Bug#1024186: linux: consider deprecating unprivileged_userns_clone

[Matt Taggart]

Package: linux
Version: 6.0.8-1
Severity: wishlist

In #898446 the decision was made to enable unprivileged_userns_clone by 
default and this shipped in bullseye. In the course of discussion bwh 
suggested:


  So I think we should do something like this:

  * Document user.max_user_namespaces in procps's shipped
/etc/sysctl.conf
  * Set kernel.unprivileged_userns_clone to 1 by default, and deprecate
it (log a warning if it's changed)
  * Document the change in bullseye release notes

The default did get changed, but the other things haven't been done yet.

FYI: I do not know the current state of the upstream patch but I do 
still see it in 
debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch


Assuming Debian will not keep it, I propose:
* bookworm should warn users still setting it that's it deprecated
* bookworm should still properly disable it for users setting it to 0
* bookworm release notes should document it going away and the alternative
* bookworm procps should include an example in the default sysctl.conf 
and ps(1) proc(5) manpages

* trixie should remove it and release notes document
* it might also be useful to document in the above which common cases 
require that unpriv userns is enabled, maybe to avoid some footguns


How does that sound?

As a side note:
* desktop machines seem pretty dependent on unpriv userns by now so the 
default should remain enabled
* there are still recent CVEs enabled by unpriv userns, disabling it on 
systems that don't need it is still worthwhile


Thanks,

--
Matt Taggart
m...@lackof.org

Re: Bug#1022172: Bug#1024082: Bug#1022172: /lib/modprobe.d/50-nfs.conf causes initramfs-tools to stop including sunrpc module for nfs

[Salvatore Bonaccorso]

Hi Marco,

On Mon, Nov 14, 2022 at 07:06:30PM +0100, Marco d'Itri wrote:
> 
> Try something like this in /lib/udev/rules.d/60-nfs.rules:
> 
> ACTION=="add", SUBSYSTEM=="module", KERNEL=="sunrpc", \
>   RUN+="/sbin/sysctl -q --pattern ^sunrpc --system"
> ACTION=="add", SUBSYSTEM=="module", KERNEL=="rpcrdma", \
>   RUN+="/sbin/sysctl -q --pattern ^sunrpc.svc_rdma --system"
> ACTION=="add", SUBSYSTEM=="module", KERNEL=="lockd", \
>   RUN+="/sbin/sysctl -q --pattern ^fs.nfs.n[sl]m --system"
> ACTION=="add", SUBSYSTEM=="module", KERNEL=="nfsv4", \
>   RUN+="/sbin/sysctl -q --pattern 
> ^fs.nfs.(nfs_callback_tcpport|idmap_cache_timeout) --system"
> ACTION=="add", SUBSYSTEM=="module", KERNEL=="nfs", \
>   RUN+="/sbin/sysctl -q --pattern ^fs.nfs --system"
> 
> Differently from the original file I tired anchoring the patterns, which 
> looks more correct to me.

Thanks, I will try to test this and bring to nfs-utils upstream.
Michael or Andras, if you can help testing it in your use cases that
would be helpful.

Regards,
Salvatore

Bug#1022025: Fwd: Bug#1022051: Acknowledgement (linux-image-5.10.0-19-amd64: no boot possible)

[muumatch]

> 5.10.149-2 was no help with A10-7850K Radeon R7.

Yes, My PC didn't boot with amdgpu yet, on linux-image-5.10.0-19-amd64.
I'm using Radeon R7 Graphics too.
I'm a man that 1st post in this thread.
Sorry, I was so busy for a while.

Attached /var/log/messages when didn't boot.

