Hello, I filed Feedback FB22859649 about nested virtualization for macOS guests and would like to confirm the supported API surface / limitation through Developer Forums as well. We are using Virtualization.framework to run macOS guests on Apple silicon hosts. The use case is isolated macOS VM workspaces for development and AI-agent automation. In those workspaces, developers often need to run container or VM-backed tooling inside the guest, for example Apple Container workflows, Docker/Colima/Lima-style Linux VM workflows, local Kubernetes, CI sandboxes, testcontainers, or local MCP server stacks that expect hardware-assisted virtualization from inside macOS. Environment I used for the Feedback: Apple silicon host: MacBook Air with Apple M4 Host OS: macOS 26.5 build 25F71 Xcode: 26.5, macOS SDK 26.5 Guest type: macOS VM configured through Virtualization.framework with VZMacOSBootLoader and VZMacPlatformConfiguration From the current SDK headers, I see nested virtualization support exposed on VZGenericPlatformConfiguration via nestedVirtualizationSupported and nestedVirtualizationEnabled. VZMacOSBootLoader says a macOS guest must use VZMacPlatformConfiguration, and VZMacPlatformConfiguration does not appear to expose an equivalent nested virtualization property. Could Apple/DTS please confirm the intended support boundary? Is nested virtualization currently supported for macOS guests created with Virtualization.framework on Apple silicon using VZMacPlatformConfiguration? If not, should this be treated as an intentional current limitation of macOS guests / VZMacPlatformConfiguration rather than a missing configuration option? Is there a supported host-side API or validation behavior to detect this limitation before creating or starting the VM? Is there any supported workaround for container workflows inside a macOS guest that require a nested Linux VM or hypervisor, or is the recommended architecture to run those container/VM workloads on the host or in a Linux guest instead? I am not asking for roadmap or ETA. I am trying to document the correct supported behavior and avoid misleading users of macOS VM workspace tools when container or AI-agent workflows fail because the macOS guest cannot run its own virtualization backend. The broader impact is that disposable macOS VM workspaces are a strong isolation boundary for GUI automation, browser/app state, credentials, local files, and agent runtime state. Without a supported nested virtualization path, the GUI side of the workspace can run in a macOS guest, but common container-backed developer workflows have to move outside that workspace. Thank you.

Big Sur panic when connect/disconnect usb-c dock (tested with many usb–c docks including baseus, ugreen, non apple – not reproduced with apple multiport adapter). Problem persist! I have many panics every day! panic(cpu 7 caller 0xffffff8017898976): [kext.kalloc.2048]: element modified after free (off:1672, val:0xffffffff00000000, sz:2048, ptr:0xffffff93d7fa5800, prot:zero) 1672: 0xffffffff00000000 Backtrace (CPU 7), Frame : Return Address 0xffffffa1daab2640 : 0xffffff80170870ad 0xffffffa1daab2690 : 0xffffff80171cddd3 0xffffffa1daab26d0 : 0xffffff80171be3ca 0xffffffa1daab2720 : 0xffffff801702ba2f 0xffffffa1daab2740 : 0xffffff80170868cd 0xffffffa1daab2860 : 0xffffff8017086bc3 0xffffffa1daab28d0 : 0xffffff801789694a 0xffffffa1daab2940 : 0xffffff8017898976 0xffffffa1daab2dc0 : 0xffffff80170e5a26 0xffffffa1daab2e30 : 0xffffff801709668c 0xffffffa1daab2e80 : 0xffffff80177a8822 0xffffffa1daab2ea0 : 0xffffff801a1596dc 0xffffffa1daab2ec0 : 0xffffff801a1676bc 0xffffffa1daab2f20 : 0xffffff801a159e2e 0xffffffa1daab2fc0 : 0xffffff801a15bfa7 0xffffffa1daab3270 : 0xffffff801a15fe3d 0xffffffa1daab3540 : 0xffffff801a15cda2 0xffffffa1daab37f0 : 0xffffff801a15a333 0xffffffa1daab3950 : 0xffffff801a1547b1 0xffffffa1daab3b50 : 0xffffff801787fb4a 0xffffffa1daab3b90 : 0xffffff801731a98f 0xffffffa1daab3bd0 : 0xffffff80173407c8 0xffffffa1daab3c90 : 0xffffff80173264a8 0xffffffa1daab3ee0 : 0xffffff8017327059 0xffffffa1daab3f40 : 0xffffff8017739fce 0xffffffa1daab3fa0 : 0xffffff801702c1f6 Kernel Extensions in backtrace: com.apple.security.sandbox(300.0)[F9746111-2761-31A8-A9C8-3DCA8976E468]@0xffffff801a148000-0xffffff801a18dfff dependency: com.apple.driver.AppleMobileFileIntegrity(1.0.5)[7C10DA84-DFD9-3C2D-B503-E648E488EC9D]@0xffffff80186c0000-0xffffff80186d5fff dependency: com.apple.iokit.IOStorageFamily(2.1)[A78CAAA2-43A6-38EF-AEDA-3B957D358855]@0xffffff8019c6d000-0xffffff8019c7efff dependency: com.apple.kext.AppleMatch(1.0.0d1)[DB7AEFA5-928C-3B7F-87CC-EDC47D98B267]@0xffffff80186bc000-0xffffff80186befff Process name corresponding to current thread: update_dyld_sim_shared_cache Boot args: chunklist-security-epoch=0 -chunklist-no-rev2-dev Mac OS version: 20F5046g Kernel version: Darwin Kernel Version 20.5.0: Thu Apr 15 05:31:19 PDT 2021; root:xnu-7195.120.38.111.1~4/RELEASE_X86_64 My reports in feedback assistant: FB9085399, FB9084201, FB9080122, FB9078447, FB9077541, FB9073646, FB9069424, FB9036423, FB9006281, FB8996761, FB8985931, FB8984349, FB8982979 ...