Kernel Panic after a fresh install

Aneeq · May 29, 2025, 4:45pm

It happened more then 20 times in past few days. Every think would hang with a blinking capslock. All i did was copy the config to new system and flake update. I tried to read the pstore dmesg.txt but I cannot figure out what is the issue.
llm says its a case of Control-flow Enforcement Technology (CET) Violation and also that This appears to be a compatibility issue between:

Your CPU hardware with CET capabilities (Intel 11th Gen Tiger Lake)
The kernel’s CET enforcement mechanism
The nf_tables module that wasn’t properly compiled with CET support

The most likely causes are:

A kernel module that wasn’t built with the same CET settings as the main kernel
A bug in the module’s compilation process
A CET-related configuration issue in your kerne

Fix : boot.kernelParams = [ “clearcpuid=ibt” ]; boot.blacklistedKernelModules = [ “nf_tables” ];

I donot know how valid that response is. Can any one help me out

here is the dmsg.txt

Panic#3 Part17
<6>[   44.502421] input: SYNA30BD:00 06CB:CE08 Mouse as /devices/pci0000:00/0000:00:15.0/i2c_designware.0/i2c-1/i2c-SYNA30BD:00/0018:06CB:CE08.0004/input/input13
<6>[   44.502493] input: SYNA30BD:00 06CB:CE08 Touchpad as /devices/pci0000:00/0000:00:15.0/i2c_designware.0/i2c-1/i2c-SYNA30BD:00/0018:06CB:CE08.0004/input/input15
<6>[   44.502561] hid-generic 0018:06CB:CE08.0004: input,hidraw3: I2C HID v1.00 Mouse [SYNA30BD:00 06CB:CE08] on i2c-SYNA30BD:00
<6>[   44.537630] usb 3-2: Found UVC 1.50 device HP HD Camera (04f2:b6bf)
<6>[   44.570443] usbcore: registered new interface driver uvcvideo
<6>[   44.713518] pps_core: LinuxPPS API ver. 1 registered
<6>[   44.713530] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
<6>[   44.715207] i915 0000:00:02.0: [drm] Found TIGERLAKE/UY (device ID 9a49) display version 12.00 stepping C0
<6>[   44.716008] i915 0000:00:02.0: [drm] VT-d active for gfx access
<6>[   44.716315] AES CTR mode by8 optimization enabled
<6>[   44.721763] PTP clock support registered
<6>[   44.729038] snd_hda_intel 0000:00:1f.3: Digital mics found on Skylake+ platform, using SOF driver
<6>[   44.736160] Console: switching to colour dummy device 80x25
<6>[   44.748740] intel_tcc_cooling: TCC Offset locked
<6>[   44.749570] i915 0000:00:02.0: vgaarb: deactivate vga console
<6>[   44.749656] i915 0000:00:02.0: [drm] Using Transparent Hugepages
<6>[   44.752573] i915 0000:00:02.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem
<6>[   44.755470] i915 0000:00:02.0: [drm] Finished loading DMC firmware i915/tgl_dmc_ver2_12.bin (v2.12)
Panic#3 Part16
<6>[   44.773518] mei_hdcp 0000:00:16.0-b638ab7e-94e2-4ea2-a552-d1c54b627f04: bound 0000:00:02.0 (ops i915_hdcp_ops [i915])
<6>[   44.807593] [drm] Initialized i915 1.6.0 for 0000:00:02.0 on minor 1
<6>[   44.809963] ACPI: video: Video Device [GFX0] (multi-head: yes  rom: no  post: no)
<6>[   44.810411] input: Video Bus as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/LNXVIDEO:00/input/input17
<6>[   44.814546] input: SYNA30BD:00 06CB:CE08 as /devices/pci0000:00/0000:00:15.0/i2c_designware.0/i2c-1/i2c-SYNA30BD:00/0018:06CB:CE08.0004/input/input18
<6>[   44.814674] input: SYNA30BD:00 06CB:CE08 as /devices/pci0000:00/0000:00:15.0/i2c_designware.0/i2c-1/i2c-SYNA30BD:00/0018:06CB:CE08.0004/input/input19
<6>[   44.815179] input: SYNA30BD:00 06CB:CE08 as /devices/pci0000:00/0000:00:15.0/i2c_designware.0/i2c-1/i2c-SYNA30BD:00/0018:06CB:CE08.0004/input/input21
<6>[   44.815328] hid-multitouch 0018:06CB:CE08.0004: input,hidraw3: I2C HID v1.00 Mouse [SYNA30BD:00 06CB:CE08] on i2c-SYNA30BD:00
<6>[   44.819526] fbcon: i915drmfb (fb0) is primary device
<6>[   44.833893] Console: switching to colour frame buffer device 240x67
<6>[   44.852653] i915 0000:00:02.0: [drm] fb0: i915drmfb frame buffer device
<6>[   44.854088] input: kanata as /devices/virtual/input/input26
<6>[   44.910246] sof-audio-pci-intel-tgl 0000:00:1f.3: enabling device (0000 -> 0002)
<6>[   44.910490] sof-audio-pci-intel-tgl 0000:00:1f.3: DSP detected with PCI class/subclass/prog-if 0x040100
<6>[   44.910550] sof-audio-pci-intel-tgl 0000:00:1f.3: bound 0000:00:02.0 (ops i915_audio_component_bind_ops [i915])
Panic#3 Part15
<6>[   44.917146] sof-audio-pci-intel-tgl 0000:00:1f.3: use msi interrupt mode
<6>[   44.943699] sof-audio-pci-intel-tgl 0000:00:1f.3: hda codecs found, mask 5
<6>[   44.943703] sof-audio-pci-intel-tgl 0000:00:1f.3: using HDA machine driver skl_hda_dsp_generic now
<6>[   44.943706] sof-audio-pci-intel-tgl 0000:00:1f.3: NHLT device BT(0) detected, ssp_mask 0x4
<6>[   44.943707] sof-audio-pci-intel-tgl 0000:00:1f.3: BT link detected in NHLT tables: 0x4
<6>[   44.943709] sof-audio-pci-intel-tgl 0000:00:1f.3: DMICs detected in NHLT tables: 4
<6>[   44.950820] sof-audio-pci-intel-tgl 0000:00:1f.3: Firmware paths/files for ipc type 0:
<6>[   44.950823] sof-audio-pci-intel-tgl 0000:00:1f.3:  Firmware file:     intel/sof/sof-tgl.ri
<6>[   44.950825] sof-audio-pci-intel-tgl 0000:00:1f.3:  Topology file:     intel/sof-tplg/sof-hda-generic-4ch.tplg
<6>[   44.952045] sof-audio-pci-intel-tgl 0000:00:1f.3: Firmware info: version 2:2:0-57864
<6>[   44.952048] sof-audio-pci-intel-tgl 0000:00:1f.3: Firmware: ABI 3:22:1 Kernel ABI 3:23:1
<6>[   44.952052] sof-audio-pci-intel-tgl 0000:00:1f.3: unknown sof_ext_man header type 3 size 0x30
<6>[   44.974175] Bluetooth: BNEP (Ethernet Emulation) ver 1.3
<6>[   44.974183] Bluetooth: BNEP socket layer initialized
<6>[   44.975398] iwlwifi 0000:00:14.3: Detected RF HR B5, rfid=0x10a100
<6>[   45.040533] iwlwifi 0000:00:14.3: base HW address: 28:d0:ea:d9:b0:f2
<6>[   45.052685] sof-audio-pci-intel-tgl 0000:00:1f.3: Firmware info: version 2:2:0-57864
<6>[   45.052689] sof-audio-pci-intel-tgl 0000:00:1f.3: Firmware: ABI 3:22:1 Kernel ABI 3:23:1
<6>[   45.111486] sof-audio-pci-intel-tgl 0000:00:1f.3: Topology: ABI 3:22:1 Kernel ABI 3:23:1
Panic#3 Part14
<4>[   45.111951] skl_hda_dsp_generic skl_hda_dsp_generic: ASoC: Parent card not yet available, widget card binding deferred
<6>[   45.119285] iwlwifi 0000:00:14.3 wlp0s20f3: renamed from wlan0
<6>[   45.153765] snd_hda_codec_realtek ehdaudio0D0: autoconfig for ALC285: line_outs=1 (0x14/0x0/0x0/0x0/0x0) type:speaker
<6>[   45.153770] snd_hda_codec_realtek ehdaudio0D0:    speaker_outs=0 (0x0/0x0/0x0/0x0/0x0)
<6>[   45.153772] snd_hda_codec_realtek ehdaudio0D0:    hp_outs=1 (0x21/0x0/0x0/0x0/0x0)
<6>[   45.153774] snd_hda_codec_realtek ehdaudio0D0:    mono: mono_out=0x0
<6>[   45.153775] snd_hda_codec_realtek ehdaudio0D0:    inputs:
<6>[   45.153776] snd_hda_codec_realtek ehdaudio0D0:      Mic=0x19
<6>[   45.449750] iwlwifi 0000:00:14.3: Registered PHC clock: iwlwifi-PTP, with index: 0
<6>[   45.706534] NET: Registered PF_PACKET protocol family
<4>[   45.796505] skl_hda_dsp_generic skl_hda_dsp_generic: hda_dsp_hdmi_build_controls: no PCM in topology for HDMI converter 3
<6>[   45.812867] input: sof-hda-dsp Mic as /devices/pci0000:00/0000:00:1f.3/skl_hda_dsp_generic/sound/card0/input27
<6>[   45.812918] input: sof-hda-dsp Headphone as /devices/pci0000:00/0000:00:1f.3/skl_hda_dsp_generic/sound/card0/input28
<6>[   45.812954] input: sof-hda-dsp HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:1f.3/skl_hda_dsp_generic/sound/card0/input29
<6>[   45.812994] input: sof-hda-dsp HDMI/DP,pcm=4 as /devices/pci0000:00/0000:00:1f.3/skl_hda_dsp_generic/sound/card0/input30
<6>[   45.813029] input: sof-hda-dsp HDMI/DP,pcm=5 as /devices/pci0000:00/0000:00:1f.3/skl_hda_dsp_generic/sound/card0/input31
Panic#3 Part13
<6>[   46.149486] Bluetooth: hci0: Waiting for firmware download to complete
<6>[   46.150287] Bluetooth: hci0: Firmware loaded in 1644681 usecs
<6>[   46.150449] Bluetooth: hci0: Waiting for device to boot
<6>[   46.165362] Bluetooth: hci0: Device booted in 14685 usecs
<6>[   46.165942] Bluetooth: hci0: Found Intel DDC parameters: intel/ibt-19-0-4.ddc
<6>[   46.168464] Bluetooth: hci0: Applying Intel DDC parameters completed
<6>[   46.169399] Bluetooth: hci0: Firmware revision 0.4 build 132 week 3 2024
<4>[   46.171495] Bluetooth: hci0: HCI LE Coded PHY feature bit is set, but its usage is not supported.
<6>[   46.235514] Bluetooth: MGMT ver 1.23
<6>[   46.240316] NET: Registered PF_ALG protocol family
<6>[   48.378869] Bluetooth: RFCOMM TTY layer initialized
<6>[   48.378877] Bluetooth: RFCOMM socket layer initialized
<6>[   48.378880] Bluetooth: RFCOMM ver 1.11
<6>[   50.893528] Initializing XFRM netlink socket
<44>[   58.674293] systemd-journald[504]: File /var/log/journal/b60015ce0cd04e51965f42359daa53bd/user-1000.journal corrupted or uncleanly shut down, renaming and replacing.
<4>[   59.875256] overlayfs: failed to set xattr on upper
<4>[   59.875259] overlayfs: ...falling back to redirect_dir=nofollow.
<4>[   59.875260] overlayfs: ...falling back to uuid=null.
<6>[   59.875260] overlayfs: try mounting with 'userxattr' option
<4>[   59.912477] nvme nvme0: using unchecked data buffer
<4>[   59.917200] block nvme0n1: No UUID available providing old NGUID
<6>[   63.050904] NET: Registered PF_QIPCRTR protocol family
<6>[   63.805661] wlp0s20f3: authenticate with c8:1f:be:bd:37:d8 (local address=28:d0:ea:d9:b0:f2)
Panic#3 Part12
<6>[   63.806749] wlp0s20f3: send auth to c8:1f:be:bd:37:d8 (try 1/3)
<6>[   63.836637] wlp0s20f3: authenticated
<6>[   63.837370] wlp0s20f3: associate with c8:1f:be:bd:37:d8 (try 1/3)
<6>[   63.843397] wlp0s20f3: RX AssocResp from c8:1f:be:bd:37:d8 (capab=0x411 status=0 aid=4)
<6>[   63.855553] wlp0s20f3: associated
<6>[ 3559.720296] wlp0s20f3: deauthenticating from c8:1f:be:bd:37:d8 by local choice (Reason: 3=DEAUTH_LEAVING)
<6>[ 3560.161755] PM: suspend entry (s2idle)
<6>[ 3560.171891] Filesystems sync: 0.010 seconds
<6>[ 3560.275681] Freezing user space processes
<6>[ 3560.277403] Freezing user space processes completed (elapsed 0.001 seconds)
<6>[ 3560.277410] OOM killer disabled.
<6>[ 3560.277411] Freezing remaining freezable tasks
<6>[ 3560.278358] Freezing remaining freezable tasks completed (elapsed 0.000 seconds)
<6>[ 3560.278363] printk: Suspending console(s) (use no_console_suspend to debug)
<6>[ 3560.890292] ACPI: EC: interrupt blocked
<6>[ 3565.951672] ACPI: EC: interrupt unblocked
<6>[ 3566.503569] OOM killer enabled.
<6>[ 3566.503573] Restarting tasks ... done.
<5>[ 3566.504346] random: crng reseeded on system resumption
<6>[ 3566.505337] mei_hdcp 0000:00:16.0-b638ab7e-94e2-4ea2-a552-d1c54b627f04: bound 0000:00:02.0 (ops i915_hdcp_ops [i915])
<6>[ 3566.513943] PM: suspend exit
<6>[ 3569.310844] wlp0s20f3: authenticate with c8:1f:be:bd:37:d8 (local address=28:d0:ea:d9:b0:f2)
<6>[ 3569.312196] wlp0s20f3: send auth to c8:1f:be:bd:37:d8 (try 1/3)
<6>[ 3569.315060] wlp0s20f3: authenticated
<6>[ 3569.315515] wlp0s20f3: associate with c8:1f:be:bd:37:d8 (try 1/3)
Panic#3 Part11
<6>[ 3569.319903] wlp0s20f3: RX AssocResp from c8:1f:be:bd:37:d8 (capab=0x411 status=0 aid=4)
<6>[ 3569.329243] wlp0s20f3: associated
<3>[ 3575.773487] Missing ENDBR: nft_do_chain_ipv4+0x0/0xa0 [nf_tables]
<4>[ 3575.773530] ------------[ cut here ]------------
<2>[ 3575.773532] kernel BUG at arch/x86/kernel/cet.c:132!
<4>[ 3575.773542] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