Nov 15 05:30:19 muumatch-computer kernel: [0.00] Linux version 
5.10.0-19-amd64 (debian-kernel@lists.debian.org) (gcc-10 (Debian 10.2.1-6) 
10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP Debian 
5.10.149-2 (2022-10-21)
Nov 15 05:30:19 muumatch-computer kernel: [0.00] Command line: 
BOOT_IMAGE=/boot/vmlinuz-5.10.0-19-amd64 
root=UUID=ed31f180-e855-42c2-ba9c-36e3a1b7cb9d ro quiet radeon.si_support=0 
amdgpu.si_support=1
Nov 15 05:30:19 muumatch-computer kernel: [0.00] x86/fpu: Supporting 
XSAVE feature 0x001: 'x87 floating point registers'
Nov 15 05:30:19 muumatch-computer kernel: [0.00] x86/fpu: Supporting 
XSAVE feature 0x002: 'SSE registers'
Nov 15 05:30:19 muumatch-computer kernel: [0.00] x86/fpu: Supporting 
XSAVE feature 0x004: 'AVX registers'
Nov 15 05:30:19 muumatch-computer kernel: [0.00] x86/fpu: 
xstate_offset[2]:  576, xstate_sizes[2]:  256
Nov 15 05:30:19 muumatch-computer kernel: [0.00] x86/fpu: Enabled 
xstate features 0x7, context size is 832 bytes, using 'standard' format.
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-provided physical 
RAM map:
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0x-0x0009e7ff] usable
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0x0009e800-0x0009] reserved
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0x000e-0x000f] reserved
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0x0010-0x9d236fff] usable
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0x9d237000-0x9d266fff] reserved
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0x9d267000-0x9d276fff] ACPI data
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0x9d277000-0x9d7b3fff] ACPI NVS
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0x9d7b4000-0x9e3aefff] reserved
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0x9e3af000-0x9e3a] usable
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0x9e3b-0x9e5b5fff] ACPI NVS
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0x9e5b6000-0x9e9f2fff] usable
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0x9e9f3000-0x9eff3fff] reserved
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0x9eff4000-0x9eff] usable
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0xf800-0xfbff] reserved
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0xfeb8-0xfec01fff] reserved
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0xfec1-0xfec10fff] reserved
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0xfed0-0xfed00fff] reserved
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0xfed8-0xfed8] reserved
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0xff00-0x] reserved
Nov 15 05:30:19 muumatch-computer kernel: [0.00] BIOS-e820: [mem 
0x0001-0x00021eff] usable
Nov 15 05:30:19 muumatch-computer kernel: [0.00] NX (Execute Disable) 
protection: active
Nov 15 05:30:19 muumatch-computer kernel: [0.00] SMBIOS 2.7 present.
Nov 15 05:30:19 muumatch-computer kernel: [0.00] DMI: System 
manufacturer System Product Name/A88XM-A, BIOS 3001 03/09/2016
Nov 15 05:30:19 muumatch-computer kernel: [0.00] tsc: Fast TSC 
calibration failed
Nov 15 05:30:19 muumatch-computer kernel: [0.00] last_pfn = 0x21f000 
max_arch_pfn = 0x4
Nov 15 05:30:19 muumatch-computer kernel: [0.00] x86/PAT: Configuration 
[0-7]: WB  WC  UC- UC  WB  WP  UC- WT  
Nov 15 05:30:19 muumatch-computer kernel: [0.00] last_pfn = 0x9f000 
max_arch_pfn = 0x4
Nov 15 05:30:19 muumatch-computer kernel: [0.00] found SMP MP-table at 
[mem 0x000fd720-0x000fd72f]
Nov 15 05:30:19 muumatch-computer kernel: [0.00] Using GB pages for 
direct mapping
Nov 15 05:30:19 muumatch-computer kernel: [0.00] RAMDISK: [mem 
0x305c9000-0x342dbfff]
Nov 15 05:30:19 muumatch-computer kernel: [0.00] ACPI: Early table 
checksum verification 

Processed: your mail

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reopen 1016945
Bug #1016945 [firmware-qlogic] firmware-qlogic: Firmware required by 
debiantesting kernel not available in firmware-qlogic
Bug 1016945 is not marked as done; doing nothing.
>
End of message, stopping processing here.

