uses
    dependencies from the frozen Debian snapshot archive thus running
    it on all architectures would provide little benefit.
  * Clean up processes started for getting md5 sums
  * Don't keep /var/lib/dpkg/status open multiple times
  * Adjust candidates in UnattendedUpgradesCache.open()
  * Perform autoremovals in minimal steps, too.
    Also add check to remove only the set of packages selected for autoremoval.
    Without that check unattended-upgrades when (by default) configured to
    remove newly unused packages could also remove auto removable packages
    which were unused before starting starting the upgrade step.
  * Remove unused automatically installed kernel packages
    (LP: #1357093, #1624644, #1675079, #1698159)
  * Stop including Python syntax in the report (Closes: #876796)
  * Do not auto remove packages related to the running kernel (LP: #1615381)
  * Check packages to be autoremoved against blacklists, whitelists.
    Also check if the packages are held.
  * Report package removals in the summary email (Closes: #876797)
  * Run upgrade-between-snapshots test with debugging enabled
  * Don't create new UnattendedUpgradesCache for checking for autoremovals
    .open() refreshes the state in each cache_commit(), this is enough
  * Update .pot and .po files
  * Update .travis.yml to actually build and test u-u from the repo
  * Run only a simple installation test on Travis, the system upgrade
    test was always failing

 -- Balint Reczey <email address hidden> Thu, 01 Mar 2018 17:29:33 +0700

Changed in unattended-upgrades (Ubuntu):
status: Confirmed → Fix Released
Łukasz Zemczak (sil2100) wrote :

This bug is linked in update-manager SRUs but does not target update-manager (and is missing SRU information in the description). The bug as written right now does not seem to directly affect update-manger - is that the case?

Balint Reczey (rbalint) wrote :

The same happens with update-manager.

description: updated
Changed in update-manager (Ubuntu):
status: New → Fix Released
Steve Langasek (vorlon) wrote :

Why does the update-manager upload include this code?:

+ running_kernel_version = subprocess.check_output(
+ ["uname", "-r"], universal_newlines=True).rstrip()
+ self.running_kernel_pkgs_regexp = re.compile("(" + "|".join(
+ [("^" + p + ".*" + running_kernel_version)
+ if not p.startswith(".*") else (running_kernel_version + p)
+ for p in apt_versioned_kernel_pkgs]) + ")")
[...]
+ if (pkg.is_auto_removable and
+ (cache.versioned_kernel_pkgs_regexp and
+ cache.versioned_kernel_pkgs_regexp.match(pkg.name) and
+ not cache.running_kernel_pkgs_regexp.match(pkg.name))):
+ kernel_autoremove_pkgs.append(pkg)
+ pkg.mark_delete()

apt already has an implementation in /etc/kernel/postinst.d/apt-auto-removal which ensures that the currently-running kernel is not autoremoved. Why are you duplicating this functionality in update-manager?

Changed in update-manager (Ubuntu Artful):
status: New → Incomplete

On Tue, Mar 27, 2018 at 11:46 PM, Steve Langasek
<email address hidden> wrote:
> Why does the update-manager upload include this code?:
>
> + running_kernel_version = subprocess.check_output(
> + ["uname", "-r"], universal_newlines=True).rstrip()
> + self.running_kernel_pkgs_regexp = re.compile("(" + "|".join(
> + [("^" + p + ".*" + running_kernel_version)
> + if not p.startswith(".*") else (running_kernel_version + p)
> + for p in apt_versioned_kernel_pkgs]) + ")")
> [...]
> + if (pkg.is_auto_removable and
> + (cache.versioned_kernel_pkgs_regexp and
> + cache.versioned_kernel_pkgs_regexp.match(pkg.name) and
> + not cache.running_kernel_pkgs_regexp.match(pkg.name))):
> + kernel_autoremove_pkgs.append(pkg)
> + pkg.mark_delete()
>
> apt already has an implementation in /etc/kernel/postinst.d/apt-auto-
> removal which ensures that the currently-running kernel is not
> autoremoved. Why are you duplicating this functionality in update-
> manager?

The code in apt ensures that the kernel running at the time the last
kernel was installed is not offered for autoremoval but it does not
protect the _currently_ running kernel. The issue is tracked in LP:
#1615381 and unattended-upgrades already uses the same method to
protect the _current_ running kernel.
The proper fix for LP: #1615381 would be too intrusive in apt for
inclusion in Bionic at this stage of the cycle.

Hello Bryce, or anyone else affected,

Accepted update-manager into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/update-manager/1:17.10.14 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in update-manager (Ubuntu Artful):
status: Incomplete → Fix Committed
tags: added: verification-needed verification-needed-artful
Changed in update-manager (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed-xenial
Brian Murray (brian-murray) wrote :

Hello Bryce, or anyone else affected,

Accepted update-manager into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/update-manager/1:16.04.13 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Jarno Suni (jarnos) wrote :

Does this need different kind of verification for Xenial than what I did in Bug #1624644?

description: updated
tags: added: verification-done-xenial
removed: verification-needed-xenial
Jarno Suni (jarnos) wrote :

Oh, the test case seems to be same, marking verified.

Brian Murray (brian-murray) wrote :

Setting to v-done for artful since I did the verification for bug 1624644.

tags: added: verification-done-artful
removed: verification-needed-artful
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package update-manager - 1:16.04.13

---------------
update-manager (1:16.04.13) xenial; urgency=medium

  * Offer removal of unused autoremovable kernel packages
    (LP: #1624644, #1675079)
  * Support package removals in install backends and really remove packages
    (LP: #1624644, #1675079)
  * Keep PEP 8 checks happy
  * Place .keep files in empty directories to keep them when converting the
    repo to git (LP: #1758963)

 -- Balint Reczey <email address hidden> Sun, 25 Mar 2018 20:10:49 +0100

Changed in update-manager (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for update-manager has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package update-manager - 1:17.10.14

---------------
update-manager (1:17.10.14) artful; urgency=medium

  * Offer removal of unused autoremovable kernel packages
    (LP: #1624644, #1675079)
  * Support package removals in install backends and really remove packages
    (LP: #1624644, #1675079)
  * Keep PEP 8 checks happy
  * Place .keep files in empty directories to keep them when converting the
    repo to git (LP: #1758963)

 -- Balint Reczey <email address hidden> Sun, 25 Mar 2018 19:57:57 +0100

Changed in update-manager (Ubuntu Artful):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers