Constant kernel panic/Ventura 13.2.1/MacBook Pro M2 2023

Hello Den.bilyk,

You've completed some great troubleshooting steps to resolve the issue that you're having with your Mac. To ensure that we're covering all of our bases, we'd like to provide you with a few additional steps that may help to further isolate or correct this behavior:

"If the kernel panic is caused by a known problem, the faulty software is identified. To make sure that this software doesn’t continue to cause kernel panics, move it to the Trash.

If the faulty software is not identified and your Mac continues to experience kernel panics, try the following:

• Restart your Mac in safe mode. If it successfully starts up in safe mode, choose Apple menu  > App Store, click Updates, then install any available updates.
• Uninstall any plug-ins or other enhancement software from manufacturers other than Apple. If you recently updated macOS or an app, plug-ins and other software that worked in the past may no longer be compatible. Read the manufacturer’s documentation (including Read Me notes) to be sure the software is compatible with your version of macOS.
• Disconnect all devices except for an Apple keyboard and mouse. Remove hardware upgrades from other manufacturers, such as random-access memory (RAM) and Peripheral Component Interconnect (PCI) cards. Then try restarting your Mac.
• If this resolves the issue, reconnect one device at a time, restarting your Mac after reconnecting each one, until you determine which device is causing the problem.
• Use Apple Diagnostics to diagnose problems with your computer’s internal hardware, such as the logic board, memory, and wireless components. See the Apple Support article Use Apple Diagnostics to test your Mac."

More details here: If your Mac restarts and a message appears

If you continue to experience the same behavior, we suggest that you reach out to Apple directly. They will be able to look further into this with you. You can follow this link to connect with them: Get Support

Best regards.

Hi den.bilyk,

Did you possibly install any new software before this started happening? If so, uninstall, restart and then test again.

You did mention some third-party software earlier, "Then I realized that the panicked application is the app which is using GPU helpers like Google Chrome, Trading View, Visual Studio Code, Brave etc, "

Have you reached out to them? They may be familiar with what's happening from other users, and have info to provide.

How to contact an app developer - Apple Support

Take care!

Problem: Computer is restarting

Q -   Unsigned files - There are unsigned software files installed that could be malicious and should be reviewed.

A - Worthy of the Users’ time to explore this issue.

If not mistaken, Etrecheck Application may present a dialogue to remove or at least Isolate this Malware if it is present on this computer 

Q -   Kernel panics - This system has experienced kernel panics. This could be a sign of hardware failure.

Q -  System extension blocked - There are system extensions awaiting user approval.

A - Third Party Kernel Extensions,  as denoted in above,  could be the Root Cause of this Computer issue  Especially as the extension has yet to be given permission  

System and kernel extensions in macOS - Apple Support (CA)

Kernel extensions in macOS - Apple Support (CA)

System Extensions:

Q -  [Waiting for authorization] IPNExtension - version 1.36.2 (Tailscale Inc. - 2023-03-01)

    Application: /Applications/Tailscale.app - version 1.36.2 (Not found!)

    Description: a system extension for tailscale

Launch Daemons:

Q -   [Not Loaded] org.openvpn.client.plist (OPENVPN TECHNOLOGIES, INC. - installed 2023-03-01)

    Executable: /Library/Frameworks/OpenVPNConnect.framework/Versions/Current/usr/sbin/ovpnagent

A - Unless this computer is connecting to the Office Network for working Off Site - the VPN is basically not useful.

I don't really see any issues with the EtreCheck report other than a partially installed VPN. Like @P. Phillips mentions, a VPN does not provide security unless you are connecting to an employer's VPN or a financial institution's VPN. A VPN may provide some protection when connected to an unknown network, but you are trusting the exit nodes are safe...not always the case.

Make sure all external devices are disconnected from the laptop in case one of them is causing a problem.

The only way Apple will repair this laptop is if you can get a Kernel Panic with a clean install of macOS. A clean install is when you erase the drive (in this case "Macintosh HD") followed by reinstalling macOS, or if you have access to another Mac running macOS 12.4+, then you can "Restore" the firmware (this is the better option) which also pushes a new clean OS onto the internal SSD. Make sure to test the laptop without installing any third party apps and before migrating/restoring from a backup. If you still receive a Kernel Panic under these conditions, then there is definitely a hardware issue which needs to be repaired.

I was actually thinking of GateKeeper approval within the "Security & Privacy" System Settings app which should present an approval button whenever an item is requesting access to run. See the section in this Apple article about 2/3 down:

Safely open apps on your Mac - Apple Support

What is the screenshot from where you have the laptop connected to another one? Is that from Apple Configurator or something else? I don't know how that works when connecting another Mac directly as I've only connected another Mac while the other Mac was in DFU mode.

Revive or restore a Mac with Apple silicon using Apple Configurator - Apple Support

Interpreting Kernel Panics is a bit tricky and many times you won't get a good answer, just possible clues. The first line in the panic log is many times a good clue such as in the ones you attached in your first post as it was common in both panic reports:

FED err (mhit_itlbmainarr:multiple)

Unfortunately I've never seen this before and I do not know was "FED" is as it is probably something new associated with the Apple Silicon Macs.

The "last started kext" can sometimes provide a clue as well. It could be the extension that has the problem, or it could be the extension which triggered a problem with another extension, or as in the example you quoted:

com.apple.filesystems.autofs

it may mean that a drive was just connected which may have triggered a panic.

However, the "last started kext" may have absolutely nothing to do with the actual panic. It just gives you something to consider in your search.

