Results 1 to 1 of 1

Thread: wireshark caused a kernel trap, won't start

  1. 2016-11-05 #1
    happycuber
    happycuber is offline Junior Member
    Join Date
    2016-Nov
    Posts
    1

    wireshark caused a kernel trap, won't start

    Kali Linux fresh installed on MacBook Pro mid 2014 with 15-inch retina display.
    Kali Linux is natively installed on an USB 3.0 drive.
    macOS Sierra and Windows 10 pro was installed on the original SSD. I didn't use rEFInd and it worked.
    Kali Linux is up-to-date:
    # uname -a
    Linux Kali 4.7.0-kali1-amd64 #1 SMP Debian 4.7.8-1kali1 (2016-10-24) x86_64 GNU/Linux

    Problem:
    wireshark won't start (OS fresh install, runs first time)
    Symptoms:
    The wireshark window just appeared for less than a second then disappeared.
    When using command line to start wireshark, it outputs an error message showing: Illegal instruction.
    dmesg says:
    [12079.014682] traps: wireshark[22631] trap invalid opcode ip:7fa639992be8 sp:7ffe251219a8 error:0 in docsis.so[7fa639977000+3a000]
    /var/log/messages says:
    Nov 5 10:15:54 kali kernel: [12079.014682] traps: wireshark[22631] trap invalid opcode ip:7fa639992be8 sp:7ffe251219a8 error:0 in docsis.so[7fa639977000+3a000]
    Before I ran wireshark, there was a problem with cpu over heated by kworker. I disabled gpe06 permanently and the problem solved. Here is what I did:

    grep . -r /sys/firmware/acpi/interrupts/ (found gpe06 has highest request value)
    cp /sys/firmware/acpi/interrupts/gpe06 .
    cat gpe06
    crontab -e
    touch /etc/pm/sleep.d/30_disable_gpe06
    chmod +x /etc/pm/sleep.d/30_disable_gpe06
    nano /etc/pm/sleep.d/30_disable_gpe06
    top (cpu usage back to normal, gpe06 has been permanently disabled)
    I searched around but found nothing. Any help would be appreciated:-)

    [update]

    Because docsis.so has a problem, today I did this:
    cd /usr/lib/x86_64-linux-gnu/wireshark/plugins/2.2.1/
    mv docsis.so docsis.so.bak
    Then I ran wireshark, I got this:
    Err Field 'IOCTL' (gryphon.ioctl) has a 'strings' value but is of type FT_NONE (which is not allowed to have strings)

    Trace/breakpoint trap
    dmesg says:
    [ 1662.356738] traps: wireshark[3020] trap int3 ip:7fc5c1ac5241 sp:7ffe733750e0 error:0 in libglib2.0.so.0.5000.1[7fc5c1a75000+112000]
    Really don't know what happened.

    Another weired thing happening here is that whenI use airodump and aireplay, they return -1 as channel number. I tried to ignore it but didn't work.
    Last edited by happycuber; 2016-11-08 at 05:18.

Similar Threads

  1. Raspberry Pi 4 (4GB) wifi error - firmware trap in dongle
    By SRVNexus in forum ARM Archive
    Replies: 1
    Last Post: 2020-12-23, 15:16
  2. Wireshark segfault on start up in XFCE
    By executivejeff in forum TroubleShooting Archive
    Replies: 0
    Last Post: 2016-02-07, 23:35

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules