Explore the core architecture of the operating system, including the kernel, memory management, and process scheduling.

Posts under Core OS subtopic

Post

Replies

Boosts

Views

Activity

Core OS Resources
General: DevForums subtopic: App & System Services > Core OS Core OS is a catch-all subtopic for low-level APIs that don’t fall into one of these more specific areas: Processes & Concurrency Resources Files and Storage Resources Networking Resources Network Extension Resources Security Resources Virtualization Resources Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"
0
0
1.4k
Aug ’25
Automix in Apple Music is inoperative in iPadOS 27 Beta 1 and later version on iPad Pro (M4)
After updating 13-inch iPad Pro (M4, 1TB, cellular model) to iPadOS 27 Beta 1 and later version, the automix mode in the Music app has stopped working. I have confirmed this issue is unrelated to my subscription status. I tried toggling the Song Transition option back on in Settings and switching to the Crossfade mode, but the problem persists—the Song Transition button inside the Music app remains grayed out and unavailable.
0
0
16
6h
UGreen NAS - Unable to enumerate contents of directory on iOS, works on macOS
I have a UGreen NAS. My app can read the contents of a folder on the NAS from macOS, but it cannot read the contents of a folder from iOS. I bring up a UIDocumentPickerViewController(forOpeningContentTypes: [UTType.folder], asCopy: false). I can pick a folder on the iPad’s internal storage, and successfully enumerate its contents. On the UGreen, I can pick a folder, but the content enumeration always returns zero items (no errors). Enumeration of the UGreen works from macOS. It also works on the iPad when connecting to a Mac mini, or a Synology NAS. . Files.app is able to view the UGreen folder and its contents. Oddly, my app cannot enumerate the contents, but it IS able to write a file to that UGreen folder. Since Files.app can enumerate and I can write to the UGreen folder (and I can enumerate contents on other servers) - how can I get the enumeration to work? Feedback is FB22955130
10
0
402
9h
VZUSBPassthroughDevice Breaks macOS OTA Update Personalization
When trying to update from beta 2 to beta 3 and from beta 3 to the revised beta 3 build, softwareupdate failed at the personalization step. This was because a USB-C accessory passed through to a VM via Virtualization.framework was holding the USB-C controller. This blocked I²C access to the AppleTypeCRetimer chip during the preflight personalization phase. In the unified log, this appears as: AppleTypeCRetimerIICDeviceHandle readRegister: Read result 0xe00002d5 AppleHPMLibRT13Interface: HPM is NOT in ADFU, modeData=0x20505041 [SPI] MSUParsedToleratedFailureForStep | step:update_usbcretimer → FAILURE MSUPreflightUpdate | FAILURE → "failed to copy firmware identity" 0xe00002d5 = IOKit I²C device not responding 0x20505041 = "APP " — HPM stuck in application mode, can't enter ADFU (firmware update mode) Without retimer firmware identity, the SFR installer can't complete personalization I was able to work around this by physically unplugging the passed through device (which is suboptimal for a headless server in a rack). Feedback ID: FB23772773 Hardware: Mac16,9 (Apple Silicon) Update: macOS 27 Beta 3 (26A5378j → 26A5378n), full OTA via Software Update Failure: SUMacControllerErrorPreflightPersonalizeFailed (7723) → MSU_ERR_PERSONALIZATION_FAILURE (2) → "failed to copy firmware identity" (1259)
2
0
55
20h
OS debug logs not visible in console when macOS is closed
Overview When the macOS app is closed, the os logs (debug) logs are not visible in the Console app. However even when the iOS app is closed / killed, the os logs (debug) logs are visible in the Console app. What I have tried Console app menu Action > Include Debug Messages is checked Searched by subsystem Created a macOS app from the archive by choosing selecting Debugging option Note OS debug logs are visible when the macOS app is open Questions How can I make macOS debug logs visible in the Console app when the Mac app is closed? Should I be searching by some other fields? Or is there any other alternative / workaround this because I need to debug this scenario when app is closed?
2
0
57
22h
SIGSTOP logd causes panic?
Hi, we're seeing a panic when we SIGSTOP the logd pid. panic(cpu 2 caller 0xfffffe0020e9a364): userspace watchdog timeout: no successful checkins from logd (0 induced crashes) in 120 seconds You may ask "well why would you do that?" and the answer is that we're seeing panics from watchdog/logd when we hammer the diskIO for a download/write (APFS sparse file creation) operation in our software. Is it normal to see this?
5
0
113
1d
Memory Crash Test Table on 3GB RAM iOS Devices
The total physical memory of 3GB iOS devices is very tight. After system memory occupation, the available memory for third-party apps is extremely insufficient, leading to frequent OOM termination. Enabling or disabling JavaScriptCore causes a huge difference in app memory crash threshold. Without JSC, the app will crash at only 1.52GB memory usage, which severely restricts normal business running. The common 4MB and 8MB memory allocation used in our project falls into the high memory fragmentation range defined by libmalloc, resulting in the lowest memory crash limit and worst stability. Our core business relies heavily on JSC environment for JS interaction, resource rendering and dynamic logic execution. We cannot shut down JSC, but 3GB devices still face serious memory shortage even with JSC enabled. Mass users with 3GB RAM old iOS devices suffer from frequent app crashes, freeze, background kill and loading failure, which badly damage user experience and product reputation. We have finished all app-level memory optimization: adjust allocation size, optimize memory release, reduce resident memory, but still cannot break through the fixed memory crash limit. There is no effective solution on application layer. We sincerely ask Apple official engineers to provide official suggestions, system-level memory tuning solutions and JSC memory scheduling optimization guidance to solve the memory limit bottleneck on 3GB RAM iOS devices.
