Jump to content
roemers

Several Dell Notebooks with BSOD related to klim6.sys

Recommended Posts

Greetings!
I am new to this Forum and hope I'm in the right place with this Topic.

We have several DELL Notebooks with new USB Type C and Thunderbolt Dockingstations WD15 and TB16.

They are running with Windows 10 LTSB 2016 and KES10 10.3.0.6294, Drivers and Windows Updates up to date.
The Notebooks on their own are running fine without any complications, but if they are used with the USB Type C Dockingstation we get sporadically BSOD.
Sometimes once a day and sometimes every few minutes.

The dump points to klim6.sys as a trigger with the error  0x139_3_CORRUPT_LIST_ENTRY_klim6!unknown_function.

Perhaps Kaspersky don't like the USB Network Drivers for WD15 and TB16 Dockingstations?

A reinstallation of KES with plugged dockingstation didn't help us.
It is strange that we have some notebooks with the same software / hardware configuration without problems in use.

I hope someone have another idea to fix that.
If you need something, i will try to add the informations  as fast as possible.

Here the Minidump:

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 139, {3, ffff860129b7de30, ffff860129b7dd88, 0}

*** ERROR: Module load completed but symbols could not be loaded for klim6.sys
*** ERROR: Module load completed but symbols could not be loaded for kneps.sys
*** ERROR: Module load completed but symbols could not be loaded for rtux64w10.sys
*** ERROR: Module load completed but symbols could not be loaded for asmthub3.sys
*** ERROR: Module load completed but symbols could not be loaded for asmtxhci.sys
Probably caused by : klim6.sys ( klim6+2c72 )

Followup:     MachineOwner
---------

7: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff860129b7de30, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff860129b7dd88, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING:  14393.1715.amd64fre.rs1_release_inmarket.170906-1810

SYSTEM_MANUFACTURER:  Dell Inc.

SYSTEM_PRODUCT_NAME:  Latitude 5580

SYSTEM_SKU:  07D1

BIOS_VENDOR:  Dell Inc.

BIOS_VERSION:  1.6.4

BIOS_DATE:  09/12/2017

BASEBOARD_MANUFACTURER:  Dell Inc.

BASEBOARD_PRODUCT:  0FH6CJ

BASEBOARD_VERSION:  A00

DUMP_TYPE:  1

BUGCHECK_P1: 3

BUGCHECK_P2: ffff860129b7de30

BUGCHECK_P3: ffff860129b7dd88

BUGCHECK_P4: 0

TRAP_FRAME:  ffff860129b7de30 -- (.trap 0xffff860129b7de30)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffc40711cfabf0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffc407122d3130 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80cf55f2c72 rsp=ffff860129b7dfc0 rbp=ffff860129b7e0a0
 r8=ffffc4070fd400c0  r9=0000000000000002 r10=ffff86012898a060
r11=ffff860129b7e038 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe cy
klim6+0x2c72:
fffff80c`f55f2c72 cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  ffff860129b7dd88 -- (.exr 0xffff860129b7dd88)
ExceptionAddress: fffff80cf55f2c72 (klim6+0x0000000000002c72)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

CPU_COUNT: 8

CPU_MHZ: b58

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 9e

CPU_STEPPING: 9

CPU_MICROCODE: 6,9e,9,0 (F,M,S,R)  SIG: 5E'00000000 (cache) 5E'00000000 (init)

BUGCHECK_STR:  0x139

PROCESS_NAME:  System

CURRENT_IRQL:  2

ERROR_CODE: (NTSTATUS) 0xc0000409 - Das System hat in dieser Anwendung den  berlauf eines stapelbasierten Puffers ermittelt. Dieser  berlauf k nnte einem b sartigen Benutzer erm glichen, die Steuerung der Anwendung zu  bernehmen.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - Das System hat in dieser Anwendung den  berlauf eines stapelbasierten Puffers ermittelt. Dieser  berlauf k nnte einem b sartigen Benutzer erm glichen, die Steuerung der Anwendung zu  bernehmen.

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  0000000000000003

DEFAULT_BUCKET_ID:  FAIL_FAST_CORRUPT_LIST_ENTRY

ANALYSIS_SESSION_HOST:  015153660953

ANALYSIS_SESSION_TIME:  12-20-2017 09:46:56.0846

ANALYSIS_VERSION: 10.0.16299.91 amd64fre

LAST_CONTROL_TRANSFER:  from fffff80226360a29 to fffff802263558b0

STACK_TEXT: 
ffff8601`29b7db08 fffff802`26360a29 : 00000000`00000139 00000000`00000003 ffff8601`29b7de30 ffff8601`29b7dd88 : nt!KeBugCheckEx
ffff8601`29b7db10 fffff802`26360d90 : ffffc407`0717f028 ffffc407`0716f028 00000000`0000ffff fffff80c`f41b8b95 : nt!KiBugCheckDispatch+0x69
ffff8601`29b7dc50 fffff802`2635fd73 : ffff8601`29b7df09 fffff80c`f41b7edb ffffc407`13727000 fffff80c`00005e39 : nt!KiFastFailDispatch+0xd0
ffff8601`29b7de30 fffff80c`f55f2c72 : ffffc407`073f6638 fffff80c`f41a2c2a 00000000`00000001 ffffc407`123fa018 : nt!KiRaiseSecurityCheckFailure+0xf3
ffff8601`29b7dfc0 fffff80c`f41a3458 : ffffc407`11cfabe0 ffffc407`122e0df0 ffff8601`29b7e060 fffff80c`f41ac3db : klim6+0x2c72
ffff8601`29b7e000 fffff80c`f41a3a6d : ffff8601`29b7e060 ffffc407`075dd360 ffffc407`075dd378 ffff8601`000005ea : kneps+0x3458
ffff8601`29b7e040 fffff80c`f41a3b1c : ffffc407`075dd350 01d36f28`a352c63c ffff8601`00004e20 00000000`00000036 : kneps+0x3a6d
ffff8601`29b7e0d0 fffff80c`f41a2ec1 : ffffc407`075dd350 ffff8601`29b7e250 fffff80c`f41c1440 fffff80c`f55f6010 : kneps+0x3b1c
ffff8601`29b7e220 fffff80c`f55f3821 : ffffc407`09b59880 00000000`00000000 00000000`00000000 00000000`00000000 : kneps+0x2ec1
ffff8601`29b7e360 fffff80c`f55f1f82 : ffffc407`09b59880 fffff80c`f55f6010 ffffc407`1365d450 00000000`00000001 : klim6+0x3821
ffff8601`29b7e390 fffff80c`f4453e97 : ffffc407`1365d450 ffffc407`13845bf0 fffff80c`00000000 fffff80c`00000003 : klim6+0x1f82
ffff8601`29b7e400 fffff80c`f4452c2d : ffffc407`1365dc70 ffff8601`29b7e550 00000000`00000001 ffff8601`29b7e501 : ndis!ndisCallReceiveHandler+0x47
ffff8601`29b7e450 fffff80c`fc44479a : 00000000`00000000 00000000`00000001 ffffc407`083f2f8c ffffc407`0865a000 : ndis!NdisMIndicateReceiveNetBufferLists+0x67d
ffff8601`29b7e640 fffff80c`f36ad1f1 : ffffc407`136242b0 ffffc407`0c1580d0 00000000`00000001 ffffc407`00000276 : rtux64w10+0x4479a
ffff8601`29b7e710 fffff80c`f36acc0c : 00000000`00000009 00000000`00000001 ffffc407`12322020 00000000`00000009 : Wdf01000!FxRequestBase::CompleteSubmitted+0x201 [d:\rs1\minkernel\wdf\framework\shared\core\fxrequestbase.cpp @ 530]
ffff8601`29b7e7c0 fffff802`262f6c42 : ffffc407`12650050 fffff802`2644d302 ffffc407`000001ff ffffc407`13623a60 : Wdf01000!FxIoTarget::_RequestCompletionRoutine+0xdc [d:\rs1\minkernel\wdf\framework\shared\targets\general\fxiotarget.cpp @ 2448]
ffff8601`29b7e820 fffff802`26237762 : ffffc407`13623a60 ffff8601`29b7e909 00000000`00000000 ffffc407`13623ce3 : nt!IopUnloadSafeCompletion+0x52
ffff8601`29b7e850 fffff80c`fbd34000 : ffffc407`0de130e0 ffffc407`0a3140e0 00000000`00000103 00000000`00000103 : nt!IopfCompleteRequest+0x112
ffff8601`29b7e970 fffff80c`fbd437a8 : 00000000`00000000 ffffc407`0de130e0 ffffc407`0e2d0030 00000000`0000000d : asmthub3+0x4000
ffff8601`29b7e9a0 fffff80c`fbd44fde : 00000000`00000000 00000000`00000000 ffffc406`fc7959e0 ffffc407`07400020 : asmthub3+0x137a8
ffff8601`29b7e9d0 fffff80c`f5956d95 : ffffc407`132b3660 ffffc407`07400020 ffffc407`0e2d0030 00000000`0000000d : asmthub3+0x14fde
ffff8601`29b7ea00 fffff80c`f5967a5f : ffffc407`07407c60 00000000`00000001 ffffc407`12337640 ffffc407`132b3660 : asmtxhci+0x26d95
ffff8601`29b7ea30 fffff80c`f59886fc : ffffc407`132b3708 00000000`00000008 ffffc407`072c6a48 ffffc407`06e800e0 : asmtxhci+0x37a5f
ffff8601`29b7ea60 fffff80c`f5959ad6 : ffffc407`06e80188 00000000`00000000 ffffc407`072c6ca8 ffffc407`06e80188 : asmtxhci+0x586fc
ffff8601`29b7ea90 fffff80c`f598c7cf : 00000000`00000001 ffffc407`072c6ca8 ffff8601`28910c40 ffffc406`fc2b3040 : asmtxhci+0x29ad6
ffff8601`29b7eac0 fffff80c`f59869f8 : 00000000`00000001 ffffc407`072c6ca8 ffffc407`072c6ca8 ffffc407`072c6a48 : asmtxhci+0x5c7cf
ffff8601`29b7eaf0 fffff802`262bc7d5 : ffff8601`2890a180 ffffc407`06e80800 00000000`00000080 ffffc407`06e80800 : asmtxhci+0x569f8
ffff8601`29b7eb90 fffff802`2635ad76 : ffff8601`2890a180 ffffc407`06e80800 fffff802`262bc794 00000000`00000000 : nt!PspSystemThreadStartup+0x41
ffff8601`29b7ebe0 00000000`00000000 : ffff8601`29b7f000 ffff8601`29b78000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16


