I get the following error trying to run man man: nroff: Bad system call (core dumped) man: command exited with status 159: /usr/libexec/man-db/zsoelim | /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE | preconv -e UTF-8 | tbl | nroff -mandoc -c -rLL=141n -rLT=141n -Tutf8 setting MAN_DISABLE_SECCOMP=1 and running man works fine. Portage 2.3.24 (python 3.5.4-final-0, default/linux/amd64/17.0, gcc-7.3.0, glibc-2.26-r6, 4.15.10-gentoo x86_64) ================================================================= System Settings ================================================================= System uname: Linux-4.15.10-gentoo-x86_64-AMD_Ryzen_Threadripper_1950X_16-Core_Processor-with-gentoo-2.4.1 KiB Mem: 65886912 total, 46376044 free KiB Swap: 8388600 total, 8388600 free Timestamp of repository gentoo: Sat, 17 Mar 2018 22:21:53 +0000 Head commit of repository gentoo: dc118889803ff31fcf0486eab2385fd654f007bd sh bash 4.4_p19 ld GNU ld (Gentoo 2.30 p1) 2.30.0 app-shells/bash: 4.4_p19::gentoo dev-lang/perl: 5.26.1-r2::gentoo dev-lang/python: 2.7.14-r1::gentoo, 3.5.4-r1::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.4.1-r2::gentoo sys-apps/openrc: 0.35.5::gentoo sys-apps/sandbox: 2.13::gentoo sys-devel/autoconf: 2.69-r4::gentoo sys-devel/automake: 1.16.1-r1::gentoo sys-devel/binutils: 2.30::gentoo sys-devel/gcc: 7.3.0::gentoo sys-devel/gcc-config: 1.9.1::gentoo sys-devel/libtool: 2.4.6-r4::gentoo sys-devel/make: 4.2.1-r3::gentoo sys-kernel/linux-headers: 4.15::gentoo (virtual/os-headers) sys-libs/glibc: 2.26-r6::gentoo Repositories: gentoo location: /var/db/repos/gentoo sync-type: git sync-uri: https://github.com/gentoo-mirror/gentoo.git priority: -1000 gyakovlev location: /var/db/repos/gyakovlev masters: gentoo ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/var/cache/portage/distfiles" EMERGE_DEFAULT_OPTS="--ask-enter-invalid --jobs=16 --load-average 32" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs buildpkg cgroup collision-protect config-protect-if-modified distlocks downgrade-backup ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch parallel-install preserve-libs protect-owned sandbox sfperms sign strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="https://gentoo.osuosl.org/ http://gentoo.mirrors.pair.com/ http://mirrors.rit.edu/gentoo/ http://cosmos.illinois.edu/pub/gentoo/ http://mirror.lug.udel.edu/pub/gentoo/ http://lug.mtu.edu/gentoo/" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en" MAKEOPTS="-j32 -l32" PKGDIR="/var/cache/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/tmp" USE="acl amd64 bash-completion berkdb branding bzip2 cli crypt cxx dri fortran gdbm iconv ipv6 libressl lzma modules multilib ncurses nls nptl openmp pam pcre readline seccomp ssl tcpd unicode xattr zlib" ABI_X86="64" ALSA_CARDS="hda-intel" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2 fuji" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" CURL_SSL="libressl" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-0" POSTGRES_TARGETS="postgres9_5" PYTHON_SINGLE_TARGET="python3_5" PYTHON_TARGETS="python2_7 python3_5" RUBY_TARGETS="ruby22 ruby23" USERLAND="GNU" VIDEO_CARDS="amdgpu radeon radeonsi" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS ================================================================= Package Settings ================================================================= sys-apps/man-db-2.8.2::gentoo was built with the following: USE="berkdb gdbm manpager nls seccomp zlib (-selinux) -static-libs" ABI_X86="(64)" see some downstream bugs: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892076 also somewhat similar: https://bugs.gentoo.org/647496 but the patch mentioned in the bug applied does not solve the nroff problem
also tried applying this patch https://git.savannah.gnu.org/cgit/man-db.git/commit/?id=232899c9776625e75cec72a4fb9e588968a6fa2f but it does not make any difference.
it was happening in a chroot, can no longer re-produce after booting properly into the system...