3
0
320
1d
Bluetooth Channel Sounding on iOS 27 Beta — CS Procedures Execute but Distance Always Returns 0
I'm trying to get Apple's new Bluetooth Channel Sounding distance measurement working between an iPhone running iOS 27 Beta and a Nordic nRF54L15-based board. The CS procedures appear to execute successfully over the air (Mode 0 + Mode 2 with Inline PCT), but the iOS sample app consistently returns 0 distance readings and occasionally throws Channel Sounding configuration failed. What specific validation does iOS 27 apply to CS results before surfacing them ? Are there known compatibility requirements for Nordic nRF54L15 with iOS Channel Sounding? (Nordic has indicated they're working on official support but have no timeline) Is there a publicly available hardware and/or firmware platform already available we can use to test? PacketLogger log nRF54L15 log
4
0
581
1d
FSKit and CI Automation for Filesystem Development
Hi everyone, First, I'd like to say that I'm really excited about the direction FSKit is taking. Having a modern, user-space filesystem framework on macOS is a huge improvement, and I'm currently working on porting an existing cross-platform FUSE-based filesystem to use it. One challenge I've run into is automated testing. Our project has Linux, Windows, and macOS CI. On Linux, we can perform real mount/unmount integration tests on every commit. On Windows, we can do the same using WinFsp. However, on GitHub-hosted macOS runners, it appears that filesystem extensions still require interactive approval or registration before they can be mounted. This makes it difficult to validate the actual mount lifecycle in ephemeral CI environments. We can still compile and unit test our filesystem logic, but we can't exercise the final "mount a filesystem and verify it behaves correctly" integration tests without a self-hosted Mac. I'm curious whether this is the expected long-term workflow, or whether Apple has plans to make this easier for developers. Some questions I have are: Is unattended registration of an FSKit filesystem extension in CI something that's being considered? Are there plans to support ephemeral CI environments such as GitHub Actions without requiring manual interaction? Is there a recommended approach for automated integration testing of FSKit filesystems today that I'm overlooking? More generally, what does Apple envision as the best practice for projects that want to continuously test real filesystem mounts? I completely understand the security motivations for requiring user approval on end-user systems. My question is specifically about trusted development and CI environments where the machine is temporary and exists solely for automated testing. Thanks for any guidance, and thanks to the FSKit team for the work that's gone into making user-space filesystems a first-class experience on macOS.
0
0
38
1d
Kernel Sandbox/System Policy intermittently denies ALL file access (not just mount syscall) on NFS mounts
I'm seeing a recurring issue on macOS 26.5.2 (build 25F84) where the kernel's Sandbox/System Policy layer intermittently denies file access on NFS mount points from local network servers. Posting here in case anyone recognizes this pattern or has a workaround, and flagging it since I've also filed a Feedback Assistant report (with a live-captured sysdiagnose) for the same issue. WHAT HAPPENS Two independent NFS mounts to two separate, unrelated servers on my LAN start failing simultaneously with "Operation not permitted." The kernel log shows: kernel: (Sandbox) System Policy: mount_nfs(PID) deny(1) file-mount /path/to/mount Critically, it's not limited to the mount syscall - within the same few-second window, System Policy also denies ls, perl, diskutil, and even umount -f on the exact same path, for otherwise unrelated processes. So it looks like a transient, path-scoped kernel decision rather than something specific to NFS or the mount syscall. It self-heals anywhere from seconds to ~30 minutes later, then recurs - documented 30-80+ occurrences/day via a background watchdog script. WHAT I'VE RULED OUT Server-side cause: two independent servers on different hardware fail identically at the same instant. Network issue: checked network logs in the same window, no correlated connectivity event. Third-party kext conflict: kextstat shows zero third-party kexts loaded. syspolicyd database corruption: no "ASP: Validation category" signature present. TCC/Full Disk Access: already granted; the denying layer is kernel Sandbox "System Policy," not TCC. QUESTION Has anyone else run into System Policy denying file-mount/file-read-data/file-unmount on network volume paths intermittently like this? Is there any userland way to inspect or reset whatever internal state drives this decision (I haven't found one - no spctl/tccutil/sysctl lever that touches it)? Happy to share more log excerpts if useful.
11
0
295
2d
com.apple.asam profile installs but is reported as "com.apple.unknown" on iOS 26.5.1 (ASAM not granted)
I'm trying to enable Autonomous Single App Mode (ASAM) for my own app on a supervised iPhone, but UIAccessibility.requestGuidedAccessSession(enabled:) always returns false, even though the com.apple.asam profile installs without error. Environment Device: iPhone 16 (iPhone18,5), iOS 26.5.1 Supervised: yes (verified via DeviceInformation query → IsSupervised = true) MDM: self-hosted NanoMDM. Other payloads (com.apple.webcontent-filter, com.apple.applicationaccess) install and work correctly. App: development-signed, Bundle ID net.self-control-mdm.SessionLock, Team ID 9VH4G6KS29 Profile I'm sending (matches the AutonomousSingleAppMode documentation exactly): What happens InstallProfile is Acknowledged with no ErrorChain. A ProfileList query shows the profile IS installed, but its payload type is reported as com.apple.unknown (display name is preserved). In Settings → General → VPN & Device Management, the profile shows the payload as "Unknown Payload". In the app, requestGuidedAccessSession(enabled: true) completion returns success = false. Rebooting the device does not change anything. Questions Is the legacy com.apple.asam profile payload still honored on iOS 26, or has ASAM authorization moved to Declarative Device Management? If DDM is now required, which declaration/configuration should I use to allow-list an app for ASAM? Does com.apple.unknown in the ProfileList response indicate the payload was genuinely not recognized, or is that expected for this payload type? Are there additional requirements on iOS 26 (e.g., the app must be an MDM-managed app, or a non-development signature) for requestGuidedAccessSession to succeed? Thanks in advance.
