Tshark: Child dumpcap process died: Segmentation violation

ummeegge · 7 May 2021 07:14

Hi all,
tshark/dumpcap currently does not work and ends up with a

$ tshark -i red0  
Running as user "root" and group "root". This could be dangerous.
Capturing on 'red0'
tshark: Child dumpcap process died: Segmentation violation
0 packets captured

Possibly it relies on dumpcap:

$ dumpcap
Capturing on 'green0'
[1]    6814 segmentation fault  dumpcap

strace says:

futex(0x791ea60e29bc, FUTEX_WAKE_PRIVATE, 2147483647) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x5ad600ffffc0} ---
+++ killed by SIGSEGV +++
[1]    6864 segmentation fault  strace dumpcap

tshark version is:

$ tshark --version
Running as user "root" and group "root". This could be dangerous.
TShark (Wireshark) 3.4.3 (Git commit 6ae6cd335aa9)

Does someone else have this problem too ?

Best,

Erik

bonnietwin · 7 May 2021 07:56

Hi Erik,

I just tried your command out on my IPFire vm testbed and did not get a seg fault.

# tshark -i red0
Running as user "root" and group "root". This could be dangerous.
Capturing on 'red0'
 1 0.000000000 40:3f:8c:78:29:d4 → Broadcast    0x8899 60 Realtek Layer 2 Protocols
 2 0.009782422 40:3f:8c:78:2b:df → Broadcast    0x8899 60 Realtek Layer 2 Protocols
 3 0.690611541 192.168.26.200 → 192.168.26.32 TCP 286 222 → 55908 [PSH, ACK] Seq=1 Ack=1 Win=69 Len=220 TSval=1213938445 TSecr=3708698971
 4 0.690782952 192.168.26.32 → 192.168.26.200 TCP 66 55908 → 222 [ACK] Seq=1 Ack=221 Win=501 Len=0 TSval=3708700547 TSecr=1213938445
 5 1.003636614 40:3f:8c:78:29:d4 → Broadcast    0x8899 60 Realtek Layer 2 Protocols
 6 1.005468285 192.168.26.32 → 239.192.152.143 LSD 179 
 7 1.005505696 fe80::2b78:99eb:5c12:80f6 → ff15::efc0:988f LSD 201 
 8 1.013527385 40:3f:8c:78:2b:df → Broadcast    0x8899 60 Realtek Layer 2 Protocols
 9 1.238543680 192.168.26.200 → 192.168.26.32 TCP 390 222 → 55908 [PSH, ACK] Seq=221 Ack=1 Win=69 Len=324 TSval=1213938993 TSecr=3708700547
10 1.238752910 192.168.26.32 → 192.168.26.200 TCP 66 55908 → 222 [ACK] Seq=1 Ack=545 Win=501 Len=0 TSval=3708701095 TSecr=1213938993

My version message was exactly the same as yours.

Just tried it also on a hardware system and worked exactly the same. No seg fault message.

Edit:
Tried the dumpcap command and no problem.

# dumpcap
Capturing on 'red0'
File: /tmp/wireshark_red0QA0B30.pcapng
Packets captured: 73
Packets received/dropped on interface 'red0': 73/0 (pcap:0/dumpcap:0/flushed:0/ps_ifdrop:0) (100.0%)

Looks like your problem is related to dumpcap for some reason.

bonnietwin · 7 May 2021 08:00

Hi Erik,

Not sure if this has anything to do with your problem.

https://github.com/termux/termux-root-packages/issues/220

ummeegge · 7 May 2021 08:27

Hello Adolf,
thanks for pointing that out, have found that too but as far as i can see is this termux related. I use zsh but i do not use a terminal emulation, /tmp is also present.

Does run the current new tshark-3.4.3 on your platform ?

Best,

Erik

bonnietwin · 7 May 2021 08:30

Yes it was tshark-3.4.3 that I was using.

ummeegge · 7 May 2021 08:46

OK, thanks for checking it. Will take a look what causes it on my platform.

Best,

Erik