THREAD_SHA1_HASH_MOD_FUNC:  4f8c6a781a3b3b51be73154264aa3f5a6a329f8f

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  c86401c1626f5f5c410d727a25c6d84003b35559

THREAD_SHA1_HASH_MOD:  840db931ba7bc123248dfff54021df1cd0097099

FOLLOWUP_IP:
klim6+2c72
fffff80c`f55f2c72 cd29            int     29h

FAULT_INSTR_CODE:  8b4c29cd

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  klim6+2c72

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: klim6

IMAGE_NAME:  klim6.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  57bc2881

IMAGE_VERSION:  13.0.0.5

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  2c72

FAILURE_BUCKET_ID:  0x139_3_CORRUPT_LIST_ENTRY_klim6!unknown_function

BUCKET_ID:  0x139_3_CORRUPT_LIST_ENTRY_klim6!unknown_function

PRIMARY_PROBLEM_CLASS:  0x139_3_CORRUPT_LIST_ENTRY_klim6!unknown_function

TARGET_TIME:  2017-12-07T06:57:25.000Z

OSBUILD:  14393

OSSERVICEPACK:  0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE: 

USER_LCID:  0

OSBUILD_TIMESTAMP:  2017-09-07 06:54:57

BUILDDATESTAMP_STR:  170906-1810

BUILDLAB_STR:  rs1_release_inmarket

BUILDOSVER_STR:  10.0.14393.1715.amd64fre.rs1_release_inmarket.170906-1810

ANALYSIS_SESSION_ELAPSED_TIME:  14ca

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x139_3_corrupt_list_entry_klim6!unknown_function

FAILURE_ID_HASH:  {8fbf2cbe-aff2-9fcc-4408-c8b47c8328e3}

 

Share this post


Link to post

Hello and thank you for your fast response!

I gathered all dumps and logs you was asking about (already with a fresh BSOD).
I have to upload the files to the "MyKaspersky portal" like it's written in your HowTo, or is an upload to our "Kaspersky Company Account" also OK for you?

Thanks in advance!

Share this post


Link to post
1 hour ago, roemers said:

"Kaspersky Company Account"

is for B2B users

and

1 hour ago, roemers said:

"MyKaspersky portal"

for B2C users.

Thank you.

 

Share this post


Link to post

I have been experiencing exactly the same issues with over 15 Dell Latitude 5480 laptops. Running Windows 10 x64 1703 and Kaspersky KES10 10.3.0.6294

If needed I can provide a mini-dump file. But the error is exactly what the original post described.

Share this post


Link to post
1 час назад, cornelisc сказал:

I have been experiencing exactly the same issues with over 15 Dell Latitude 5480 laptops. Running Windows 10 x64 1703 and Kaspersky KES10 10.3.0.6294

If needed I can provide a mini-dump file. But the error is exactly what the original post described.

Hi,

Could you please create incident in CompanyAccount and request pf3129.

Thank you!