<4>[ 3575.773548] CPU: 5 UID: 0 PID: 808 Comm: irq/195-iwlwifi Not tainted 6.12.30 #1-NixOS
<4>[ 3575.773554] Hardware name: HP HP EliteBook 840 G8 Notebook PC/880D, BIOS T76 Ver. 01.10.00 07/15/2022
<4>[ 3575.773557] RIP: 0010:exc_control_protection+0x1fd/0x200
<4>[ 3575.773567] Code: b9 09 00 00 00 48 8b 93 80 00 00 00 be 80 00 00 00 48 c7 c7 13 06 3f a9 e8 a0 95 31 ff 80 a3 8a 00 00 00 fb e9 af fe ff ff 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f
<4>[ 3575.773571] RSP: 0018:ffffa90b402d8aa8 EFLAGS: 00010002
<4>[ 3575.773576] RAX: 0000000000000035 RBX: ffffa90b402d8ad8 RCX: 0000000000000000
<4>[ 3575.773580] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
<4>[ 3575.773582] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
<4>[ 3575.773584] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000003
<4>[ 3575.773586] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
<4>[ 3575.773589] FS:  0000000000000000(0000) GS:ffff98c61f880000(0000) knlGS:0000000000000000
<4>[ 3575.773592] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 3575.773595] CR2: 00007f581dc98010 CR3: 00000003b5422003 CR4: 0000000000f72ef0
<4>[ 3575.773599] PKRU: 55555554
<4>[ 3575.773601] Call Trace:
<4>[ 3575.773605]  <IRQ>
Panic#3 Part10
<4>[ 3575.773609]  asm_exc_control_protection+0x26/0x30
<4>[ 3575.773618] RIP: 0010:nft_do_chain_ipv4+0x0/0xa0 [nf_tables]
<4>[ 3575.773639] Code: ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f <ff> ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff
<4>[ 3575.773642] RSP: 0018:ffffa90b402d8b80 EFLAGS: 00010286
<4>[ 3575.773646] RAX: ffffffffc0de98a0 RBX: 0000000000000001 RCX: 0000000000000000
<4>[ 3575.773649] RDX: ffffa90b402d8bc0 RSI: ffff98c3a54d2200 RDI: ffff98c28344fa50
<4>[ 3575.773652] RBP: ffff98c3a54d2200 R08: 0000000000000000 R09: 0000000000000000
<4>[ 3575.773654] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa90b402d8bc0
<4>[ 3575.773657] R13: 0000000000000003 R14: ffff98c3d11439c0 R15: ffffffffa9e8f740
<4>[ 3575.773661]  ? __pfx_nft_do_chain_ipv4+0x10/0x10 [nf_tables]
<4>[ 3575.773684]  nf_hook_slow+0x42/0x120
<4>[ 3575.773692]  ip_rcv+0x12c/0x1f0
<4>[ 3575.773699]  ? __pfx_ip_rcv_finish+0x10/0x10
<4>[ 3575.773705]  __netif_receive_skb_core.constprop.0+0x4f5/0x10d0
<4>[ 3575.773717]  ? ieee80211_rx_napi+0x9b/0xf0 [mac80211]
<4>[ 3575.773830]  ? iwl_mvm_rx_mpdu_mq+0xac3/0x18a0 [iwlmvm]
<4>[ 3575.773885]  __netif_receive_skb_list_core+0x142/0x2f0
<4>[ 3575.773893]  netif_receive_skb_list_internal+0x1b6/0x300
<4>[ 3575.773898]  napi_complete_done+0x72/0x230
<4>[ 3575.773903]  iwl_pcie_napi_poll_msix+0xb7/0xe0 [iwlwifi]
<4>[ 3575.773950]  __napi_poll+0x2b/0x170
<4>[ 3575.773954]  net_rx_action+0x343/0x430
<4>[ 3575.773957]  ? enqueue_task+0xa4/0x200
<4>[ 3575.773967]  handle_softirqs+0xe1/0x2b0
<4>[ 3575.773973]  do_softirq.part.0+0x3b/0x70
Panic#3 Part9
<4>[ 3575.773977]  </IRQ>
<4>[ 3575.773979]  <TASK>
<4>[ 3575.773981]  __local_bh_enable_ip+0x6a/0x70
<4>[ 3575.773986]  iwl_pcie_irq_rx_msix_handler+0xcd/0x1a0 [iwlwifi]
<4>[ 3575.774024]  irq_thread_fn+0x20/0x60
<4>[ 3575.774032]  irq_thread+0x16f/0x250
<4>[ 3575.774038]  ? __pfx_irq_thread_fn+0x10/0x10
<4>[ 3575.774044]  ? __pfx_irq_thread_dtor+0x10/0x10
<4>[ 3575.774051]  ? __pfx_irq_thread+0x10/0x10
<4>[ 3575.774057]  kthread+0xd0/0x100
<4>[ 3575.774064]  ? __pfx_kthread+0x10/0x10
<4>[ 3575.774071]  ret_from_fork+0x34/0x50
<4>[ 3575.774077]  ? __pfx_kthread+0x10/0x10
<4>[ 3575.774083]  ret_from_fork_asm+0x1a/0x30
<4>[ 3575.774090]  </TASK>
