First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Wireshark 3.1 freeze under macOS Catalina

When starting Wireshark 3.1, I see one process forks five others and those five run at 100% CPU (per top). On the UI, Wireshark is stuck at "Initializing external capture plugins".

What information can I gather to help troubleshoot this?

Some debug info:

Sampling process 28323 for 3 seconds with 1 millisecond of run time between samples
Sampling completed, processing symbols...
Analysis of sampling Wireshark (pid 28323) every 1 millisecond
Process:         Wireshark [28323]
Path:            /Applications/Wireshark.app/Contents/MacOS/Wireshark
Load Address:    0x10a6ca000
Identifier:      Wireshark
Version:         ???
Code Type:       X86-64
Parent Process:  Wireshark [28319]

Date/Time:       2019-11-11 09:44:24.467 -0800
Launch Time:     2019-11-11 09:43:19.488 -0800
OS Version:      Mac OS X 10.15.1 (19B88)
Report Version:  7
Analysis Tool:   /usr/bin/sample

Physical footprint:         436K
Physical footprint (peak):  436K
----

Call graph:
    2789 Thread_2686105: Main Thread   DispatchQueue_<multiple>
      2789 thread_start  (in libsystem_pthread.dylib) + 15  [0x7fff650a858f]
        2789 _pthread_start  (in libsystem_pthread.dylib) + 125  [0x7fff650abd36]
          2789 g_thread_proxy  (in libglib-2.0.0.dylib) + 90  [0x111d328ca]  gthread.c:798
            2789 g_thread_pool_thread_proxy  (in libglib-2.0.0.dylib) + 50  [0x111d33892]  gthreadpool.c:309
              2789 extcap_thread_callback  (in Wireshark) + 62  [0x10aa2327e]
                2789 ws_pipe_spawn_sync  (in libwsutil.0.dylib) + 268  [0x111a2a4ac]  ws_pipe.c:482
                  2789 g_spawn_sync  (in libglib-2.0.0.dylib) + 275  [0x111d53bc3]  gspawn.c:281
                    2789 fork_exec_with_pipes  (in libglib-2.0.0.dylib) + 2305  [0x111d54911]  gspawn.c:0
                      2750 do_exec  (in libglib-2.0.0.dylib) + 154  [0x111d5505a]  gspawn.c:1161
                      + 2669 fcntl  (in libsystem_kernel.dylib) + 171  [0x7fff64fe9a88]
                      + ! 2611 __fcntl  (in libsystem_kernel.dylib) + 10,12,...  [0x7fff64fe9ace,0x7fff64fe9ad0,...]
                      + ! 27 cerror  (in libsystem_kernel.dylib) + 13  [0x7fff64fe838e]
                      + ! : 21 _pthread_exit_if_canceled  (in libsystem_pthread.dylib) + 0,5  [0x7fff650a6d34,0x7fff650a6d39]
                      + ! : 6 _pthread_exit_if_canceled  (in libsystem_kernel.dylib) + 10,7  [0x7fff64fe83b4,0x7fff64fe83b1]
                      + ! 26 cerror  (in libsystem_kernel.dylib) + 1,5,...  [0x7fff64fe8382,0x7fff64fe8386,...]
                      + ! 5 cerror  (in libsystem_kernel.dylib) + 20  [0x7fff64fe8395]
                      + !   5 cerror_nocancel  (in libsystem_kernel.dylib) + 0,22,...  [0x7fff64fe83b7,0x7fff64fe83cd,...]
                      + 81 fcntl  (in libsystem_kernel.dylib) + 171,178,...  [0x7fff64fe9a88,0x7fff64fe9a8f,...]
                      36 do_exec  (in libglib-2.0.0.dylib) + 154,157,...  [0x111d5505a,0x111d5505d,...]  gspawn.c:1161
                      3 DYLD-STUB$$fcntl  (in libglib-2.0.0.dylib) + 0  [0x111d7ed3a]

Total number in stack (recursive counted multiple, when >=5):

Sort by top of stack, same collapsed (when >= 5):
        __fcntl  (in libsystem_kernel.dylib)        2611
        fcntl  (in libsystem_kernel.dylib)        81
        do_exec  (in libglib-2.0.0.dylib)        36
        cerror  (in libsystem_kernel.dylib)        26
        _pthread_exit_if_canceled  (in libsystem_pthread.dylib)        21
        _pthread_exit_if_canceled  (in libsystem_kernel.dylib)        6
        cerror_nocancel  (in libsystem_kernel.dylib)        5
mwarner0's avatar
1
mwarner0
asked 2019-11-11 17:35:24 +0000, updated 2019-11-11 17:46:40 +0000
edit flag offensive 0 remove flag close merge delete

Comments

You could try temporarily moving the contents of the extcap directory to somewhere else in case it one of these items that's blocking.

grahamb's avatar grahamb (2019-11-11 18:03:43 +0000) edit
more
  • delete

Renaming extcap to extcap.bak allows Wireshark to successfully start now. I tried putting back just one or two of the capture plugins but the three I tried individually all led to the hang: udp, Cisco, and ssh.

mwarner0's avatar mwarner0 (2019-11-11 18:11:25 +0000) edit
more
  • delete

Could you provide the complete Wireshark version number for this?

Jaap's avatar Jaap (2019-11-11 19:15:13 +0000) edit
more
  • delete

./Wireshark --version Wireshark 3.1.0 (v3.1.0-0-g414ca80b2168)

mwarner0's avatar mwarner0 (2019-11-11 19:17:09 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

This is a bug in some software, whether it's ours or Apple's.

Please file a bug on this on the Wireshark Bugzilla; that makes it easier to track its status, including fixes.

Please paste the debug info into the bug.

And try getting a sample of the processes that are spinning at 100% and pasting them into the bug as well.

Guy Harris's avatar
19.9k
Guy Harris
answered 2019-11-11 23:22:37 +0000, updated 2019-11-11 23:23:22 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Created bug 16201

mwarner0's avatar mwarner0 (2019-11-12 00:40:55 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer