Post by сhad2 on Feb 17, 2023 4:00:40 GMT
Hello,
I discovered a paged memory pool leak happening when any audio output of Apple Audio Device is active (this excludes Bluetooth devices because they use different driver) in Windows (in Boot Camp) and I request community help in collecting data regarding the issue.
The problem was proved to be present in 2019–2020 16-inch MacBook Pro equipped with T2 security chip (MacBookPro16,1 and MacBookPro16,4). I suspect all Apple computers equipped with T2 security chip (released in 2018 and later) may affected because they use the same Apple USB Virtual Host Controller Interface device driver (and experience same problems since very release of T2), namely:
The problem was narrowed down to the activity of AppleUSBVHCI.sys driver of at least versions 6.1.7800.8 and 6.1.7800.9 (latest know versions extracted from Boot Cams Support Software for MacBookPro16,4 and iMac20,2 respectively). This driver provides access for other drivers (i.e. for AppleAudio.sys) to T2 security chip that consolidates various subsystem including audio chip. What happens is the audio driver asks AppleUSBVHCI.sys to allocate paged pool memory while AppleUSBVHCI.sys is active during playback (it's more or less normal) BUT after the playback stops the AppleUSBVHCI.sys does not free paged pool memory it previously allocated (on the screenshot below the allocated paged pool memory blocks of 0.008 MB size have 9,223,372,036.854775807 seconds (292,47 years) free time meaning they never get freed while the normal time of freeing allocated blocks of 100 MB size is under 15 seconds):
It is important to address this issue because it may be not the driver leaking but the T2 security chip firmware (BridgeOS) has a bug. Only Apple can fix both things.
Since I do not own all the computers that may be affected by yet another T2 issue, I ask everybody to contribute by submitting reports in the following manner:
Optionally you can also do the following in the very end of experiment:
Are there any examples of what exactly paged memory pool leak looks like?
I discovered a paged memory pool leak happening when any audio output of Apple Audio Device is active (this excludes Bluetooth devices because they use different driver) in Windows (in Boot Camp) and I request community help in collecting data regarding the issue.
The problem was proved to be present in 2019–2020 16-inch MacBook Pro equipped with T2 security chip (MacBookPro16,1 and MacBookPro16,4). I suspect all Apple computers equipped with T2 security chip (released in 2018 and later) may affected because they use the same Apple USB Virtual Host Controller Interface device driver (and experience same problems since very release of T2), namely:
- MacBookPro15,1 (2018 & 2019 15-inch MacBook Pro with AMD Radeon GPUs)
- MacBookPro15,3 (2018 & 2019 15-inch MacBook Pro with AMD Radeon GPUs)
- MacBookPro16,1 (2019 16-inch MacBook Pro with AMD Radeon Pro 5300M & 5500M)
- MacBookPro16,4 (2020 16-inch MacBook Pro with AMD Radeon Pro 5600M)
- iMac20,1 & iMac20,2 (2020 27-inch iMac with AMD Radeon Pro 5300M, 5500 XT, 5700 XT)
- iMacPro1,1 (2019 iMac Pro with AMD Radeon Vega 56)
- MaсPro7,1 (2019 Mac Pro with AMD Radeon Pro 580X)
The problem was narrowed down to the activity of AppleUSBVHCI.sys driver of at least versions 6.1.7800.8 and 6.1.7800.9 (latest know versions extracted from Boot Cams Support Software for MacBookPro16,4 and iMac20,2 respectively). This driver provides access for other drivers (i.e. for AppleAudio.sys) to T2 security chip that consolidates various subsystem including audio chip. What happens is the audio driver asks AppleUSBVHCI.sys to allocate paged pool memory while AppleUSBVHCI.sys is active during playback (it's more or less normal) BUT after the playback stops the AppleUSBVHCI.sys does not free paged pool memory it previously allocated (on the screenshot below the allocated paged pool memory blocks of 0.008 MB size have 9,223,372,036.854775807 seconds (292,47 years) free time meaning they never get freed while the normal time of freeing allocated blocks of 100 MB size is under 15 seconds):
It is important to address this issue because it may be not the driver leaking but the T2 security chip firmware (BridgeOS) has a bug. Only Apple can fix both things.
Since I do not own all the computers that may be affected by yet another T2 issue, I ask everybody to contribute by submitting reports in the following manner:
- Launch any media in any program to play for prolonged period of time (1 hour and more, the longer the better, and not via Bluetooth audio device) with a very low volume so it won't interrupt you, i.e.
- play "10 hours of absolute silence" video on YouTube
- loop a MP3 file with VLC - Right-click Start Menu (Windows logo in the bottom left corner of screen) and launch Task Manager.
Switch to Performance tab and to Memory row. Write down the Paged pool value. Close Task Manager. - After ~1+ hour of activity with a silence or any audio playing in the background (make sure computer is not sleeping!), stop playback and wait 1 minute.
- Check back to Task Manager > Performance > Memory and write down the Paged pool value.
- Post the result to this thread:
– Computer model (any format)
– Time elapsed
– Paged pool size at start
– Paged pool size at finish
– Firmware version (use Command Prompt command systeminfo and look into BIOS field)
– Apple Audio Device driver version (optionally, look in Device Manager › Audio inputs & outputs)
– Apple USB Virtual Host Controller Interface version (optionally, look in Device Manager › System Devices)
– Operating system version (use Command Prompt command systeminfo and check OS version field)
Optionally you can also do the following in the very end of experiment:
- Download PoolMon using this link.
PoolMon is a tiny (28 KB in size) command-line program extracted from Microsoft Windows Driver Kit (WDK), it does not require installation.
The link is not shady and is not a virus, but you can download entire WDK (which is 3.5 GB), install it and get poolmon.exe too. - Extract poolmon.exe to any folder
- Hold Shift and right-click the folder with the extracted poolmon.exe and choose "Open command window here"
- Enter the following command into the opened Command Prompt (there's no need to run program for any period of time, it just reads current state of RAM poo usage):
poolmon /p /p /b - Check if the first Tag is Pp
- Report Pp size to this thread
Are there any examples of what exactly paged memory pool leak looks like?
- Capture at startup (no audio played yet, system fully booted), paged pool size 0,155 GB
RAMMap data - Capture at 20 hours of audio playback, no other programs running, paged pool size 1.8 GB
RAMMap Data
P.S. In case someone needs latest version of the audio driver and don't have 7-Zip to extract it from official Boot Camp Update, I uploaded extracted version 6.1.8100.4 here.
P.P.S. Leak was found in these configurations:
– Model: MacBookPro16,1, MacBookPro16,4
– Firmware: 1916.40.8.0.0 (iBridge 20.16.420.0.0,0), 1916.80.2.0.0 (iBridge 20.16.3045.0.0,0)
– OS: Windows 10, ver. 21H2 (10.0.19044), Windows 10, ver. 22H2
– AppleUSBVHCI.sys ver.: 6.1.7800.8, 6.1.7800.9 (latest)
– AppleAudio.sys ver.: 6.1.8000.2, 6.1.8000.3, 6.1.8100.4 (latest)