[Bug 293897] USB unplug panics inside bhyve (PCI passthrough)

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 293897] USB unplug panics inside bhyve (PCI passthrough)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 18 Mar 2026 13:05:18 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293897

            Bug ID: 293897
           Summary: USB unplug panics inside bhyve (PCI passthrough)
           Product: Base System
           Version: 16.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: christos@freebsd.org

I have a bhyve VM running -CURRENT, using PCI passthrough to use my USB bus
inside bhyve. The following panic happens after plugging a USB device, and
simply unplugging it.

Although I didn't track it down further, when I reboot using "reboot", as
opposed to "reboot/s" inside KDB to restart the VM, it crashed my host machine
as well and it had to reboot. But I don't have further information on this.

---

root@freebsd:/mnt/src # ugen0.4: <AKAI professional LLC LPK25> at usbus0
uaudio0 on uhub0
uaudio0: <AKAI professional LLC LPK25, class 0/0, rev 1.10/1.00, addr 3> on
usbus0
uaudio0: No playback.
uaudio0: No recording.
uaudio0: MIDI sequencer.
uaudio0: No HID volume keys found.
ugen0.4: <AKAI professional LLC LPK25> at usbus0 (disconnected)
uaudio0: at uhub0, port 2, addr 3 (disconnected)
uaudio0: detached


Fatal trap 12: page fault while in kernel mode
cpuid = 3; apic id = 03
fault virtual address   = 0x8
fault code              = supervisor read data, page not present
instruction pointer     = 0x20:0xffffffff80bf07ec
stack pointer           = 0x28:0xfffffe008d64db20
frame pointer           = 0x28:0xfffffe008d64dcd0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 14 (usbus0)
rdi: fffffe00cf510b50 rsi: 0000000000000009 rdx: ffffffff811dacda
rcx: fffff8010247a780  r8: 0000000000000a6d  r9: deadc0dedeadc0de
rax: 0000000000000000 rbx: 0000000000000000 rbp: fffffe008d64dcd0
r10: ffffffff811dacda r11: 0000000000010000 r12: 0000000000000a6d
r13: 0000000000000009 r14: ffffffff811dacda r15: fffffe00cf510b50
trap number             = 12
panic: page fault
cpuid = 3
time = 1773842470
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe008d64d850
vpanic() at vpanic+0x13f/frame 0xfffffe008d64d980
panic() at panic+0x43/frame 0xfffffe008d64d9e0
trap_pfault() at trap_pfault+0x422/frame 0xfffffe008d64da50
calltrap() at calltrap+0x8/frame 0xfffffe008d64da50
--- trap 0xc, rip = 0xffffffff80bf07ec, rsp = 0xfffffe008d64db20, rbp =
0xfffffe008d64dcd0 ---
witness_checkorder() at witness_checkorder+0x7c/frame 0xfffffe008d64dcd0
__mtx_lock_flags() at __mtx_lock_flags+0x91/frame 0xfffffe008d64dd20
knlist_cleardel() at knlist_cleardel+0x57/frame 0xfffffe008d64dd70
usb_fifo_free() at usb_fifo_free+0x1e1/frame 0xfffffe008d64dda0
usb_unconfigure() at usb_unconfigure+0x95/frame 0xfffffe008d64dde0
usb_free_device() at usb_free_device+0x1aa/frame 0xfffffe008d64de20
uhub_explore() at uhub_explore+0x2ad/frame 0xfffffe008d64dea0
usb_bus_explore() at usb_bus_explore+0x119/frame 0xfffffe008d64dec0
usb_process() at usb_process+0xf0/frame 0xfffffe008d64def0
fork_exit() at fork_exit+0x82/frame 0xfffffe008d64df30
fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe008d64df30
--- trap 0, rip = 0, rsp = 0, rbp = 0 ---
KDB: enter: panic
[ thread pid 14 tid 100118 ]
Stopped at      kdb_enter+0x33: movq    $0,0x1624902(%rip)
db>

-- 
You are receiving this mail because:
You are the assignee for the bug.