package qemu-kvm-extras-static 0.12.3+noroms-0ubuntu9.9 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

Thanks for taking the time to submit this bug and helping to make Ubuntu better.

It looks like procps is failing to set your sysctls. Could you paste the contents of your /etc/sysctl.conf and all *.conf files under /etc/sysctl.d to this bug?

---
Ubuntu Bug Squad volunteer triager
http://wiki.ubuntu.com/BugSquad

Hi Serge,

Sorry for the late reply. Here they are:

john@localhost:~$ cat /etc/sysctl.conf
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 4 4 1 7

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
#net.ipv6.conf.all.forwarding=1

###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Ignore ICMP broadcasts
#net.ipv4.icmp_echo_ignore_broadcasts = 1
#
# Ignore bogus ICMP errors
#net.ipv4.icmp_ignore_bogus_error_responses = 1
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
sched_compat_yield = 1

john@localhost:/etc/sysctl.d$ for conf in $(ls /etc/sysctl.d/*.conf); do echo -e "\n$conf:\n"; cat $conf; done; echo -e "\n"

/etc/sysctl.d/10-console-messages.conf:

# the following stops low-level messages on console
kernel.printk = 4 4 1 7

/etc/sysctl.d/10-network-security.conf:

# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks.
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1

# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
# of TCP functionality/features under normal conditions. When flood
# protections kick in under high unanswered-SYN load, the system
# should remain more stable, with a trade off of some loss of TCP
# functionality/features (e.g. TCP Window scaling).
net.ipv4.tcp_syncookies=1

/etc/sysctl.d/10-zeropage.conf:

# Protect the zero page of memory from userspace mmap to prevent kernel
# NULL-dereference attacks against potential future kernel security
# vulnerabilities. (Added in kernel 2.6.23.)
#
# While this default is built in...

Thanks much for the info. I'm sorry, I don't think there is any problem
there after all. I can confirm I see an error message from
update-binfmts about /var/lib/binfmts/arm when I install
qemu-kvm-extras-static on lucid.

Marking invalid for oneiric since arm emulation is no longer handled by qemu-kvm since natty. Marking confirmed for lucid and maverick.

(Sorry for the duplicate to bug 804105)

No, the arm error is a real bug (postinst should be removing the binfmt named 'qemu-arm', not 'arm') but should cause no harm. I can't reproduce the exit code of 1 or the failure to start procps.

Yours really is because procps is not starting correctly.

Can you show what happens when you just do

    sudo start procps

?

(Leaving status 'confirmed' as there at least two reporters)

start: Job failed to start

On Fri, Jul 1, 2011 at 1:00 PM, Serge Hallyn <email address hidden>wrote:

> (Leaving status 'confirmed' as there at least two reporters)
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (804105).
> https://bugs.launchpad.net/bugs/799858
>
> Title:
> package qemu-kvm-extras-static 0.12.3+noroms-0ubuntu9.9 failed to
> install/upgrade: subprocess installed post-installation script
> returned error exit status 1
>
> Status in “qemu-kvm” package in Ubuntu:
> Invalid
> Status in “qemu-kvm” source package in Lucid:
> Confirmed
> Status in “qemu-kvm” source package in Maverick:
> Confirmed
>
> Bug description:
> Binary package hint: qemu-kvm
>
> A result of the update maybe?
>
> ProblemType: Package
> DistroRelease: Ubuntu 10.04
> Package: qemu-kvm-extras-static 0.12.3+noroms-0ubuntu9.9
> ProcVersionSignature: Ubuntu 2.6.32-32.62-generic 2.6.32.38+drm33.16
> Uname: Linux 2.6.32-32-generic x86_64
> NonfreeKernelModules: nvidia
> AptOrdering: qemu-kvm-extras-static: Configure
> Architecture: amd64
> Date: Tue Jun 21 02:09:59 2011
> ErrorMessage: subprocess installed post-installation script returned error
> exit status 1
> KvmCmdLine: Error: command ['ps', '-C', 'kvm', '-F'] failed with exit code
> 1: UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
> MachineType: LENOVO 7665DS2
> PccardctlIdent:
> Socket 0:
> no product info available
> PccardctlStatus:
> Socket 0:
> no card
> ProcCmdLine: BOOT_IMAGE=/vmlinuz-2.6.32-32-generic
> root=/dev/mapper/vg-root ro vga=789 quiet splash
> SourcePackage: qemu-kvm
> Title: package qemu-kvm-extras-static 0.12.3+noroms-0ubuntu9.9 failed to
> install/upgrade: subprocess installed post-installation script returned
> error exit status 1
> dmi.bios.date: 12/27/2007
> dmi.bios.vendor: LENOVO
> dmi.bios.version: 7LETA9WW (2.09 )
> dmi.board.name: 7665DS2
> dmi.board.vendor: LENOVO
> dmi.board.version: Not Available
> dmi.chassis.asset.tag: No Asset Information
> dmi.chassis.type: 10
> dmi.chassis.vendor: LENOVO
> dmi.chassis.version: Not Available
> dmi.modalias:
> dmi:bvnLENOVO:bvr7LETA9WW(2.09):bd12/27/2007:svnLENOVO:pn7665DS2:pvrThinkPadT61:rvnLENOVO:rn7665DS2:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
> dmi.product.name: 7665DS2
> dmi.product.version: ThinkPad T61
> dmi.sys.vendor: LENOVO
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/799858/+subscriptions
>

$ sudo start procps
$ start: Job failed to start

On Fri, Jul 1, 2011 at 2:10 PM, Jacob Maynard <email address hidden> wrote:

> start: Job failed to start
>
>
> On Fri, Jul 1, 2011 at 1:00 PM, Serge Hallyn <email address hidden>wrote:
>
>> (Leaving status 'confirmed' as there at least two reporters)
>>
>> --
>> You received this bug notification because you are subscribed to a
>> duplicate bug report (804105).
>> https://bugs.launchpad.net/bugs/799858
>>
>> Title:
>> package qemu-kvm-extras-static 0.12.3+noroms-0ubuntu9.9 failed to
>> install/upgrade: subprocess installed post-installation script
>> returned error exit status 1
>>
>> Status in “qemu-kvm” package in Ubuntu:
>> Invalid
>> Status in “qemu-kvm” source package in Lucid:
>> Confirmed
>> Status in “qemu-kvm” source package in Maverick:
>> Confirmed
>>
>> Bug description:
>> Binary package hint: qemu-kvm
>>
>> A result of the update maybe?
>>
>> ProblemType: Package
>> DistroRelease: Ubuntu 10.04
>> Package: qemu-kvm-extras-static 0.12.3+noroms-0ubuntu9.9
>> ProcVersionSignature: Ubuntu 2.6.32-32.62-generic 2.6.32.38+drm33.16
>> Uname: Linux 2.6.32-32-generic x86_64
>> NonfreeKernelModules: nvidia
>> AptOrdering: qemu-kvm-extras-static: Configure
>> Architecture: amd64
>> Date: Tue Jun 21 02:09:59 2011
>> ErrorMessage: subprocess installed post-installation script returned
>> error exit status 1
>> KvmCmdLine: Error: command ['ps', '-C', 'kvm', '-F'] failed with exit
>> code 1: UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
>> MachineType: LENOVO 7665DS2
>> PccardctlIdent:
>> Socket 0:
>> no product info available
>> PccardctlStatus:
>> Socket 0:
>> no card
>> ProcCmdLine: BOOT_IMAGE=/vmlinuz-2.6.32-32-generic
>> root=/dev/mapper/vg-root ro vga=789 quiet splash
>> SourcePackage: qemu-kvm
>> Title: package qemu-kvm-extras-static 0.12.3+noroms-0ubuntu9.9 failed to
>> install/upgrade: subprocess installed post-installation script returned
>> error exit status 1
>> dmi.bios.date: 12/27/2007
>> dmi.bios.vendor: LENOVO
>> dmi.bios.version: 7LETA9WW (2.09 )
>> dmi.board.name: 7665DS2
>> dmi.board.vendor: LENOVO
>> dmi.board.version: Not Available
>> dmi.chassis.asset.tag: No Asset Information
>> dmi.chassis.type: 10
>> dmi.chassis.vendor: LENOVO
>> dmi.chassis.version: Not Available
>> dmi.modalias:
>> dmi:bvnLENOVO:bvr7LETA9WW(2.09):bd12/27/2007:svnLENOVO:pn7665DS2:pvrThinkPadT61:rvnLENOVO:rn7665DS2:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
>> dmi.product.name: 7665DS2
>> dmi.product.version: ThinkPad T61
>> dmi.sys.vendor: LENOVO
>>
>> To manage notifications about this bug go to:
>>
>> https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/799858/+subscriptions
>>
>
>

Quoting indymaynard (<email address hidden>):
> $ sudo start procps
> $ start: Job failed to start

Thanks. What about when you do these:

    echo "handling sysctl.conf"
    cat /etc/sysctl.conf | sysctl -e -p -
    for f in /etc/sysctl.d/*.conf; do
        echo "Handling $f"
        cat $f | sysctl -e -p -
    done

Handling sysctl.conf
kernel.shmall = 134217728
Handling /etc/sysctl.d/10-console-messages.conf
kernel.printk = 4 4 1 7
Handling /etc/sysctl.d/10-network-security.conf
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_syncookies = 1
Handling /etc/sysctl.d/10-zeropage.conf
vm.mmap_min_addr = 65536
Handling /etc/sysctl.d/30-qemu-kvm-extras-static.conf
vm.mmap_min_addr = 4097

Thanks. this just makes no sense to me. Could you attach your /etc/init/procps.conf?