Please contact me if you need assistance.
-- 
1016945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016945
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: found 1016945 in 20221012-1

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> found 1016945 20221012-1
Bug #1016945 [firmware-qlogic] firmware-qlogic: Firmware required by 
debiantesting kernel not available in firmware-qlogic
Marked as found in versions firmware-nonfree/20221012-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1016945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016945
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: reopening 1016945

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reopen 1016945
Bug #1016945 {Done: Diederik de Haas } [firmware-qlogic] 
firmware-qlogic: Firmware required by debiantesting kernel not available in 
firmware-qlogic
'reopen' may be inappropriate when a bug has been closed with a version;
all fixed versions will be cleared, and you may need to re-add them.
Bug reopened
No longer marked as fixed in versions 20220913-1.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1016945: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016945
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1016945: current firmware is missing from firmware-qlogic

[Csillag Tamás]

Version: 20221012-1

Hi,

I see the exact issue today as seen in this bugreport.

[   64.115490] qede: probe of :18:00.2 failed with error -2
[   64.226721] qede :18:00.3: firmware: failed to load 
qed/qed_init_values_zipped-8.59.1.0.bin (-2)
[   64.226745] qede :18:00.3: firmware: failed to load 
qed/qed_init_values_zipped-8.59.1.0.bin (-2)
[   64.226750] qede :18:00.3: Direct firmware load for 
qed/qed_init_values_zipped-8.59.1.0.bin failed with error -2
[   64.226756] [qed_slowpath_start:1266()]Failed to find fw file - 
/lib/firmware/qed/qed_init_values_zipped-8.59.1.0.bin
[   64.243449] qede: probe of :18:00.3 failed with error -2

root@grml ~ # dpkg -l firmware-qlogic 
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ NameVersion  Architecture Description
+++-===---=
ii  firmware-qlogic 20221012-1   all  Binary firmware for QLogic HBAs

root@grml ~ # dpkg -L firmware-qlogic | grep qed
/lib/firmware/qed
/lib/firmware/qed/qed_init_values_zipped-8.10.10.0.bin
/lib/firmware/qed/qed_init_values_zipped-8.33.1.0.bin
/lib/firmware/qed/qed_init_values_zipped-8.33.11.0.bin
/lib/firmware/qed/qed_init_values_zipped-8.37.2.0.bin
/lib/firmware/qed/qed_init_values_zipped-8.42.2.0.bin

root@grml ~ # uname -a
Linux grml 6.0.0-3-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.0.7-1 (2022-11-05) 
x86_64 GNU/Linux

Regards,
 Tamás

Bug#1019204: ss command freeze and the process cannot be killed

[Stéphane Hoc]

Thanks for the explanations Salvatore.

Processed: Re: Bug#1019204 closed by Stéphane Hoc (ss command freeze and the process cannot be killed)

[Debian Bug Tracking System]

Processing control commands:

> fixed -1 6.0~rc7-1~exp1
Bug #1019204 {Done: Stéphane Hoc } [src:linux] ss command 
freeze and the process cannot be killed
Marked as fixed in versions linux/6.0~rc7-1~exp1.

-- 
1019204: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019204
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1019204: closed by Stéphane Hoc (ss command freeze and the process cannot be killed)

[Salvatore Bonaccorso]

Control: fixed -1 6.0~rc7-1~exp1

Hi Stéphane

On Tue, Nov 15, 2022 at 11:42:03AM +, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the iproute2 package:
> 
> #1019204: ss command freeze and the process cannot be killed
> 
> It has been closed by Stéphane Hoc .
> 
> Their explanation is attached below along with your original report.
> If this explanation is unsatisfactory and you have not received a
> better one in a separate message then please contact Stéphane Hoc 
>  by
> replying to this email.
> 
> 
> -- 
> 1019204: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019204
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems

> From: Stéphane Hoc 
> Date: Tue, 15 Nov 2022 12:38:01 +0100
> To: 1019204-d...@bugs.debian.org
> Subject: ss command freeze and the process cannot be killed
> 
> Version: 6.0.0-1
> 
> It's also fixed on my side, kernel 6.0.0-4-amd64 (6.0.8-1) on Debian
> unstable.
> This bug can now be closed.

The fix was probably
https://git.kernel.org/linus/76dd07281338da6951fdab3432ced843fa87839c
which is in 6.0-rc7 upstream (and would have been backported to
5.19.12 (but the later was never uploaded as we switched to to the 6.x
series after 5.19.11-1).

Regards,
Salvatore

Bug#1024149: linux-image-amd64: 32-bit mmap() puts large files at non-random address

[Jakub Wilk]

Adding forgotten attachment...

--
Jakub Wilk
#include 
#include 
#include 
#include 
#include 

int main(int argc, char **argv)
{
	struct stat st;
	if (fstat(0, ) < 0)
		abort();
	void *p = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 0, 0);
	printf("mmap(NULL, %zd, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 0, 0) = %p\n", (size_t) st.st_size, p);
}

Processed: reassign 1019204 to src:linux, notfixed 1019204 in 6.0.0-1, closing 1019204

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 1019204 src:linux 5.19.6-1
Bug #1019204 {Done: Stéphane Hoc } [iproute2] ss command freeze 
and the process cannot be killed
Bug reassigned from package 'iproute2' to 'src:linux'.
No longer marked as found in versions iproute2/5.19.0-1.
No longer marked as fixed in versions 6.0.0-1.
Bug #1019204 {Done: Stéphane Hoc } [src:linux] ss command 
freeze and the process cannot be killed
Marked as found in versions linux/5.19.6-1.
> notfixed 1019204 6.0.0-1
Bug #1019204 {Done: Stéphane Hoc } [src:linux] ss command 
freeze and the process cannot be killed
The source 'linux' and version '6.0.0-1' do not appear to match any binary 
packages
Ignoring request to alter fixed versions of bug #1019204 to the same values 
previously set
> close 1019204 6.0.8-1
Bug #1019204 {Done: Stéphane Hoc } [src:linux] ss command 
freeze and the process cannot be killed
Marked as fixed in versions linux/6.0.8-1.
Bug #1019204 {Done: Stéphane Hoc } [src:linux] ss command 
freeze and the process cannot be killed
Bug 1019204 is already marked as done; not doing anything.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
1019204: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019204
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1024149: linux-image-amd64: 32-bit mmap() puts large files at non-random address

[Jakub Wilk]

Package: src:linux
Version: 6.0.8-1
Tags: security
Control: affects -1 + libc6

32-bit mmap() puts large (>= 2 MiB) files at the same address every 
time:

$ i686-linux-gnu-gcc -static test-mmap.c -o test-mmap
$ head -c $((2 * 1024 * 1024)) /dev/zero > zeros
$ for i in 1 2 3; do ./test-mmap < zeros; done
mmap(NULL, 2097152, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 0, 0) = 0xf7c0
mmap(NULL, 2097152, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 0, 0) = 0xf7c0
mmap(NULL, 2097152, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 0, 0) = 0xf7c0

In contrast, for smaller files, there's a few bits of entropy in the 
address:

$ head -c $((2 * 1024 * 1024 - 4096)) /dev/zero > zeros
$ for i in 1 2 3; do ./test-mmap < zeros; done
mmap(NULL, 2093056, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 0, 0) = 0xf7d4a000
mmap(NULL, 2093056, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 0, 0) = 0xf7db8000
mmap(NULL, 2093056, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 0, 0) = 0xf7d99000

This weakens ASLR for most(?) programs, because libc.so.6 has recently 
become slightly larger than 2 MiB:

$ wc -c /lib/i386-linux-gnu/libc.so.6
2225200 /lib/i386-linux-gnu/libc.so.6

$ for i in 1 2 3; do cat /proc/self/maps | grep ' r-xp .*/libc'; done
f7c22000-f7d9b000 r-xp 00022000 fd:00 12059068   
/lib/i386-linux-gnu/libc.so.6
f7c22000-f7d9b000 r-xp 00022000 fd:00 12059068   
/lib/i386-linux-gnu/libc.so.6
f7c22000-f7d9b000 r-xp 00022000 fd:00 12059068   
/lib/i386-linux-gnu/libc.so.6

Curiously, not all file systems are affected. I could reproduce the bug 
on ext4, but not on tmpfs or unionfs.


-- Package-specific info:
** Version:
Linux version 6.0.0-4-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 
12.2.0-9) 12.2.0, GNU ld (GNU Binutils for Debian) 2.39) #1 SMP PREEMPT_DYNAMIC 
Debian 6.0.8-1 (2022-11-11)


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
Architecture: i386 (x86_64)
Foreign Architectures: amd64

-- 
Jakub Wilk

Processed: linux-image-amd64: 32-bit mmap() puts large files at non-random address

[Debian Bug Tracking System]

Processing control commands:

> affects -1 + libc6
Bug #1024149 [src:linux] linux-image-amd64: 32-bit mmap() puts large files at 
non-random address
Added indication that 1024149 affects libc6

-- 
1024149: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024149
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

reassign 1019204 to src:linux, notfixed 1019204 in 6.0.0-1, closing 1019204

[Salvatore Bonaccorso]

reassign 1019204 src:linux 5.19.6-1
notfixed 1019204 6.0.0-1
close 1019204 6.0.8-1
thanks

Bug#1019204: marked as done (ss command freeze and the process cannot be killed)

[Debian Bug Tracking System]

Your message dated Tue, 15 Nov 2022 12:38:01 +0100
with message-id 
and subject line ss command freeze and the process cannot be killed
has caused the Debian Bug report #1019204,
regarding ss command freeze and the process cannot be killed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1019204: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019204
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: iproute2
Version: 5.19.0-1

It appeared since kernel 5.19.6 worked fine with 5.18.16 on Debian unstable.
This is what dmesg reports:

[  547.278515] BUG: unable to handle page fault for address: ffc8
[  547.278527] #PF: supervisor read access in kernel mode
[  547.278532] #PF: error_code(0x) - not-present page
[  547.278537] PGD 292814067 P4D 292814067 PUD 292816067 PMD 0 
[  547.278548] Oops:  [#1] PREEMPT SMP NOPTI
[  547.278556] CPU: 2 PID: 3428 Comm: ss Tainted: P   OE 
5.19.0-1-amd64 #1  Debian 5.19.6-1
[  547.278564] Hardware name: To Be Filled By O.E.M. To Be Filled By 
O.E.M./990FX Extreme9, BIOS P1.80 03/29/2016
[  547.278570] RIP: 0010:raw_diag_dump+0xea/0x1d0 [raw_diag]
[  547.278581] Code: c3 89 44 24 24 4c 89 e8 41 89 ed 49 89 c7 48 8b 04 24 48 
8b 58 08 89 dd 83 e5 01 74 0d e9 d5 00 00 00 48 8b 1b f6 c3 01 75 7f <4c> 3b 63 
c8 75 f2 44 39 ed 7c 69 41 0f b6 07 66 39 43 a8 75 5f 41
[  547.278587] RSP: 0018:a028c34df9e8 EFLAGS: 00010246
[  547.278594] RAX: ad249960 RBX:  RCX: 000c
[  547.278599] RDX:  RSI: ad249960 RDI: 
[  547.278604] RBP:  R08:  R09: 002a822e
[  547.278608] R10: 90a420c3 R11:  R12: ad240a40
[  547.278613] R13:  R14:  R15: 90a3a793d810
[  547.278618] FS:  7f4c27db5c80() GS:90a68ec8() 
knlGS:
[  547.278624] CS:  0010 DS:  ES:  CR0: 80050033
[  547.278629] CR2: ffc8 CR3: 00012ee2a000 CR4: 000406e0
[  547.278634] Call Trace:
[  547.278639]  
[  547.278647]  __inet_diag_dump+0x3c/0xb0 [inet_diag]
[  547.278659]  netlink_dump+0x18b/0x310
[  547.278673]  __netlink_dump_start+0x1b0/0x2e0
[  547.278684]  inet_diag_handler_cmd+0xb1/0xe0 [inet_diag]
[  547.278694]  ? inet_diag_dump_start_compat+0x10/0x10 [inet_diag]
[  547.278702]  ? inet_diag_dump_compat+0xb0/0xb0 [inet_diag]
[  547.278711]  ? inet_diag_unregister+0x40/0x40 [inet_diag]
[  547.278720]  sock_diag_rcv_msg+0x11d/0x140
[  547.278729]  ? sock_diag_bind+0x50/0x50
[  547.278735]  netlink_rcv_skb+0x51/0x100
[  547.278743]  sock_diag_rcv+0x24/0x40
[  547.278750]  netlink_unicast+0x23e/0x360
[  547.278760]  netlink_sendmsg+0x24e/0x4b0
[  547.278771]  sock_sendmsg+0x62/0x70
[  547.278780]  sys_sendmsg+0x230/0x270
[  547.278787]  ? import_iovec+0x2d/0x40
[  547.278796]  ? sendmsg_copy_msghdr+0x7d/0xa0
[  547.278804]  ? __check_object_size+0x4a/0x250
[  547.278813]  ? _copy_from_user+0x3a/0x60
[  547.278820]  ___sys_sendmsg+0x81/0xc0
[  547.278829]  ? ___sys_recvmsg+0x99/0x110
[  547.278839]  ? __check_object_size+0x4a/0x250
[  547.278848]  ? _copy_to_user+0x21/0x30
[  547.278854]  ? move_addr_to_user+0x4b/0xe0
[  547.278862]  __sys_sendmsg+0x59/0xa0
[  547.278873]  do_syscall_64+0x3b/0xc0
[  547.278882]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  547.278890] RIP: 0033:0x7f4c27b0b443
[  547.278897] Code: 64 89 02 48 c7 c0 ff ff ff ff eb b9 66 2e 0f 1f 84 00 00 
00 00 00 90 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 2e 00 00 00 0f 05 <48> 3d 00 
f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 89 54 24 1c 48
[  547.278903] RSP: 002b:7fff97ae8418 EFLAGS: 0246 ORIG_RAX: 
002e
[  547.278910] RAX: ffda RBX: 000a RCX: 7f4c27b0b443
[  547.278915] RDX:  RSI: 7fff97ae8500 RDI: 0003
[  547.278919] RBP: 00ff R08: 0003 R09: 0078
[  547.278923] R10: 009b R11: 0246 R12: 0003
[  547.278927] R13: 7fff97ae8480 R14: 03010014 R15: 7fff97ae8570
[  547.278935]  
[  547.278939] Modules linked in: raw_diag inet_diag unix_diag nvidia_drm(POE) 
drm_kms_helper nvidia_modeset(POE) snd_hda_codec_realtek edac_mce_amd 
snd_hda_codec_hdmi snd_hda_codec_generic ledtrig_audio kvm_amd ccp rng_core kvm 
irqbypass ghash_clmulni_intel aesni_intel crypto_simd cryptd mxm_wmi 
snd_hda_intel fam15h_power k10temp snd_intel_dspcfg snd_intel_sdw_acpi joydev 
snd_hda_codec evdev snd_hda_core snd_hwdep 

Bug#1019204: ss command freeze and the process cannot be killed

[Κρακ Άουτ]

It has been solved. After updating Bookworm's kernel to v.6.