<4>[ 3575.774092] Modules linked in: ccm qrtr nft_chain_nat xt_MASQUERADE xfrm_user xfrm_algo xt_addrtype overlay rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash algif_skcipher af_alg af_packet snd_ctl_led snd_soc_skl_hda_dsp snd_soc_intel_sof_board_helpers snd_sof_probes snd_soc_intel_hda_dsp_common bnep xe snd_hda_codec_realtek snd_hda_codec_generic snd_hda_scodec_component snd_soc_dmic snd_sof_pci_intel_tgl snd_sof_pci_intel_cnl snd_sof_intel_hda_generic soundwire_intel soundwire_cadence snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda_mlink snd_sof_intel_hda drm_gpuvm drm_exec snd_hda_codec_hdmi gpu_sched drm_suballoc_helper snd_sof_pci drm_ttm_helper snd_sof_xtensa_dsp snd_sof iwlmvm snd_sof_utils snd_soc_acpi_intel_match soundwire_generic_allocation snd_soc_acpi soundwire_bus snd_soc_avs snd_soc_hda_codec mac80211 snd_hda_ext_core snd_soc_core intel_uncore_frequency intel_uncore_frequency_common x86_pkg_temp_thermal intel_powerclamp snd_compress coretemp ac97_bus hid_multitouch
Panic#3 Part8
<4>[ 3575.774165]  snd_pcm_dmaengine crct10dif_pclmul crc32_pclmul polyval_clmulni snd_hda_intel polyval_generic ghash_clmulni_intel sha512_ssse3 sha256_ssse3 snd_intel_dspcfg sha1_ssse3 ptp aesni_intel snd_intel_sdw_acpi pps_core i915 libarc4 mei_hdcp mei_pxp mei_wdt gf128mul snd_hda_codec uvcvideo btusb crypto_simd xt_conntrack btrtl cryptd videobuf2_vmalloc iwlwifi snd_hda_core uvc videobuf2_memops processor_thermal_device_pci_legacy btintel snd_hwdep processor_thermal_device nls_iso8859_1 iTCO_wdt nls_cp437 videobuf2_v4l2 processor_thermal_wt_hint rapl intel_rapl_msr snd_pcm btbcm intel_cstate btmtk intel_lpss_pci tpm_crb drm_buddy hp_wmi vfat intel_pmc_bxt fat watchdog platform_profile wmi_bmof cfg80211 bluetooth videobuf2_common intel_uncore snd_timer ttm videodev ip6t_rpfilter mei_me intel_lpss processor_thermal_rfim processor_thermal_rapl drm_display_helper snd idma64 intel_rapl_common soundcore spi_intel_pci mc mousedev evdev processor_thermal_wt_req spi_intel 8250_pci ipt_rpfilter virt_dma i2c_i801 i2c_smbus
Panic#3 Part7
<4>[ 3575.774259]  joydev mei rfkill i2c_mux cec processor_thermal_power_floor processor_thermal_mbox igen6_edac intel_gtt i2c_algo_bit edac_core intel_soc_dts_iosf i2c_hid_acpi xt_pkttype thermal i2c_hid xt_LOG nf_log_syslog input_leds int3403_thermal led_class ucsi_acpi int340x_thermal_zone rtc_cmos typec_ucsi xt_tcpudp mac_hid nft_compat roles video battery tpm_tis tpm_tis_core intel_pmc_core typec intel_vsec pmt_telemetry pmt_class intel_hid sparse_keymap tiny_power_button wmi int3400_thermal acpi_thermal_rel pinctrl_tigerlake ac wireless_hotkey button acpi_pad serio_raw nf_tables sch_fq_codel uinput loop xt_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c br_netfilter veth tun tap macvlan bridge stp llc kvm_intel kvm irqbypass fuse efi_pstore configfs nfnetlink efivarfs tpm libaescfb ecdh_generic ecc rng_core dmi_sysfs ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 hid_generic usbhid hid nvme atkbd xhci_pci libps2 vivaldi_fmap thunderbolt xhci_hcd nvme_core crc32c_intel nvme_auth vmd
Panic#3 Part6
<4>[ 3575.774368]  i8042 serio dm_mod dax
<4>[ 3575.774380] ---[ end trace 0000000000000000 ]---
<3>[ 3575.778809] Missing ENDBR: nft_do_chain_ipv4+0x0/0xa0 [nf_tables]
<4>[ 3575.778842] ------------[ cut here ]------------
<2>[ 3575.778844] kernel BUG at arch/x86/kernel/cet.c:132!
<4>[ 3575.778850] Oops: invalid opcode: 0000 [#2] PREEMPT SMP NOPTI
<4>[ 3575.778856] CPU: 0 UID: 0 PID: 803 Comm: irq/190-iwlwifi Tainted: G      D            6.12.30 #1-NixOS
<4>[ 3575.778861] Tainted: [D]=DIE
<4>[ 3575.778863] Hardware name: HP HP EliteBook 840 G8 Notebook PC/880D, BIOS T76 Ver. 01.10.00 07/15/2022
<4>[ 3575.778865] RIP: 0010:exc_control_protection+0x1fd/0x200
<4>[ 3575.778873] Code: b9 09 00 00 00 48 8b 93 80 00 00 00 be 80 00 00 00 48 c7 c7 13 06 3f a9 e8 a0 95 31 ff 80 a3 8a 00 00 00 fb e9 af fe ff ff 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f