3
0
148
2d
Background Asset not downloading for TF iPad
I have created and tested background assets (Apple Hosted) with both "essential" and "onDemand". They works on the iPhone and iPad following the "Testing asset packs locally" steps. However, when I upload to TF; the iPad fails to download. The iPhone is able to download both "essential" and "onDemand" fine. I am adopting the manifest from xcrun ba-package template -o Manifest.json Manifest.json
1
0
278
3d
FSKit removeItem Not Being Called
Environment macOS Version: 26.1 Xcode Version: 16.2 Description I'm developing a custom file system using FSKit and have encountered an issue where the removeItem(_:named:fromDirectory:) method in my FSVolume.Operations implementation is not being invoked when attempting to delete files or directories through Finder or the command line. Implementation My volume implements the required FSVolume.Operations protocol with the following removeItem implementation: func removeItem( _ item: FSItem, named name: FSFileName, fromDirectory directory: FSItem ) async throws { logger.info("remove: \(name)") if let item = item as? MyFSItem, let directory = directory as? MyFSItem { directory.removeItem(item) } else { throw fs_errorForPOSIXError(POSIXError.EIO.rawValue) } } Steps to Reproduce Mount the custom FSKit-based file system using: mount -F -t MyFS /dev/diskX /tmp/mountpoint Create files using Finder or terminal (works correctly - createItem is called) Attempt to delete a file using any of the following methods: Terminal command: rm -rf /path/to/mounted/file option + cmd + delete to remove the file in Finder Expected Behavior The removeItem(_:named:fromDirectory:) method should be called, logging "remove: [filename]" and removing the item from the directory's children collection. Actual Behavior The removeItem method is never invoked. No logs appear from this method in Console.app. The deletion operation either fails silently or returns an error, but the callback never occurs. Additional Context Working operations: Other operations work correctly including: createItem - files and directories can be created lookupItem - items can be looked up successfully enumerateDirectory - directory listing works read and write - file I/O operations work correctly Volume state: The volume is properly mounted and accessible Files can be created, read, and written successfully Volume capabilities configured: var supportedVolumeCapabilities: FSVolume.SupportedCapabilities { let capabilities = FSVolume.SupportedCapabilities() capabilities.supportsHardLinks = true capabilities.supportsSymbolicLinks = true capabilities.supportsPersistentObjectIDs = true capabilities.doesNotSupportVolumeSizes = true capabilities.supportsHiddenFiles = true capabilities.supports64BitObjectIDs = true capabilities.caseFormat = .insensitiveCasePreserving return capabilities } Questions Are there specific volume capabilities or entitlements required for removeItem to be invoked? Is there a specific way deletion operations need to be enabled in FSKit? Could this be related to how file permissions or attributes are set during createItem? Are there any known issues with deletion operations in the current FSKit implementation? Do I need to implement additional protocols or set specific flags to support item deletion? Any guidance would be greatly appreciated. Has anyone successfully implemented deletion operations in FSKit? Thank you!
4
2
556
3d
Pinpointing dandling pointers in 3rd party KEXTs
I'm debugging the following kernel panic to do with my custom filesystem KEXT: panic(cpu 0 caller 0xfffffe004cae3e24): [kalloc.type.var4.128]: element modified after free (off:96, val:0x00000000ffffffff, sz:128, ptr:0xfffffe2e7c639600) My reading of this is that somewhere in my KEXT I'm holding a reference 0xfffffe2e7c639600 to a 128 byte zone that wrote 0x00000000ffffffff at offset 96 after that particular chunk of memory had been released and zeroed out by the kernel. The panic itself is emitted when my KEXT requests the memory chunk that's been tempered with via the following set of calls. zalloc_uaf_panic() __abortlike static void zalloc_uaf_panic(zone_t z, uintptr_t elem, size_t size) { ... (panic)("[%s%s]: element modified after free " "(off:%d, val:0x%016lx, sz:%d, ptr:%p)%s", zone_heap_name(z), zone_name(z), first_offs, first_bits, esize, (void *)elem, buf); ... } zalloc_validate_element() static void zalloc_validate_element( zone_t zone, vm_offset_t elem, vm_size_t size, zalloc_flags_t flags) { ... if (memcmp_zero_ptr_aligned((void *)elem, size)) { zalloc_uaf_panic(zone, elem, size); } ... } The panic is triggered if memcmp_zero_ptr_aligned(), which is implemented in assembly, detects that an n-sized chunk of memory has been written after being free'd. /* memcmp_zero_ptr_aligned() checks string s of n bytes contains all zeros. * Address and size of the string s must be pointer-aligned. * Return 0 if true, 1 otherwise. Also return 0 if n is 0. */ extern int memcmp_zero_ptr_aligned(const void *s, size_t n); Normally, KASAN would be resorted to to aid with that. The KDK README states that KASAN kernels won't load on Apple Silicon. Attempting to follow the instructions given in the README for Intel-based machines does result in a failure for me on Apple Silicon. I stumbled on the Pishi project. But the custom boot kernel collection that gets created doesn't have any of the KEXTs that were specified to kmutil(8) via the --explicit-only flag, so it can't be instrumented in Ghidra. Which is confirmed as well by running: % kmutil inspect -B boot.kc.kasan boot kernel collection at /Users/user/boot.kc.kasan (AEB8F757-E770-8195-458D-B87CADCAB062): Extension Information: I'd appreciate any pointers on how to tackle UAFs in kernel space.
9
0
1.1k
3d
FSKit: two extension processes after mount, one survives unmount — expected behavior?
