Systemd update installation hangs in unattended-upgrades InstallOnShutdown mode

that's really really really bad!

_systemctl try-restart systemd-journald.service || true

_must_ not hang, it should either succeed or fail. that is the whole point of try-restart....

I wonder if `--no-block` would help here, but that's also a bandaid. Imho systemctl/systemd itself shouldn't be able to hang systems like that and like should reject this job submission if it will be impossible to complete.

systemctl(1) does not say that try-restart must not hang and --no-block in maintainer scripts would make maintainer scripts continue and execute actions in highly unpredictable states.

@ Security team please consider uploading the attached debdiff as 237-3ubuntu10.7 into security pocket to resolve hangs on shutdown when applying updates on shutdown.

Hello Balint, or anyone else affected,

Accepted systemd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.8 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

This bug was fixed in the package systemd - 237-3ubuntu10.9

---------------
systemd (237-3ubuntu10.9) bionic-security; urgency=medium

  [ Chris Coulson ]
  * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
    - debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
      resolve this completely
    - CVE-2018-6954

  [ Balint Reczey ]
  * Fix LP: #1803391 - Skip daemon-reexec and try-restarts during shutdown
    - update debian/systemd.postinst

 -- Chris Coulson <email address hidden> Thu, 15 Nov 2018 20:45:11 +0000

This bug was fixed in the package systemd - 239-7ubuntu10.4

---------------
systemd (239-7ubuntu10.4) cosmic-security; urgency=medium

  [ Chris Coulson ]
  * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
    - debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
      resolve this completely
    - CVE-2018-6954

  [ Balint Reczey ]
  * Fix LP: #1803391 - Skip daemon-reexec and try-restarts during shutdown
    - update debian/systemd.postinst

 -- Chris Coulson <email address hidden> Thu, 15 Nov 2018 20:42:32 +0000

The upgrade on Xenial fails in udev.postint, the attached patch should fix that. (Under test)

Should better be this patch.

That last patch works for me on Xenial and fixes the upgrade.

This bug was fixed in the package systemd - 229-4ubuntu21.10

---------------
systemd (229-4ubuntu21.10) xenial-security; urgency=medium

  [ Chris Coulson ]
  * Revert the fixes for CVE-2018-6954 for causing a regression when running
    in a container on old kernels (LP: #1804847)
    - update debian/patches/series

  [ Balint Reczey ]
  * Fix LP: #1803391 - Don't always trigger systemctl stop of udev service
    and sockets
    - update debian/udev.postinst

 -- Chris Coulson <email address hidden> Tue, 27 Nov 2018 11:10:48 +0000

This bug was fixed in the package systemd - 239-7ubuntu14

---------------
systemd (239-7ubuntu14) disco; urgency=medium

  * Fix compat with new meson.
    File: debian/patches/meson-rename-Ddebug-to-Ddebug-extra.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3b764ec1b76768a8c40635019fa5a8acb81b223e

 -- Dimitri John Ledkov <email address hidden> Thu, 29 Nov 2018 16:53:00 +0000

Is it normal it's still happening with latest ubuntu 18.04?
I noticed that if I have the NFS /home mounted, then Systemd hangs. If I ssh as root and unmount /home then the update succeed. Do you think it's the same bug?

@me-b7 This does not seem to be related. Please open a new bug and attach relevant logs to see what causes the hang.

I have this problem with Ubuntu 18.04 system set up with 'encrypted LVM' (standard Ubuntu recipe as per the alternate installer). Whenever there is systemd upgrade it hangs (whole machine crashes - other logins not possible) and has to be manually rebooted (which is not ideal as the machine is 1500 miles away). Note the installed version of systemd seems to be 237-3ubuntu10.42, obviously I am unable to update it.

I have another machine also Ubuntu 18.04 system set up with 'encrypted LVM' which has systemd 237-3ubuntu10.43 and does not have this problem.