Share this post


Link to post

Exactly, it's also the 5480.
We have a lot Dell Notebooks with that BSOD, but the error is with all series and USB Dock used by us.
It's strange that on a few Notebooks with exactly the same hardware / software / drivers,  it seems to run (until now) also together with Dock without problems.

A defective docking station is also excluded. I have used several WD15 and TB16 with the affected devices. The error occurred again after a short time.

Share this post


Link to post
53 минуты назад, roemers сказал:

Exactly, it's also the 5480.
We have a lot Dell Notebooks with that BSOD, but the error is with all series and USB Dock used by us.
It's strange that on a few Notebooks with exactly the same hardware / software / drivers,  it seems to run (until now) also together with Dock without problems.

A defective docking station is also excluded. I have used several WD15 and TB16 with the affected devices. The error occurred again after a short time.

Hi,

Also please request pf3129.

Thank you!

Share this post


Link to post

The Support gave us Private Fix "pf3129", what fixed the Problem for us on the most affected machines.

Thank you!

Share this post


Link to post
1 hour ago, roemers said:

The Support gave us Private Fix "pf3129", what fixed the Problem for us on the most affected machines.

Thank you!

Thank you for your feedback!

Share this post


Link to post

Is this fix included into KES10SP2mr1? Is it to be included into KES11? Will the installed private fix interfere with later "regular" version update to, say, KES11? We have to plan rollout for all our relevant Dells (7480 mostly).

Share this post


Link to post

Hi

Not sure if I can reply to this thread but today and beginning last week I had 10 users getting BSOD all at the same time.

I have analyzed the memory dump from each client and they all point to klim6.sys

MODULE_NAME: klim6

IMAGE_NAME:  klim6.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  57bc2881

IMAGE_VERSION:  13.0.0.5

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  2c72

FAILURE_BUCKET_ID:  0x139_3_CORRUPT_LIST_ENTRY_klim6!unknown_function

BUCKET_ID:  0x139_3_CORRUPT_LIST_ENTRY_klim6!unknown_function

PRIMARY_PROBLEM_CLASS:  0x139_3_CORRUPT_LIST_ENTRY_klim6!unknown_function

 

Laptops are not DELL but Lenovo of two different models and between Windows 8.1 and Windows 10

Would it be possible to get some help on this please?

 

Thanks

Share this post


Link to post

I'm also having this problem on a Dell OptiPlex 7050 and an Intel NUC both running Windows 10 attempting to install Kaspersky Endpoint Security 10 for Windows 10.3.0.6294. I will request the fix from the company account page.

 

Regards

Share this post


Link to post
40 минут назад, gpc.tech сказал:

Hi

Kaspersky Endpoint Security 10 for Windows 10.3.0.6294

Thanks

Massi

 

Could you please provide crash dump files from the folder %ProgramData%\Kaspersky Lab

Thank you!

Share this post


Link to post

Sorry, which exact folder do I find these?

I have this path but the folder looks empty unless I am looking in the wrong one and most of us have two KasperskyLab Folders under Program Data

Would they be like tmp files or anything particular in terms of extension?

Thanks

 

Share this post


Link to post

I found some files on a user computer with that sort of naming:

Directory of S:\ProgramData\Kaspersky Lab

12/02/2018  12:01    <DIR>          .
12/02/2018  12:01    <DIR>          ..
29/01/2018  16:11       514,303,212 KES.10.3.0.6294_01.29_16.10_2400.SRV48.full.dmp.enc1
29/01/2018  16:11               610 KES.10.3.0.6294_01.29_16.10_2400.SRV48.full.dmpinfo
29/01/2018  16:11        88,526,726 KES.10.3.0.6294_01.29_16.10_5016.GUI48.full.dmp.enc1
29/01/2018  16:11               310 KES.10.3.0.6294_01.29_16.10_5016.GUI48.full.dmpinfo
29/01/2018  16:10        66,191,343 KES.10.3.0.6294_01.29_16.10_8560.HST48.full.dmp.enc1
29/01/2018  16:10               310 KES.10.3.0.6294_01.29_16.10_8560.HST48.full.dmpinfo
12/02/2018  12:01    <DIR>          KES10SP2
               6 File(s)    669,022,511 bytes
               3 Dir(s)  175,019,413,504 bytes free

 

Thanks

 

 

Sorry, did not realize that files timestamp do not reflect the current date also, if I upload files are these visible and downloadable to others in this forum?

Share this post


Link to post

Hi Ivan

I have not found any of the files I have been asking to look for I only have memory dumps, where and how do I upload one?

 

Thanks

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.