Hi, I'm developing an FSKit extension and noticed a consistent process lifecycle that also reproduces with Apple's official passthrough sample. Environment: macOS: [26.5.2] Xcode: [26.6] Observed behavior: After a successful mount, Activity Monitor shows two processes with the same executable path (the embedded .appex inside the host app). After umount, one process exits; one remains. A subsequent mount again results in two active processes (one lingering + one new mount-serving instance, depending on timing). What I've ruled out: Not caused by Instruments / lldb attach (reproduces after reboot, with no debugger attached). Not specific to our project: Apple's official passthrough FSKit demo shows the same pattern. Not duplicate pluginkit registrations at different paths — both processes report the same .appex executable path. Not requiring the host app to be running — reproduces with command-line mount only (UDrive app and Xcode quit). Questions: Is this the intended FSKit lifecycle? After umount, is it expected that one extension process remains idle rather than exiting completely? Thanks!
2
0
132
3d
Virtualization.framework: VM slot counter not decremented after macOS guest shutdown (VZErrorVirtualMachineLimitExceeded)
When running a macOS virtual machine using Virtualization.framework, I am encountering a reproducible issue where the kernel’s internal VM slot counter (hv_apple_isa_vm_quota) is not decremented after a guest-initiated shutdown. This leads to subsequent VM launches failing with VZErrorVirtualMachineLimitExceeded, even though no active VMs appear to be running. Steps to Reproduce: Create a valid VZVirtualMachineConfiguration for a macOS guest Initialize and start a VZVirtualMachine instance Inside the guest macOS, perform a normal shutdown (Apple menu → Shut Down) Wait until VZVirtualMachine.state becomes .stopped Attempt to start the same VZVirtualMachine instance again Expected Behavior: The VM should restart successfully.
The kernel should release the VM slot once the guest shuts down, allowing a new VM instance to start without requiring any host-side intervention. Actual Behavior: start() fails with: Domain: VZErrorDomain Code: 6 (VZErrorVirtualMachineLimitExceeded) Description: “The number of virtual machines exceeds the limit. The maximum supported number of active virtual machines has been reached.” Despite the VM reporting .stopped, the system continues to behave as if a slot is still allocated. Workarounds Tested: The following approaches did not resolve the issue: Releasing and recreating the VZVirtualMachine instance Introducing delays (5s, 30s, 60s) before restarting Terminating all processes related to Virtualization.framework The only reliable recovery is a full macOS host reboot, which resets the VM quota state. Environment: macOS 26.5 (Tahoe) Apple Silicon: M4 Max Virtualization.framework (system-provided) Impact: This issue makes reliable VM lifecycle management difficult for applications relying on Virtualization.framework (e.g., UTM and similar tools). In automated environments (CI/CD, testing pipelines), it can cause persistent VM launch failures and require full host reboots, interrupting all workloads. Suspected Issue: It appears the kernel VM slot counter (hv_apple_isa_vm_quota) is not consistently decremented when a VM exits via guest-initiated shutdown, despite the VZVirtualMachine transitioning to .stopped. This suggests a race condition or missing cleanup path in the shutdown lifecycle handling. Request: Could you confirm whether this is a known issue or expected behavior, and whether there is a recommended API-level workaround to ensure VM slot cleanup after guest shutdown?
4
1
312
3d
Error 10007 installing latest Sequoia guest on Tahoe host
Filed a feedback on this: FB23038153 I am unable to install a new Sequoia 15.6.1 (latest available .ipsw) on a Tahoe 26.5.1 host using a Virtualization.framework-based VM app. I’ve tried both Tart and VirtualBuddy. Both get to 90% of the installation, then fail with this error: Error Domain=VZErrorDomain Code=10007 "Installation failed." UserInfo={NSLocalizedFailure=An error occurred during installation., NSLocalizedFailureReason=Installation failed., NSUnderlyingError=0xc2ac2e280 {Error Domain=com.apple.MobileDevice.MobileRestore Code=-1 "AMRestorePerformRestoreModeRestoreWithError failed with error: 11" UserInfo={NSLocalizedDescription=AMRestorePerformRestoreModeRestoreWithError failed with error: 11, NSLocalizedFailureReason=An unknown error occurred during installation.}}} I have tried re-installing MobileDevice.pkg from both Xcode 27 beta 1 and Xcode 26.5.0. I’ve rebooted my Mac. I get the same result each time. I’ve also tried using an older Sequoia restore image (15.4.1), same result. Installing a Tahoe guest works fine.
3
0
352
3d
How to uniquely identify the device for my app?
Hi, Overview I have an app that is available on iOS, macOS, visionOS. I should be able to differentiate between device 1 and device 2 I only care about my app Purpose: For core data / swift data history tracking I would like which device wrote the data Question How do I get a unique id that will differentiate my app running on device 1 vs device2? How do I do it for iOS / macOS and visionOS? Or is my approach wrong?
2
0
114
5d
Unable to disable SIP on macOS 27 Beta 1
I work for a company which develops as part of our product suite a System Extension implementing an Endpoint Security client. Our local developer workflow for testing and validating changes is to build locally with Developer certificates (not a legitimate/production Developer ID certificate) and deploy local builds in to a VM, where to get the System Extension to load and be accepted we need to disable SIP & AMFI. macOS 27 VM is refusing to allow me to disable SIP. Is there an alternate approach we can use for this workflow to allow macOS VMs to accept our software when signing with a (same teamID, but different certificate to the provisioningprofile) developer certificate for local validation?
6
3
857
6d
Core OS Resources
General: DevForums subtopic: App & System Services > Core OS Core OS is a catch-all subtopic for low-level APIs that don’t fall into one of these more specific areas: Processes & Concurrency Resources Files and Storage Resources Networking Resources Network Extension Resources Security Resources Virtualization Resources Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"
Replies
0
Boosts
0
Views
1.4k
Activity
Aug ’25
Automix in Apple Music is inoperative in iPadOS 27 Beta 1 and later version on iPad Pro (M4)
After updating 13-inch iPad Pro (M4, 1TB, cellular model) to iPadOS 27 Beta 1 and later version, the automix mode in the Music app has stopped working. I have confirmed this issue is unrelated to my subscription status. I tried toggling the Song Transition option back on in Settings and switching to the Crossfade mode, but the problem persists—the Song Transition button inside the Music app remains grayed out and unavailable.
