The msgrcv() syscall in kernel 3.10.70 does not behave as documented when called with a negative fourth argument ('msgtyp') by a 32-bit application. The same issue was reported by someone else against the CentOS 7 kernel (https://bugs.centos.org/view.php?id=7099), which is a customized version of kernel 3.10.0, but I ran into it on builds of the stock kernel, as configured and packaged by ELRepo (http://elrepo.org/tiki/kernel-lt). The CentOS report has characterization, a test program, and a patch (https://bugs.centos.org/view.php?id=7099#c20187) that resolves the issue for me. I first ran into the issue with kernel 3.10.66; I have not determined how much further back it goes. I initially filed this issue against ELRepo's kernel-lt package (http://elrepo.org/bugs/view.php?id=556), and per ELRepo's request I am filing a corresponding report here. Evidently there also is or was a corresponding issue reported against RedHat Enterprise.
Just a short note to add that the patch as presented in https://lkml.org/lkml/2014/1/15/253 is in the current 3.19 mainline kernel.
Created attachment 168741 [details] Cast the argument to signed type before passing it down. This patch is present in mainline (3.19) but absent in stable (3.10.70).
The relevant patch has now been queued for the linux-3.10.X series. See -- https://lkml.org/lkml/2015/4/17/263 [^]
Upon checking the changelog [1] of the linux-3.10.75 tarball, I see that the required patch is finally present. [1] https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.75
Thanks, closing.