<4>[ 3575.778877] RSP: 0018:ffffa90b40003aa8 EFLAGS: 00010002
<4>[ 3575.778881] RAX: 0000000000000035 RBX: ffffa90b40003ad8 RCX: 0000000000000000
<4>[ 3575.778885] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
<4>[ 3575.778887] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
<4>[ 3575.778889] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000003
<4>[ 3575.778891] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
<4>[ 3575.778893] FS:  0000000000000000(0000) GS:ffff98c61f600000(0000) knlGS:0000000000000000
<4>[ 3575.778897] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 3575.778899] CR2: 00007ffa2cfb3008 CR3: 00000001111c8003 CR4: 0000000000f72ef0
<4>[ 3575.778902] PKRU: 55555554
Panic#3 Part5
<4>[ 3575.778905] Call Trace:
<4>[ 3575.778908]  <IRQ>
<4>[ 3575.778911]  asm_exc_control_protection+0x26/0x30
<4>[ 3575.778918] RIP: 0010:nft_do_chain_ipv4+0x0/0xa0 [nf_tables]
<4>[ 3575.778938] Code: ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f <ff> ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff ff 7f ff ff
<4>[ 3575.778941] RSP: 0018:ffffa90b40003b80 EFLAGS: 00010286
<4>[ 3575.778944] RAX: ffffffffc0de98a0 RBX: 0000000000000001 RCX: 0000000000000000
<4>[ 3575.778947] RDX: ffffa90b40003bc0 RSI: ffff98c28345ab00 RDI: ffff98c28344fa50
<4>[ 3575.778950] RBP: ffff98c28345ab00 R08: 0000000000000000 R09: 0000000000000000
<4>[ 3575.778952] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa90b40003bc0
<4>[ 3575.778954] R13: 0000000000000003 R14: ffff98c3d11439c0 R15: ffffffffa9e8f740
<4>[ 3575.778958]  ? __pfx_nft_do_chain_ipv4+0x10/0x10 [nf_tables]
<4>[ 3575.778977]  nf_hook_slow+0x42/0x120
<4>[ 3575.778984]  ip_rcv+0x12c/0x1f0
<4>[ 3575.778990]  ? __pfx_ip_rcv_finish+0x10/0x10
<4>[ 3575.778995]  __netif_receive_skb_core.constprop.0+0x4f5/0x10d0
<4>[ 3575.779004]  ? ieee80211_rx_napi+0x9b/0xf0 [mac80211]
<4>[ 3575.779101]  ? iwl_mvm_rx_mpdu_mq+0xac3/0x18a0 [iwlmvm]
<4>[ 3575.779149]  __netif_receive_skb_list_core+0x142/0x2f0
<4>[ 3575.779157]  netif_receive_skb_list_internal+0x1b6/0x300
<4>[ 3575.779162]  napi_complete_done+0x72/0x230
<4>[ 3575.779166]  iwl_pcie_napi_poll_msix+0xb7/0xe0 [iwlwifi]
<4>[ 3575.779206]  __napi_poll+0x2b/0x170
<4>[ 3575.779210]  net_rx_action+0x343/0x430
<4>[ 3575.779216]  handle_softirqs+0xe1/0x2b0
<4>[ 3575.779221]  do_softirq.part.0+0x3b/0x70
Panic#3 Part4
<4>[ 3575.779225]  </IRQ>
<4>[ 3575.779227]  <TASK>
<4>[ 3575.779229]  __local_bh_enable_ip+0x6a/0x70
<4>[ 3575.779233]  iwl_pcie_irq_rx_msix_handler+0xcd/0x1a0 [iwlwifi]
<4>[ 3575.779268]  irq_thread_fn+0x20/0x60
<4>[ 3575.779274]  irq_thread+0x16f/0x250
<4>[ 3575.779280]  ? __pfx_irq_thread_fn+0x10/0x10
<4>[ 3575.779286]  ? __pfx_irq_thread_dtor+0x10/0x10
<4>[ 3575.779292]  ? __pfx_irq_thread+0x10/0x10
<4>[ 3575.779297]  kthread+0xd0/0x100
<4>[ 3575.779303]  ? __pfx_kthread+0x10/0x10
<4>[ 3575.779309]  ret_from_fork+0x34/0x50
<4>[ 3575.779315]  ? __pfx_kthread+0x10/0x10
<4>[ 3575.779320]  ret_from_fork_asm+0x1a/0x30
<4>[ 3575.779326]  </TASK>
<4>[ 3575.779328] Modules linked in: ccm qrtr nft_chain_nat xt_MASQUERADE xfrm_user xfrm_algo xt_addrtype overlay rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash algif_skcipher af_alg af_packet snd_ctl_led snd_soc_skl_hda_dsp snd_soc_intel_sof_board_helpers snd_sof_probes snd_soc_intel_hda_dsp_common bnep xe snd_hda_codec_realtek snd_hda_codec_generic snd_hda_scodec_component snd_soc_dmic snd_sof_pci_intel_tgl snd_sof_pci_intel_cnl snd_sof_intel_hda_generic soundwire_intel soundwire_cadence snd_sof_intel_hda_common snd_soc_hdac_hda snd_sof_intel_hda_mlink snd_sof_intel_hda drm_gpuvm drm_exec snd_hda_codec_hdmi gpu_sched drm_suballoc_helper snd_sof_pci drm_ttm_helper snd_sof_xtensa_dsp snd_sof iwlmvm snd_sof_utils snd_soc_acpi_intel_match soundwire_generic_allocation snd_soc_acpi soundwire_bus snd_soc_avs snd_soc_hda_codec mac80211 snd_hda_ext_core snd_soc_core intel_uncore_frequency intel_uncore_frequency_common x86_pkg_temp_thermal intel_powerclamp snd_compress coretemp ac97_bus hid_multitouch