Replies
0
Boosts
0
Views
16
Activity
6h
UGreen NAS - Unable to enumerate contents of directory on iOS, works on macOS
I have a UGreen NAS. My app can read the contents of a folder on the NAS from macOS, but it cannot read the contents of a folder from iOS. I bring up a UIDocumentPickerViewController(forOpeningContentTypes: [UTType.folder], asCopy: false). I can pick a folder on the iPad’s internal storage, and successfully enumerate its contents. On the UGreen, I can pick a folder, but the content enumeration always returns zero items (no errors). Enumeration of the UGreen works from macOS. It also works on the iPad when connecting to a Mac mini, or a Synology NAS. . Files.app is able to view the UGreen folder and its contents. Oddly, my app cannot enumerate the contents, but it IS able to write a file to that UGreen folder. Since Files.app can enumerate and I can write to the UGreen folder (and I can enumerate contents on other servers) - how can I get the enumeration to work? Feedback is FB22955130
Replies
10
Boosts
0
Views
402
Activity
9h
Does virtualizing macOS 27 require a macOS 27 host?
Trying to virtualize macOS 27 on a 26.6 host failed at 77% install progress, even with Xcode 27 beta installed. But worked fine on a macOS 27 host. Are there any tricks to use a 26 host? Thanks!
Replies
24
Boosts
13
Views
3.1k
Activity
19h
VZUSBPassthroughDevice Breaks macOS OTA Update Personalization
When trying to update from beta 2 to beta 3 and from beta 3 to the revised beta 3 build, softwareupdate failed at the personalization step. This was because a USB-C accessory passed through to a VM via Virtualization.framework was holding the USB-C controller. This blocked I²C access to the AppleTypeCRetimer chip during the preflight personalization phase. In the unified log, this appears as: AppleTypeCRetimerIICDeviceHandle readRegister: Read result 0xe00002d5 AppleHPMLibRT13Interface: HPM is NOT in ADFU, modeData=0x20505041 [SPI] MSUParsedToleratedFailureForStep | step:update_usbcretimer → FAILURE MSUPreflightUpdate | FAILURE → "failed to copy firmware identity" 0xe00002d5 = IOKit I²C device not responding 0x20505041 = "APP " — HPM stuck in application mode, can't enter ADFU (firmware update mode) Without retimer firmware identity, the SFR installer can't complete personalization I was able to work around this by physically unplugging the passed through device (which is suboptimal for a headless server in a rack). Feedback ID: FB23772773 Hardware: Mac16,9 (Apple Silicon) Update: macOS 27 Beta 3 (26A5378j → 26A5378n), full OTA via Software Update Failure: SUMacControllerErrorPreflightPersonalizeFailed (7723) → MSU_ERR_PERSONALIZATION_FAILURE (2) → "failed to copy firmware identity" (1259)
Replies
2
Boosts
0
Views
55
Activity
20h
OS debug logs not visible in console when macOS is closed
Overview When the macOS app is closed, the os logs (debug) logs are not visible in the Console app. However even when the iOS app is closed / killed, the os logs (debug) logs are visible in the Console app. What I have tried Console app menu Action > Include Debug Messages is checked Searched by subsystem Created a macOS app from the archive by choosing selecting Debugging option Note OS debug logs are visible when the macOS app is open Questions How can I make macOS debug logs visible in the Console app when the Mac app is closed? Should I be searching by some other fields? Or is there any other alternative / workaround this because I need to debug this scenario when app is closed?
Replies
2
Boosts
0
Views
57
Activity
22h
SIGSTOP logd causes panic?
Hi, we're seeing a panic when we SIGSTOP the logd pid. panic(cpu 2 caller 0xfffffe0020e9a364): userspace watchdog timeout: no successful checkins from logd (0 induced crashes) in 120 seconds You may ask "well why would you do that?" and the answer is that we're seeing panics from watchdog/logd when we hammer the diskIO for a download/write (APFS sparse file creation) operation in our software. Is it normal to see this?
Replies
5
Boosts
0
Views
113
Activity
1d
Memory Crash Test Table on 3GB RAM iOS Devices
The total physical memory of 3GB iOS devices is very tight. After system memory occupation, the available memory for third-party apps is extremely insufficient, leading to frequent OOM termination. Enabling or disabling JavaScriptCore causes a huge difference in app memory crash threshold. Without JSC, the app will crash at only 1.52GB memory usage, which severely restricts normal business running. The common 4MB and 8MB memory allocation used in our project falls into the high memory fragmentation range defined by libmalloc, resulting in the lowest memory crash limit and worst stability. Our core business relies heavily on JSC environment for JS interaction, resource rendering and dynamic logic execution. We cannot shut down JSC, but 3GB devices still face serious memory shortage even with JSC enabled. Mass users with 3GB RAM old iOS devices suffer from frequent app crashes, freeze, background kill and loading failure, which badly damage user experience and product reputation. We have finished all app-level memory optimization: adjust allocation size, optimize memory release, reduce resident memory, but still cannot break through the fixed memory crash limit. There is no effective solution on application layer. We sincerely ask Apple official engineers to provide official suggestions, system-level memory tuning solutions and JSC memory scheduling optimization guidance to solve the memory limit bottleneck on 3GB RAM iOS devices.