Copying the upstream maintainer.
Could you please run the command in question under "strace -f -s 1024 -o man.trace" and attach the resulting man.trace file? (Make sure that it actually fails when you do so; sometimes strace can perturb the environment enough to make the problem go away, especially if it's timing-dependent.)
(In reply to Colin Watson from comment #4) > Could you please run the command in question under "strace -f -s 1024 -o > man.trace" and attach the resulting man.trace file? (Make sure that it > actually fails when you do so; sometimes strace can perturb the environment > enough to make the problem go away, especially if it's timing-dependent.) I tried to re-create this one with no success so far. I guess it was something temporary on my side in that particular chroot. I'm planning more installs in a couple of weeks, if I encounter this I'll let you guys know. No data from me for now.
Created attachment 527168 [details] strace -f -s 1024 -o man.trace man man output I was able to replicate this again in a chroot. strace output uploaded. this time it's version 2.8.3, so it's still affected. I've created a snapshot this time, let me know if anything else is needed, I'll run it.
From another trace with unwinding. 101197 socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0 <unfinished ...> 101197 <... socket resumed> ) = 41 > /lib64/libc-2.26.so(socket+0x7) [0x10b157] > /lib64/libc-2.26.so(open_socket+0x4d) [0x14ad2d] 101197 --- SIGSYS {si_signo=SIGSYS, si_code=SYS_SECCOMP, si_call_addr=0x7f856f132157, si_syscall=__NR_socket, si_arch=AUDIT_ARCH_X86_64} --- some pipeline debug at the moment Waiting for pipeline: (cd /usr/share/man && /usr/libexec/man-db/zsoelim) | (cd /usr/share/man && /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE) | (cd /usr/share/man && preconv -e UTF-8) | (cd /usr/share/man && tbl) | (cd /usr/share/man && nroff -mandoc -c -rLL=186n -rLT=186n -Tutf8) [input: {-1, NULL}, output: {-1, NULL}] Active processes (5): "/usr/libexec/man-db/zsoelim" (8375) -> 0 "/usr/libexec/man-db/manconv" (8376) -> 0 "preconv" (8377) -> 0 "tbl" (8378) -> 0 "nroff" (8379) -> 159 man: nroff: Bad system call (core dumped)
Interesting. Normally trying to create a socket is due to some kind of strange preloaded antivirus thing or similar, but there's no evidence of that here. What's your /bin/sh (assuming that /usr/bin/nroff is #!/bin/sh)? Is it possible that it's bash configured with SYSLOG_HISTORY, or something like that?
(In reply to Colin Watson from comment #8) > Interesting. Normally trying to create a socket is due to some kind of > strange preloaded antivirus thing or similar, but there's no evidence of > that here. > > What's your /bin/sh (assuming that /usr/bin/nroff is #!/bin/sh)? Is it > possible that it's bash configured with SYSLOG_HISTORY, or something like > that? nothing weird with bash or nroff, /bin/sh is just bash, no logger support enabled. I've found it however: it tries to open socket to glibc's nscd. it's a chroot and nscd is not running yet in here. nscd is running outside of chroot, however stopping or starting it on the upper host does not make any difference in the chroot. both host and chroot glibc have nscd support compiled in. the only thing that helped is building glibc in the chroot without nscd support, so it does not attempt call nscd functions. otherwise calls to nscd are hardwired into glibc and any call to a map-related function (getpwnam(), gethostbyname() etc...) will try to query nscd first. that explains why I can't reproduce it after I actually boot the chroot. so I think filters either need to account for that, or bypass nscd explicitly with something like __nss_disable_nscd on glibc systems. check this bug for example https://sourceware.org/bugzilla/show_bug.cgi?id=13696 they want to disable nscd exactly because they want to omit calling socket() in a sandbox, similar to this problem. hope that helps.
contents of /etc/nsswitch.conf: passwd: compat files shadow: compat files group: compat files hosts: files dns networks: files dns services: db files protocols: db files rpc: db files ethers: db files netmasks: files netgroup: files bootparams: files automount: files aliases: files but changing it does not really help, because glibc still tries to call nscd in almost any case.
