An issue with the App Sandbox is causing problems for some virtual machine software users, with the issue inducing a kernel panic in macOS Catalina 10.15.6 when used for a long period of time.
Owners of virtualization tools including those from VMware and VirtualBox have been raising faults in support forums, claiming their systems crash when using the software. In cases where it occurs, crashes happen with a regularity that the apps were suspected of causing the issue.
Posts in the VirtualBox forums indicate that, on multiple Macs using macOS Catalina 10.15.6, there was a kernel memory leakage for wired memory, which grew the amount of memory in use by approximately 1 gigabyte per hour. Once the leak grew enough, it would cause a kernel panic, the spontaneous closing of programs, and in some cases crashes of the Mac itself.
Another thread on the VMware forums discusses how the same issue is present in VMware Fusion, again running on macOS 10.15.6. The posters all seemingly agree that the problem of lock-ups and crashes commenced after upgrading to that version, with earlier macOS versions not encountering the error.
A VMware engineer in the thread advised on Monday the problem was narrowed down to the App Sandbox. A core element of iOS and macOS for quite some time, the App Sandbox isolates apps and provides limited access to system resources and data, with the intention of keeping issues with an app contained to a single instance, and improving general security.
The engineer explains problem relates to a “regression in the com.apple.security.sandbox kext (or one of its related components)” in macOS 10.15.6. As part of the investigation, it was discovered com.apple.security.sandbox was allocating millions of blocks of memory containing just the text “/dev” and no other data.
A comprehensive report has been provided to Apple, to help with diagnosing and fixing the issue in a future update to the operating system.
At this time, there are no workarounds for VMware Fusion customers, aside from not installing macOS 10.15.6 in the first place or periodically rebooting the host every few hours to wipe out the memory leak temporarily.