Replies
3
Boosts
0
Views
320
Activity
1d
Bluetooth Channel Sounding on iOS 27 Beta — CS Procedures Execute but Distance Always Returns 0
I'm trying to get Apple's new Bluetooth Channel Sounding distance measurement working between an iPhone running iOS 27 Beta and a Nordic nRF54L15-based board. The CS procedures appear to execute successfully over the air (Mode 0 + Mode 2 with Inline PCT), but the iOS sample app consistently returns 0 distance readings and occasionally throws Channel Sounding configuration failed. What specific validation does iOS 27 apply to CS results before surfacing them ? Are there known compatibility requirements for Nordic nRF54L15 with iOS Channel Sounding? (Nordic has indicated they're working on official support but have no timeline) Is there a publicly available hardware and/or firmware platform already available we can use to test? PacketLogger log nRF54L15 log
Replies
4
Boosts
0
Views
581
Activity
1d
FSKit and CI Automation for Filesystem Development
Hi everyone, First, I'd like to say that I'm really excited about the direction FSKit is taking. Having a modern, user-space filesystem framework on macOS is a huge improvement, and I'm currently working on porting an existing cross-platform FUSE-based filesystem to use it. One challenge I've run into is automated testing. Our project has Linux, Windows, and macOS CI. On Linux, we can perform real mount/unmount integration tests on every commit. On Windows, we can do the same using WinFsp. However, on GitHub-hosted macOS runners, it appears that filesystem extensions still require interactive approval or registration before they can be mounted. This makes it difficult to validate the actual mount lifecycle in ephemeral CI environments. We can still compile and unit test our filesystem logic, but we can't exercise the final "mount a filesystem and verify it behaves correctly" integration tests without a self-hosted Mac. I'm curious whether this is the expected long-term workflow, or whether Apple has plans to make this easier for developers. Some questions I have are: Is unattended registration of an FSKit filesystem extension in CI something that's being considered? Are there plans to support ephemeral CI environments such as GitHub Actions without requiring manual interaction? Is there a recommended approach for automated integration testing of FSKit filesystems today that I'm overlooking? More generally, what does Apple envision as the best practice for projects that want to continuously test real filesystem mounts? I completely understand the security motivations for requiring user approval on end-user systems. My question is specifically about trusted development and CI environments where the machine is temporary and exists solely for automated testing. Thanks for any guidance, and thanks to the FSKit team for the work that's gone into making user-space filesystems a first-class experience on macOS.
Replies
0
Boosts
0
Views
38
Activity
1d
Kernel Sandbox/System Policy intermittently denies ALL file access (not just mount syscall) on NFS mounts
I'm seeing a recurring issue on macOS 26.5.2 (build 25F84) where the kernel's Sandbox/System Policy layer intermittently denies file access on NFS mount points from local network servers. Posting here in case anyone recognizes this pattern or has a workaround, and flagging it since I've also filed a Feedback Assistant report (with a live-captured sysdiagnose) for the same issue. WHAT HAPPENS Two independent NFS mounts to two separate, unrelated servers on my LAN start failing simultaneously with "Operation not permitted." The kernel log shows: kernel: (Sandbox) System Policy: mount_nfs(PID) deny(1) file-mount /path/to/mount Critically, it's not limited to the mount syscall - within the same few-second window, System Policy also denies ls, perl, diskutil, and even umount -f on the exact same path, for otherwise unrelated processes. So it looks like a transient, path-scoped kernel decision rather than something specific to NFS or the mount syscall. It self-heals anywhere from seconds to ~30 minutes later, then recurs - documented 30-80+ occurrences/day via a background watchdog script. WHAT I'VE RULED OUT Server-side cause: two independent servers on different hardware fail identically at the same instant. Network issue: checked network logs in the same window, no correlated connectivity event. Third-party kext conflict: kextstat shows zero third-party kexts loaded. syspolicyd database corruption: no "ASP: Validation category" signature present. TCC/Full Disk Access: already granted; the denying layer is kernel Sandbox "System Policy," not TCC. QUESTION Has anyone else run into System Policy denying file-mount/file-read-data/file-unmount on network volume paths intermittently like this? Is there any userland way to inspect or reset whatever internal state drives this decision (I haven't found one - no spctl/tccutil/sysctl lever that touches it)? Happy to share more log excerpts if useful.
Replies
11
Boosts
0
Views
295
Activity
2d
com.apple.asam profile installs but is reported as "com.apple.unknown" on iOS 26.5.1 (ASAM not granted)
I'm trying to enable Autonomous Single App Mode (ASAM) for my own app on a supervised iPhone, but UIAccessibility.requestGuidedAccessSession(enabled:) always returns false, even though the com.apple.asam profile installs without error. Environment Device: iPhone 16 (iPhone18,5), iOS 26.5.1 Supervised: yes (verified via DeviceInformation query → IsSupervised = true) MDM: self-hosted NanoMDM. Other payloads (com.apple.webcontent-filter, com.apple.applicationaccess) install and work correctly. App: development-signed, Bundle ID net.self-control-mdm.SessionLock, Team ID 9VH4G6KS29 Profile I'm sending (matches the AutonomousSingleAppMode documentation exactly): What happens InstallProfile is Acknowledged with no ErrorChain. A ProfileList query shows the profile IS installed, but its payload type is reported as com.apple.unknown (display name is preserved). In Settings → General → VPN & Device Management, the profile shows the payload as "Unknown Payload". In the app, requestGuidedAccessSession(enabled: true) completion returns success = false. Rebooting the device does not change anything. Questions Is the legacy com.apple.asam profile payload still honored on iOS 26, or has ASAM authorization moved to Declarative Device Management? If DDM is now required, which declaration/configuration should I use to allow-list an app for ASAM? Does com.apple.unknown in the ProfileList response indicate the payload was genuinely not recognized, or is that expected for this payload type? Are there additional requirements on iOS 26 (e.g., the app must be an MDM-managed app, or a non-development signature) for requestGuidedAccessSession to succeed? Thanks in advance.