Thanks. I haven't quite been able to reproduce this so far, but I can see the general shape of the problem. Looking at bash's startup sequence, it may also depend on which environment variables are already set (since bash does extra work to calculate them if they aren't); is it possible that variables such as HOME or SHELL were unset in the environment where you hit this bug, or that you have something unusual in your shell startup scripts? I think, really, the only way we're going to be able to avoid this reliably is to avoid executing the shell under seccomp; there are just too many unknowns, and I don't want to permit socket access in general as that weakens the sandbox too much. My plan is to refactor man a little so that it uses groff directly (if applicable) rather than going through the nroff wrapper.
I do filter env by running /usr/bin/env -i HOME=/root TERM="${TERM}" chroot ... but run source /etc/profile right after entering it. will be doing another chroot build testing soon and will keep an eye on environment state. I agree, the bug is kinda hard to reproduce and the issue is not really that important. seccomp does it job and it's a good thing. normal usage is not affected.
you were absolutely right. I tried to chroot with unclean environment, without filtering and found out exact variable. the reason: missing SHELL=/bin/bash Setting it was enough to fix weird behaviour with bash trying to open nscd socket. Example: nscd running on host chroot in /mnt/gentoo, glibc compiled with nscd, but it's not running of course. chroot /mnt/gentoo /bin/bash (not filtering env here, SHELL=/bin/bash) unset SHELL man man man: nroff: Bad system call (core dumped) man: command exited with status 159: (cd /usr/share/man && /usr/libexec/man-db/zsoelim) | (cd /usr/share/man && /usr/libexec/man-db/manconv -f UTF-8:ISO-8859-1 -t UTF-8//IGNORE) | (cd /usr/share/man && preconv -e UTF-8) | (cd /usr/share/man && tbl) | (cd /usr/share/man && nroff -mandoc -c -rLL=186n -rLT=186n -Tutf8) export SHELL=/bin/bash man man displays the page.
no longer hit it on current versions, even with unset SHELL =) closing, thanks.
The problem still reproduces even for the latest version =sys-apps/man-db-2.8.5-r1 On i386 architecture (if that matters) I had to workaround by USE=-seccomp
(In reply to Max Satula from comment #15) > The problem still reproduces even for the latest version please strace the failing program and attach the log so we can see which syscall is failing
Created attachment 742401 [details] Strace output of man-db-2.8.5-r1
(In reply to SpanKY from comment #16) > (In reply to Max Satula from comment #15) > > The problem still reproduces even for the latest version > > please strace the failing program and attach the log so we can see which > syscall is failing Well, I looked into the strace log I attached, that seems to be a call to clock_gettime64. A clock_gettime function is already listed in src/sandbox.c, but in 32-bit system clock_gettime64 is used. After adding a line (the patch is listed below) I could compile it with USE=seccomp and run it successfully. --- lib/sandbox.c 2021-10-01 15:02:30.875185637 -0400 +++ lib/sandbox.c 2021-10-01 15:02:38.938228602 -0400 @@ -270,6 +270,7 @@ /* systemd: SystemCallFilter=@default */ SC_ALLOW ("clock_getres"); SC_ALLOW ("clock_gettime"); + SC_ALLOW ("clock_gettime64"); SC_ALLOW ("clock_nanosleep"); SC_ALLOW ("execve"); SC_ALLOW ("exit");
In the previous message, whenever I mention src/sandbox.c, that is actually lib/sandbox.c
(In reply to Max Satula from comment #15) > The problem still reproduces even for the latest version > =sys-apps/man-db-2.8.5-r1 2.8.5-r1 is quite old. This was fixed in man-db-2.9.4, which is available and stable in Gentoo.