Latest instance of this problem:
# apt upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  libnss-systemd libpam-systemd libsystemd0 systemd
4 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 3,414 kB of archives.
After this operation, 7,168 B of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://archive.ubuntu.com/ubuntu bionic-updates/main i386 libnss-systemd i386 237-3ubuntu10.43 [111 kB]
Get:2 http://archive.ubuntu.com/ubuntu bionic-updates/main i386 libpam-systemd i386 237-3ubuntu10.43 [114 kB]
Get:3 http://archive.ubuntu.com/ubuntu bionic-updates/main i386 systemd i386 237-3ubuntu10.43 [2,964 kB]
Get:4 http://archive.ubuntu.com/ubuntu bionic-updates/main i386 libsystemd0 i386 237-3ubuntu10.43 [225 kB]
Fetched 3,414 kB in 1s (3,309 kB/s)
(Reading database ... 151099 files and directories currently installed.)
Preparing to unpack .../libnss-systemd_237-3ubuntu10.43_i386.deb ...
Unpacking libnss-systemd:i386 (237-3ubuntu10.43) over (237-3ubuntu10.42) ...
Preparing to unpack .../libpam-systemd_237-3ubuntu10.43_i386.deb ...
Unpacking libpam-systemd:i386 (237-3ubuntu10.43) over (237-3ubuntu10.42) ...
Preparing to unpack .../systemd_237-3ubuntu10.43_i386.deb ...
Unpacking systemd (237-3ubuntu10.43) over (237-3ubuntu10.42) ...
Preparing to unpack .../libsystemd0_237-3ubuntu10.43_i386.deb ...
Unpacking libsystemd0:i386 (237-3ubuntu10.43) over (237-3ubuntu10.42) ...
Setting up libsystemd0:i386 (237-3ubuntu10.43) ...
Setting up systemd (237-3ubuntu10.43) ...

[system dies]

TTFN:
To add to (and correct) my earlier comments: after the updating shown there, the machine had to be rebooted manually. Checking /var/log/apt/term.log it appears that the upgrade did complete successfully:

Log started: 2021-01-07 13:28:19
(Reading database ... 151099 files and directories currently installed.)
Preparing to unpack .../libnss-systemd_237-3ubuntu10.43_i386.deb ...
Unpacking libnss-systemd:i386 (237-3ubuntu10.43) over (237-3ubuntu10.42) ...
Preparing to unpack .../libpam-systemd_237-3ubuntu10.43_i386.deb ...
Unpacking libpam-systemd:i386 (237-3ubuntu10.43) over (237-3ubuntu10.42) ...
Preparing to unpack .../systemd_237-3ubuntu10.43_i386.deb ...
Unpacking systemd (237-3ubuntu10.43) over (237-3ubuntu10.42) ...
Preparing to unpack .../libsystemd0_237-3ubuntu10.43_i386.deb ...
Unpacking libsystemd0:i386 (237-3ubuntu10.43) over (237-3ubuntu10.42) ...
Setting up libsystemd0:i386 (237-3ubuntu10.43) ...
Setting up systemd (237-3ubuntu10.43) ...
Setting up libnss-systemd:i386 (237-3ubuntu10.43) ...
Setting up libpam-systemd:i386 (237-3ubuntu10.43) ...
Processing triggers for libc-bin (2.27-3ubuntu1.4) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for dbus (1.12.2-1ubuntu1.2) ...
Processing triggers for ureadahead (0.100.0-21) ...
Log ended: 2021-01-07 13:29:10

... this even though the (ssh) interface died at the point where systemd was being set up. The system now runs systemd 237-3ubuntu10.43. But based on past experience I think the same thing will happen the next time there is a version upgrade of systemd.

my problem is I think likely better covered by https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1782709

@dominic-timedicer Yes, way more likely. You can blacklist systemd in unattended-upgrades to avoid upgrading it unattended until LP:1782709 gets solved.

When i do upgrade form 18.04 to 20.04 with do-release-upgrade my system reboots on systemctl daemon-reexec from /var/lib/dpkg/info/systemd.postinst code:
```
# skip daemon-reexec and try-restarts during shutdown to avoid hitting LP: #1803391
if [ -n "$2" ] && [ "$(systemctl is-system-running)" != "stopping" ]; then
    _systemctl daemon-reexec || true
    # don't restart logind; this can be done again once this gets implemented:
    # https://github.com/systemd/systemd/issues/1163
    _systemctl try-restart systemd-networkd.service || true
    _systemctl try-restart systemd-resolved.service || true
    _systemctl try-restart systemd-journald.service || true
fi
```

command systemctl is-system-running return degradated.

If i execute systemctl daemon-reexec from hand while do-release-upgrade waiting for accept changes on journald.conf, my system hangs.

There is strace -ff systemctl daemon-reexec: https://pastebin.ubuntu.com/p/SkYnx8fdts/