Wireshark 3.1 freeze under macOS Catalina
When starting Wireshark 3.1, I see one process forks five others and those five run at 100% CPU (per top). On the UI, Wireshark is stuck at "Initializing external capture plugins".
What information can I gather to help troubleshoot this?
Some debug info:
Sampling process 28323 for 3 seconds with 1 millisecond of run time between samples
Sampling completed, processing symbols...
Analysis of sampling Wireshark (pid 28323) every 1 millisecond
Process: Wireshark [28323]
Path: /Applications/Wireshark.app/Contents/MacOS/Wireshark
Load Address: 0x10a6ca000
Identifier: Wireshark
Version: ???
Code Type: X86-64
Parent Process: Wireshark [28319]
Date/Time: 2019-11-11 09:44:24.467 -0800
Launch Time: 2019-11-11 09:43:19.488 -0800
OS Version: Mac OS X 10.15.1 (19B88)
Report Version: 7
Analysis Tool: /usr/bin/sample
Physical footprint: 436K
Physical footprint (peak): 436K
----
Call graph:
2789 Thread_2686105: Main Thread DispatchQueue_<multiple>
2789 thread_start (in libsystem_pthread.dylib) + 15 [0x7fff650a858f]
2789 _pthread_start (in libsystem_pthread.dylib) + 125 [0x7fff650abd36]
2789 g_thread_proxy (in libglib-2.0.0.dylib) + 90 [0x111d328ca] gthread.c:798
2789 g_thread_pool_thread_proxy (in libglib-2.0.0.dylib) + 50 [0x111d33892] gthreadpool.c:309
2789 extcap_thread_callback (in Wireshark) + 62 [0x10aa2327e]
2789 ws_pipe_spawn_sync (in libwsutil.0.dylib) + 268 [0x111a2a4ac] ws_pipe.c:482
2789 g_spawn_sync (in libglib-2.0.0.dylib) + 275 [0x111d53bc3] gspawn.c:281
2789 fork_exec_with_pipes (in libglib-2.0.0.dylib) + 2305 [0x111d54911] gspawn.c:0
2750 do_exec (in libglib-2.0.0.dylib) + 154 [0x111d5505a] gspawn.c:1161
+ 2669 fcntl (in libsystem_kernel.dylib) + 171 [0x7fff64fe9a88]
+ ! 2611 __fcntl (in libsystem_kernel.dylib) + 10,12,... [0x7fff64fe9ace,0x7fff64fe9ad0,...]
+ ! 27 cerror (in libsystem_kernel.dylib) + 13 [0x7fff64fe838e]
+ ! : 21 _pthread_exit_if_canceled (in libsystem_pthread.dylib) + 0,5 [0x7fff650a6d34,0x7fff650a6d39]
+ ! : 6 _pthread_exit_if_canceled (in libsystem_kernel.dylib) + 10,7 [0x7fff64fe83b4,0x7fff64fe83b1]
+ ! 26 cerror (in libsystem_kernel.dylib) + 1,5,... [0x7fff64fe8382,0x7fff64fe8386,...]
+ ! 5 cerror (in libsystem_kernel.dylib) + 20 [0x7fff64fe8395]
+ ! 5 cerror_nocancel (in libsystem_kernel.dylib) + 0,22,... [0x7fff64fe83b7,0x7fff64fe83cd,...]
+ 81 fcntl (in libsystem_kernel.dylib) + 171,178,... [0x7fff64fe9a88,0x7fff64fe9a8f,...]
36 do_exec (in libglib-2.0.0.dylib) + 154,157,... [0x111d5505a,0x111d5505d,...] gspawn.c:1161
3 DYLD-STUB$$fcntl (in libglib-2.0.0.dylib) + 0 [0x111d7ed3a]
Total number in stack (recursive counted multiple, when >=5):
Sort by top of stack, same collapsed (when >= 5):
__fcntl (in libsystem_kernel.dylib) 2611
fcntl (in libsystem_kernel.dylib) 81
do_exec (in libglib-2.0.0.dylib) 36
cerror (in libsystem_kernel.dylib) 26
_pthread_exit_if_canceled (in libsystem_pthread.dylib) 21
_pthread_exit_if_canceled (in libsystem_kernel.dylib) 6
cerror_nocancel (in libsystem_kernel.dylib) 5
You could try temporarily moving the contents of the extcap directory to somewhere else in case it one of these items that's blocking.
Renaming extcap to extcap.bak allows Wireshark to successfully start now. I tried putting back just one or two of the capture plugins but the three I tried individually all led to the hang: udp, Cisco, and ssh.
Could you provide the complete Wireshark version number for this?
./Wireshark --version Wireshark 3.1.0 (v3.1.0-0-g414ca80b2168)