Panic#3 Part3
<4>[ 3575.779388]  snd_pcm_dmaengine crct10dif_pclmul crc32_pclmul polyval_clmulni snd_hda_intel polyval_generic ghash_clmulni_intel sha512_ssse3 sha256_ssse3 snd_intel_dspcfg sha1_ssse3 ptp aesni_intel snd_intel_sdw_acpi pps_core i915 libarc4 mei_hdcp mei_pxp mei_wdt gf128mul snd_hda_codec uvcvideo btusb crypto_simd xt_conntrack btrtl cryptd videobuf2_vmalloc iwlwifi snd_hda_core uvc videobuf2_memops processor_thermal_device_pci_legacy btintel snd_hwdep processor_thermal_device nls_iso8859_1 iTCO_wdt nls_cp437 videobuf2_v4l2 processor_thermal_wt_hint rapl intel_rapl_msr snd_pcm btbcm intel_cstate btmtk intel_lpss_pci tpm_crb drm_buddy hp_wmi vfat intel_pmc_bxt fat watchdog platform_profile wmi_bmof cfg80211 bluetooth videobuf2_common intel_uncore snd_timer ttm videodev ip6t_rpfilter mei_me intel_lpss processor_thermal_rfim processor_thermal_rapl drm_display_helper snd idma64 intel_rapl_common soundcore spi_intel_pci mc mousedev evdev processor_thermal_wt_req spi_intel 8250_pci ipt_rpfilter virt_dma i2c_i801 i2c_smbus
Panic#3 Part2
<4>[ 3575.779477]  joydev mei rfkill i2c_mux cec processor_thermal_power_floor processor_thermal_mbox igen6_edac intel_gtt i2c_algo_bit edac_core intel_soc_dts_iosf i2c_hid_acpi xt_pkttype thermal i2c_hid xt_LOG nf_log_syslog input_leds int3403_thermal led_class ucsi_acpi int340x_thermal_zone rtc_cmos typec_ucsi xt_tcpudp mac_hid nft_compat roles video battery tpm_tis tpm_tis_core intel_pmc_core typec intel_vsec pmt_telemetry pmt_class intel_hid sparse_keymap tiny_power_button wmi int3400_thermal acpi_thermal_rel pinctrl_tigerlake ac wireless_hotkey button acpi_pad serio_raw nf_tables sch_fq_codel uinput loop xt_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c br_netfilter veth tun tap macvlan bridge stp llc kvm_intel kvm irqbypass fuse efi_pstore configfs nfnetlink efivarfs tpm libaescfb ecdh_generic ecc rng_core dmi_sysfs ip_tables x_tables autofs4 ext4 crc32c_generic crc16 mbcache jbd2 hid_generic usbhid hid nvme atkbd xhci_pci libps2 vivaldi_fmap thunderbolt xhci_hcd nvme_core crc32c_intel nvme_auth vmd
Panic#3 Part1
<4>[ 3575.779583]  i8042 serio dm_mod dax
<4>[ 3575.779593] ---[ end trace 0000000000000000 ]---
<4>[ 3575.826701] RIP: 0010:exc_control_protection+0x1fd/0x200
<4>[ 3575.826705] Code: b9 09 00 00 00 48 8b 93 80 00 00 00 be 80 00 00 00 48 c7 c7 13 06 3f a9 e8 a0 95 31 ff 80 a3 8a 00 00 00 fb e9 af fe ff ff 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f
<4>[ 3575.826707] RSP: 0018:ffffa90b402d8aa8 EFLAGS: 00010002
<4>[ 3575.826708] RAX: 0000000000000035 RBX: ffffa90b402d8ad8 RCX: 0000000000000000
<4>[ 3575.826710] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
<4>[ 3575.826711] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
<4>[ 3575.826711] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000003
<4>[ 3575.826712] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
<4>[ 3575.826713] FS:  0000000000000000(0000) GS:ffff98c61f880000(0000) knlGS:0000000000000000
<4>[ 3575.826715] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 3575.826716] CR2: 00007f581dc98010 CR3: 00000002340e6006 CR4: 0000000000f72ef0
<4>[ 3575.826717] PKRU: 55555554
<0>[ 3575.826718] Kernel panic - not syncing: Fatal exception in interrupt
<0>[ 3576.947506] Shutting down cpus with NMI
<0>[ 3576.947514] Kernel Offset: 0x26e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)