The other loaded extensions listed at the end of the report can sometimes be a clue as well since any third party extensions in the list may have contributed to the panic.

Some Kernel Panics logs will note the extension which crashed and a backtrace of other extensions related to the crashed thread. I don't see that in your panic logs.

Except for the one system extension awaiting approval (Tailspin....check out the link I provided to a reply to @P. Phillips for how to approve this extension) which I don't think will cause a problem since I don't see any other low level component related to it as being loaded. When you reboot the Mac, go into the "Security & Privacy" System Settings and scroll down a bit to see if you have a button available to approve this extension to load (there is a timer on this button and the button will disappear if not approved within a certain amount of time). It is also possible that this system extension is not compatible with Ventura. From my very limited understanding, I believe Apple is trying to move away from having third party system extensions since they cause too many instabilities within macOS. I believe Apple is moving developers to transition to other means like Launch Agents/Daemons or such which while still operating at a lower level, may not have their hooks into such critical areas.

I am not a macOS software expert, but I don't see anything software wise of real concern. I haven't seen OpenVPN on many EtreCheck reports though so that is a bit unusual...make sure to check whether others are having any issues with it on Ventura and Apple Silicon Macs.

I wish I knew what "FED" was referring as that is the best clue. Unfortunately the only things you can really do are the following in order to determine if you have a hardware or software issue here.

Uninstall the third party software listed in the EtreCheck report under "System Extensions", "Launch Agents", and "Launch Daemons" as these items are tied to lower levels of macOS and are the most likely to cause Kernel Panics. Or you can perform a clean install of macOS by erasing the "drive" (aka "Macintosh HD") followed by reinstalling macOS, or you can "Restore" the firmware which resets the security enclave as well as erasing the internal SSD & pushing a clean OS onto the internal SSD. Both of these processes destroy all data on the internal SSD. The "Restore" should be the easier and better option since it does a bit more than just install a clean OS. You need to test the Mac with a clean install before installing any third party apps, and before restoring/migrating from a backup. If you get Kernel Panics under these conditions, then it means there is a hardware issue which needs repaired since the laptop is in a factory fresh state which should not cause any failures.

Make sure to disconnect all external devices from the Mac when testing since one of them could be causing a problem.

If you are using File Sharing or connecting this Mac to another computer to access files, then maybe see how the laptop operates when not connected to another computer to share files.

You can also try running the Apple Diagnostics to see if any hardware issues are detected. Unfortunately the only useful diagnostic is one which reports an error (or freezes the computer during testing).

You may also want to run Disk Utility First Aid on the hidden Container in case there is an issue with the file system. Within Disk Utility you may need to click "View" and select "Show All Devices" so the hidden Container appears on the left pane of Disk Utility. Even if First Aid says everything is "Ok", click "Show Details" and scroll back through the report to see if any unfixed errors are listed. If there are any unfixed errors listed, then you will need to run First Aid from Recovery Mode, otherwise you will need to erase the "drive" to perform a clean install of macOS, or perform a "Restore"....followed by migrating/restoring from a backup.

On Apple Silicon M1 / M2 / M3 (When released ) machines it gets even one more complicated as tit involved SIP Enable / Disable

Kernel extensions in a Mac with Apple silicon

Kexts must be explicitly enabled for a Mac with Apple silicon by holding the power button at startup to enter into One True Recovery (1TR) mode, then downgrading to Reduced Security and checking the box to enable kernel extensions.

This action also requires entering an administrator password to authorize the downgrade. The combination of the 1TR and password requirement makes it difficult for software-only attackers starting from within macOS to inject kexts into macOS, which they can then exploit to gain kernel privileges.

After a user authorizes kexts to load, the above User-Approved Kernel Extension Loading flow is used to authorize the installation of kexts. The authorization used for the above flow is also used to capture an SHA384 hash of the user-authorized kext list (UAKL) in the LocalPolicy. The kernel management daemon (kmd) is then responsible for validating only those kexts found in the UAKL for inclusion into the AuxKC.

• If System Integrity Protection (SIP) is enabled, the signature of each kext is verified before being included in the AuxKC.
• 
  
• If SIP is disabled, the kext signature isn’t enforced.

This approach allows Permissive Security flows for developers or users who aren’t part of the Apple Developer Program to test kexts before they are signed.

Here's some food for thought: unless you're using a true VPN tunnel, such as between you and your employer's, school's or bank's servers, they provide false security from a privacy standpoint.  Read these two articles: Public VPN's are anything but private and Former Malware Distributor Kape Technologies Now Owns ExpressVPN, CyberGhost, Private Internet Access, Zenmate, and a Collection of VPN “Review” Websites. 

Additionally, Ventura 13.3 was released yesterday so update to it and see if there's any improvement.

den.bilyk wrote:

Thanks for this info. It is useful for regular users, I believe, and related to VPN providers. From the article: "The VPN provider can see all your traffic, and do with it what they want - including logging."

Yes, it is very important to understand this and be aware of it.

But, it is not my case, because I use private p2p bridges on own servers, no any VPN providers, and BTW, I developed one of the popular VPN service :)

It was probably never approved as it says. Over the years I have seen issues where macOS does not alway approve extensions even though the user supposedly approved the pop-up notices or approved them in the Security & Privacy System Preference/Settings. The user probably does not realize they must manually go into the Security & Privacy System Settings to approve the extension. macOS is trying too hard to protect users, that it makes this process overly complicated & very mysterious to the end users who do not follow changes in macOS. Even I have issues with this process at times because things do not just work as Apple hoped it would (unless of course it is Apple's intention to make this so difficult that users will only get their apps through the App Store).