Glad to see that I'm not the only one baffled. This has kicked my butt.

# procps - set sysctls from /etc/sysctl.conf
#
# This task sets kernel sysctl variables from /etc/sysctl.conf and
# /etc/sysctl.d

description "set sysctls from /etc/sysctl.conf"

start on virtual-filesystems

task
script
    cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -p -
end script

Quoting indymaynard (<email address hidden>):
> Glad to see that I'm not the only one baffled. This has kicked my butt.
>
>
> # procps - set sysctls from /etc/sysctl.conf
> #
> # This task sets kernel sysctl variables from /etc/sysctl.conf and
> # /etc/sysctl.d
>
> description "set sysctls from /etc/sysctl.conf"
>
> start on virtual-filesystems
>
> task
> script
> cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -p -
> end script

If you add '-e' to the sysctl command, does that stop the error? So
it would look like this:

===================================================================
# procps - set sysctls from /etc/sysctl.conf
#
# This task sets kernel sysctl variables from /etc/sysctl.conf and
# /etc/sysctl.d

description "set sysctls from /etc/sysctl.conf"

start on virtual-filesystems

task
script
    cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -e -p -
end script
===================================================================

I added the -e, removed a package, added a package and the error did not show. I am tempted to say success on this. I would like to wait until an update happens to say for sure, though.

Would you mind explaining this? I see from the man entry that the -e means to ignore unknown keys, but I don't understand that in the context of kernel runtime parameters. Could you explain that to me, please?

Quoting indymaynard (<email address hidden>):
> I added the -e, removed a package, added a package and the error did not
> show. I am tempted to say success on this. I would like to wait until an
> update happens to say for sure, though.

Thanks. Since '-e' is used in maverick and onward, I'm not sure then
whether this should be seen as a bug in procps or not.

Since there are at least two reports of this after qemu upgrades, it
seems likely that a kvm sysctl is to blame. Can you try

# sudo sysctl -p /etc/sysctl.d/30-qemu-kvm-extras-static.conf
# echo $?

and tell us what that says?

> Would you mind explaining this? I see from the man entry that the -e
> means to ignore unknown keys, but I don't understand that in the context
> of kernel runtime parameters. Could you explain that to me, please?

It seems to imply that the entry in
/etc/sysctl.d/30-qemu-kvm-extras-static.conf, which is

vm.mmap_min_addr = 4097

is unknown. On my natty system, I see:

# sysctl mm.mmap_min_addr
error: "mm.mmap_min_addr" is an unknown key
# sysctl vm.mmap_min_addr
vm.mmap_min_addr = 65536

though again this is a natty system.

$ sudo sysctl -p /etc/sysctl.d/30-qemu-kvm-extras-static.conf
vm.mmap_min_addr = 4097
$ echo $?
0

Quoting indymaynard (<email address hidden>):
> $ sudo sysctl -p /etc/sysctl.d/30-qemu-kvm-extras-static.conf
> vm.mmap_min_addr = 4097
> $ echo $?
> 0

All right, thanks. So let's try and figure out which one *is*
the problem. Could you do:

sysctl kernel.shmall
sysctl kernel.printk
sysctl net.ipv4.conf.default.rp_filter
sysctl net.ipv4.conf.all.rp_filter
sysctl net.ipv4.tcp_syncookies

and show the results here?

Updates went flawlessly. The error never came up.

# sysctl kernel.shmall
kernel.shmall = 134217728
# sysctl kernel.printk
kernel.printk = 4 4 1 7
# sysctl net.ipv4.conf.default.rp_filter
net.ipv4.conf.default.rp_filter = 1
# sysctl net.ipv4.conf.all.rp_filter
net.ipv4.conf.all.rp_filter = 1
# sysctl net.ipv4.tcp_syncookies
net.ipv4.tcp_syncookies = 1

Would the following debdiff for procps in lucid be acceptable?

maybe low priority is not appropriate here.

The fix itself looks ok, but I think the changelog entry needs work - specifically, it doesn't actually describe the problem it fixes at all. I've rejected it from the queue; please upload again with an expanded changelog entry (something like ‘fixes failure to install when $STUFF’).

I don't have upload rights to procps, so here's the new debdiff.

Hello jepuzon, or anyone else affected,

Accepted procps into lucid-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/procps/1:3.2.8-1ubuntu4.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Verified, with the new procps package, inserting a bad key into /etc/sysctl.conf and then installing qemu-kvm-extras-static no longer results in dpkg failure.

This bug was fixed in the package procps - 1:3.2.8-1ubuntu4.3

---------------
procps (1:3.2.8-1ubuntu4.3) lucid-proposed; urgency=low

  * Add -e to the sysctl options in upstart script. (LP: #799858)
 -- Serge Hallyn <email address hidden> Thu, 15 Mar 2012 11:00:42 -0500

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".