Aneeq · May 29, 2025, 4:51pm

I suspect it often happen when i am downloading something is it possible for this issue to be related with firewall stuff?

Aneeq · May 29, 2025, 5:11pm

here is my config

Nix kernel panic · GitHub

ttamttam1 · May 29, 2025, 5:22pm

I’m no good at reading kernel panics but I don’t think blacklisting nftables is a good solution, I’m not sure clearcpuid is either. Firewall stuff would be nftables so not a bad place to look.
Some low hanging fruit to check first is to make sure that hardware.enableRedistributableFirmware = true;

ttamttam1 · May 29, 2025, 5:32pm

I’d also check out NixOS hardware. Your laptop isn’t in there, but you can add the generic module for tiger lake (it looks like your computer is tiger lake, but I may be wrong). The generated hardware settings file is often lacking, especially with prebuilts and laptops, so the NixOS hardware repo is super useful for filling those gaps.

Aneeq · May 29, 2025, 5:45pm

so what exactly needs to be added/changed in config?
here is my system info

Aneeq · May 29, 2025, 5:50pm

so should i add
boot.blacklistedKernelModules = [ “nf_tables” ]; and hardware.enableRedistributableFirmware = true;
to hardwareconfigureation.nix? is it safe? I just donot want to be locked at boot cz i surely donot have expertise to handle that kind of scenario

# Do not modify this file!  It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations.  Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:

{
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];

  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

  fileSystems."/" =
    { device = "/dev/disk/by-uuid/40a94b82-b595-4279-bcb5-c8bcbb550386";
      fsType = "ext4";
    };

  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/71AB-8BDD";
      fsType = "vfat";
      options = [ "fmask=0077" "dmask=0077" ];
    };

  swapDevices =
    [ { device = "/dev/disk/by-uuid/2671198d-af27-4b32-97d1-de849a66afc9"; }
    ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

ttamttam1 · May 29, 2025, 7:34pm

do add hardware.enableRedistributableFirmware = true;

do not add boot.blacklistedKernelModules = [ “nf_tables” ];, that will most likely break your system.

Add it to your configuration.nix, so it doesn’t get overridden if you regenerate the hardware config.

Aneeq · May 30, 2025, 11:45am

I think kde power management is the cause or its some thing to do with suspending the system here is my last two panic logs and a root cause analysis by claude 3.7 sonnet