Replies
3
Boosts
0
Views
148
Activity
2d
Is Sandboxing possible for Command line app run with sudo
Hi Team, If I want to create a command line app in swift which needs to be invoked using sudo, will I be able to sandbox this app?
Replies
2
Boosts
0
Views
91
Activity
2d
Background Asset not downloading for TF iPad
I have created and tested background assets (Apple Hosted) with both "essential" and "onDemand". They works on the iPhone and iPad following the "Testing asset packs locally" steps. However, when I upload to TF; the iPad fails to download. The iPhone is able to download both "essential" and "onDemand" fine. I am adopting the manifest from xcrun ba-package template -o Manifest.json Manifest.json
Replies
1
Boosts
0
Views
278
Activity
3d
FSKit removeItem Not Being Called
Environment macOS Version: 26.1 Xcode Version: 16.2 Description I'm developing a custom file system using FSKit and have encountered an issue where the removeItem(_:named:fromDirectory:) method in my FSVolume.Operations implementation is not being invoked when attempting to delete files or directories through Finder or the command line. Implementation My volume implements the required FSVolume.Operations protocol with the following removeItem implementation: func removeItem( _ item: FSItem, named name: FSFileName, fromDirectory directory: FSItem ) async throws { logger.info("remove: \(name)") if let item = item as? MyFSItem, let directory = directory as? MyFSItem { directory.removeItem(item) } else { throw fs_errorForPOSIXError(POSIXError.EIO.rawValue) } } Steps to Reproduce Mount the custom FSKit-based file system using: mount -F -t MyFS /dev/diskX /tmp/mountpoint Create files using Finder or terminal (works correctly - createItem is called) Attempt to delete a file using any of the following methods: Terminal command: rm -rf /path/to/mounted/file option + cmd + delete to remove the file in Finder Expected Behavior The removeItem(_:named:fromDirectory:) method should be called, logging "remove: [filename]" and removing the item from the directory's children collection. Actual Behavior The removeItem method is never invoked. No logs appear from this method in Console.app. The deletion operation either fails silently or returns an error, but the callback never occurs. Additional Context Working operations: Other operations work correctly including: createItem - files and directories can be created lookupItem - items can be looked up successfully enumerateDirectory - directory listing works read and write - file I/O operations work correctly Volume state: The volume is properly mounted and accessible Files can be created, read, and written successfully Volume capabilities configured: var supportedVolumeCapabilities: FSVolume.SupportedCapabilities { let capabilities = FSVolume.SupportedCapabilities() capabilities.supportsHardLinks = true capabilities.supportsSymbolicLinks = true capabilities.supportsPersistentObjectIDs = true capabilities.doesNotSupportVolumeSizes = true capabilities.supportsHiddenFiles = true capabilities.supports64BitObjectIDs = true capabilities.caseFormat = .insensitiveCasePreserving return capabilities } Questions Are there specific volume capabilities or entitlements required for removeItem to be invoked? Is there a specific way deletion operations need to be enabled in FSKit? Could this be related to how file permissions or attributes are set during createItem? Are there any known issues with deletion operations in the current FSKit implementation? Do I need to implement additional protocols or set specific flags to support item deletion? Any guidance would be greatly appreciated. Has anyone successfully implemented deletion operations in FSKit? Thank you!
Replies
4
Boosts
2
Views
556
Activity
3d
Pinpointing dandling pointers in 3rd party KEXTs
I'm debugging the following kernel panic to do with my custom filesystem KEXT: panic(cpu 0 caller 0xfffffe004cae3e24): [kalloc.type.var4.128]: element modified after free (off:96, val:0x00000000ffffffff, sz:128, ptr:0xfffffe2e7c639600) My reading of this is that somewhere in my KEXT I'm holding a reference 0xfffffe2e7c639600 to a 128 byte zone that wrote 0x00000000ffffffff at offset 96 after that particular chunk of memory had been released and zeroed out by the kernel. The panic itself is emitted when my KEXT requests the memory chunk that's been tempered with via the following set of calls. zalloc_uaf_panic() __abortlike static void zalloc_uaf_panic(zone_t z, uintptr_t elem, size_t size) { ... (panic)("[%s%s]: element modified after free " "(off:%d, val:0x%016lx, sz:%d, ptr:%p)%s", zone_heap_name(z), zone_name(z), first_offs, first_bits, esize, (void *)elem, buf); ... } zalloc_validate_element() static void zalloc_validate_element( zone_t zone, vm_offset_t elem, vm_size_t size, zalloc_flags_t flags) { ... if (memcmp_zero_ptr_aligned((void *)elem, size)) { zalloc_uaf_panic(zone, elem, size); } ... } The panic is triggered if memcmp_zero_ptr_aligned(), which is implemented in assembly, detects that an n-sized chunk of memory has been written after being free'd. /* memcmp_zero_ptr_aligned() checks string s of n bytes contains all zeros. * Address and size of the string s must be pointer-aligned. * Return 0 if true, 1 otherwise. Also return 0 if n is 0. */ extern int memcmp_zero_ptr_aligned(const void *s, size_t n); Normally, KASAN would be resorted to to aid with that. The KDK README states that KASAN kernels won't load on Apple Silicon. Attempting to follow the instructions given in the README for Intel-based machines does result in a failure for me on Apple Silicon. I stumbled on the Pishi project. But the custom boot kernel collection that gets created doesn't have any of the KEXTs that were specified to kmutil(8) via the --explicit-only flag, so it can't be instrumented in Ghidra. Which is confirmed as well by running: % kmutil inspect -B boot.kc.kasan boot kernel collection at /Users/user/boot.kc.kasan (AEB8F757-E770-8195-458D-B87CADCAB062): Extension Information: I'd appreciate any pointers on how to tackle UAFs in kernel space.
