Tcpdump segfault

root@blackbox:~# tcpdump -n -i eth6 -B2G -s 1024
Segmentation fault
root@blackbox:~# tcpdump --version
tcpdump version 4.9.3
libpcap version 1.10.1 (with TPACKET_V3)

Without the buffer argument it doesn’t segfault.

OPENWRT_RELEASE="OpenWrt 22.03-SNAPSHOT+traverse 545310966", same issue in OpenWrt 22.03.0-rc5+traverse 585453076

Uh oh.

(gdb) file tcpdump
Reading symbols from tcpdump...
(gdb) run -n -i eth6 -B2G -s 1024
Starting program: /usr/sbin/tcpdump -n -i eth6 -B2G -s 1024
warning: Unable to find dynamic linker breakpoint function.
GDB will be unable to debug shared library initializers
and track explicitly loaded dynamic code.

Program received signal SIGSEGV, Segmentation fault.
0x0000fffff7f97ca8 in ?? ()
(gdb) bt
#0  0x0000fffff7f97ca8 in ?? ()
#1  0x0000fffff7f673b0 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

After copying a whole lot of debug libraries over:

(gdb) bt
#0  get_meta (p=p@entry=0xfffff7ff6020 <error: Cannot access memory at address 0xfffff7ff6020>) at src/malloc/mallocng/meta.h:132
#1  0x0000fffff7f980e8 in __libc_free (p=0xfffff7ff6020) at src/malloc/mallocng/free.c:105
#2  0x0000fffff7f82234 in free (p=<optimized out>) at src/malloc/free.c:5
#3  0x0000fffff7f2d8c4 in pcap_cleanup_linux (handle=handle@entry=0xfffff7f673b0) at /home/voltagex/src/openwrt-sdk-armvirt-64_gcc-11.2.0_musl.Linux-x86_64/build_dir/target-aarch64_generic_musl/libpcap-1.10.1/pcap-linux.c:835
#4  0x0000fffff7f2dd24 in pcap_activate_linux (handle=0xfffff7f673b0) at /home/voltagex/src/openwrt-sdk-armvirt-64_gcc-11.2.0_musl.Linux-x86_64/build_dir/target-aarch64_generic_musl/libpcap-1.10.1/pcap-linux.c:1106
#5  0x0000fffff7f28ad0 in pcap_activate (p=p@entry=0xfffff7f673b0) at /home/voltagex/src/openwrt-sdk-armvirt-64_gcc-11.2.0_musl.Linux-x86_64/build_dir/target-aarch64_generic_musl/libpcap-1.10.1/pcap.c:2721
#6  0x0000000000405050 in open_interface (device=device@entry=0xfffffffffe91 <error reading variable>, ndo=ndo@entry=0xffffffffea40, ebuf=ebuf@entry=0xffffffffeaf0 "") at ./tcpdump.c:1042
#7  0x000000000040340c in main (argc=<optimized out>, argv=0xfffffffffc38) at ./tcpdump.c:1684

I’ve checked with a vanilla OpenWrt 22.03 armvirt, the bug definitely exists upstream in 22.03 up to today.
It seems to work with armvirt (and x86) on the master branch, so there might be a libpcap or musl patch missing from 22.03.

I’ve got a master branch (w/5.15 kernel) working and yep, tcpdump -B doesn’t segfault on it.
I’ll try and get it up soon, I was reworking it due to feedback on my OpenWrt PR but didn’t quite finish it before I left for vacation.

Thanks - I can work around this one for now.