Replies
9
Boosts
0
Views
1.1k
Activity
3d
FSKit: two extension processes after mount, one survives unmount — expected behavior?
Hi, I'm developing an FSKit extension and noticed a consistent process lifecycle that also reproduces with Apple's official passthrough sample. Environment: macOS: [26.5.2] Xcode: [26.6] Observed behavior: After a successful mount, Activity Monitor shows two processes with the same executable path (the embedded .appex inside the host app). After umount, one process exits; one remains. A subsequent mount again results in two active processes (one lingering + one new mount-serving instance, depending on timing). What I've ruled out: Not caused by Instruments / lldb attach (reproduces after reboot, with no debugger attached). Not specific to our project: Apple's official passthrough FSKit demo shows the same pattern. Not duplicate pluginkit registrations at different paths — both processes report the same .appex executable path. Not requiring the host app to be running — reproduces with command-line mount only (UDrive app and Xcode quit). Questions: Is this the intended FSKit lifecycle? After umount, is it expected that one extension process remains idle rather than exiting completely? Thanks!
Replies
2
Boosts
0
Views
132
Activity
3d
Virtualization.framework: VM slot counter not decremented after macOS guest shutdown (VZErrorVirtualMachineLimitExceeded)
When running a macOS virtual machine using Virtualization.framework, I am encountering a reproducible issue where the kernel’s internal VM slot counter (hv_apple_isa_vm_quota) is not decremented after a guest-initiated shutdown. This leads to subsequent VM launches failing with VZErrorVirtualMachineLimitExceeded, even though no active VMs appear to be running. Steps to Reproduce: Create a valid VZVirtualMachineConfiguration for a macOS guest Initialize and start a VZVirtualMachine instance Inside the guest macOS, perform a normal shutdown (Apple menu → Shut Down) Wait until VZVirtualMachine.state becomes .stopped Attempt to start the same VZVirtualMachine instance again Expected Behavior: The VM should restart successfully.
The kernel should release the VM slot once the guest shuts down, allowing a new VM instance to start without requiring any host-side intervention. Actual Behavior: start() fails with: Domain: VZErrorDomain Code: 6 (VZErrorVirtualMachineLimitExceeded) Description: “The number of virtual machines exceeds the limit. The maximum supported number of active virtual machines has been reached.” Despite the VM reporting .stopped, the system continues to behave as if a slot is still allocated. Workarounds Tested: The following approaches did not resolve the issue: Releasing and recreating the VZVirtualMachine instance Introducing delays (5s, 30s, 60s) before restarting Terminating all processes related to Virtualization.framework The only reliable recovery is a full macOS host reboot, which resets the VM quota state. Environment: macOS 26.5 (Tahoe) Apple Silicon: M4 Max Virtualization.framework (system-provided) Impact: This issue makes reliable VM lifecycle management difficult for applications relying on Virtualization.framework (e.g., UTM and similar tools). In automated environments (CI/CD, testing pipelines), it can cause persistent VM launch failures and require full host reboots, interrupting all workloads. Suspected Issue: It appears the kernel VM slot counter (hv_apple_isa_vm_quota) is not consistently decremented when a VM exits via guest-initiated shutdown, despite the VZVirtualMachine transitioning to .stopped. This suggests a race condition or missing cleanup path in the shutdown lifecycle handling. Request: Could you confirm whether this is a known issue or expected behavior, and whether there is a recommended API-level workaround to ensure VM slot cleanup after guest shutdown?
Replies
4
Boosts
1
Views
312
Activity
3d
Error 10007 installing latest Sequoia guest on Tahoe host
Filed a feedback on this: FB23038153 I am unable to install a new Sequoia 15.6.1 (latest available .ipsw) on a Tahoe 26.5.1 host using a Virtualization.framework-based VM app. I’ve tried both Tart and VirtualBuddy. Both get to 90% of the installation, then fail with this error: Error Domain=VZErrorDomain Code=10007 "Installation failed." UserInfo={NSLocalizedFailure=An error occurred during installation., NSLocalizedFailureReason=Installation failed., NSUnderlyingError=0xc2ac2e280 {Error Domain=com.apple.MobileDevice.MobileRestore Code=-1 "AMRestorePerformRestoreModeRestoreWithError failed with error: 11" UserInfo={NSLocalizedDescription=AMRestorePerformRestoreModeRestoreWithError failed with error: 11, NSLocalizedFailureReason=An unknown error occurred during installation.}}} I have tried re-installing MobileDevice.pkg from both Xcode 27 beta 1 and Xcode 26.5.0. I’ve rebooted my Mac. I get the same result each time. I’ve also tried using an older Sequoia restore image (15.4.1), same result. Installing a Tahoe guest works fine.
Replies
3
Boosts
0
Views
352
Activity
3d
How to uniquely identify the device for my app?
Hi, Overview I have an app that is available on iOS, macOS, visionOS. I should be able to differentiate between device 1 and device 2 I only care about my app Purpose: For core data / swift data history tracking I would like which device wrote the data Question How do I get a unique id that will differentiate my app running on device 1 vs device2? How do I do it for iOS / macOS and visionOS? Or is my approach wrong?
Replies
2
Boosts
0
Views
114
Activity
5d
Unable to disable SIP on macOS 27 Beta 1
I work for a company which develops as part of our product suite a System Extension implementing an Endpoint Security client. Our local developer workflow for testing and validating changes is to build locally with Developer certificates (not a legitimate/production Developer ID certificate) and deploy local builds in to a VM, where to get the System Extension to load and be accepted we need to disable SIP & AMFI. macOS 27 VM is refusing to allow me to disable SIP. Is there an alternate approach we can use for this workflow to allow macOS VMs to accept our software when signing with a (same teamID, but different certificate to the provisioningprofile) developer certificate for local validation?
Replies
6
Boosts
3
Views
857
Activity
6d