ovpn-dco-win icon indicating copy to clipboard operation
ovpn-dco-win copied to clipboard

Published 20 hours ago verified publisher icon OpenVPN

Memory leak caused KMDF verifier bug check on uninstall

Open lstipakov opened this issue 1 year ago • 2 comments

I once managed to trigger a bug check on uninstall.

 # Child-SP          RetAddr               Call Site
00 ffffc182`daf9e258 fffff801`4a8142fa     nt!KeBugCheckEx
01 ffffc182`daf9e260 fffff801`4a7ce51f     nt!PspSystemThreadStartup$filt$0+0x44
02 ffffc182`daf9e2a0 fffff801`4a8039bf     nt!_C_specific_handler+0x9f
03 ffffc182`daf9e310 fffff801`4a677a77     nt!RtlpExecuteHandlerForException+0xf
04 ffffc182`daf9e340 fffff801`4a676676     nt!RtlDispatchException+0x297
05 ffffc182`daf9ea60 fffff801`4a80d46c     nt!KiDispatchException+0x186
06 ffffc182`daf9f120 fffff801`4a8064d0     nt!KiExceptionDispatch+0x12c
07 ffffc182`daf9f300 fffff801`4a802851     nt!KiBreakpointTrap+0x310
08 ffffc182`daf9f498 fffff801`4c9fdd5c     nt!DbgBreakPoint+0x1
09 (Inline Function) --------`--------     Wdf01000!Mx::MxDbgBreakPoint+0xc [minkernel\wdf\framework\shared\inc\primitives\km\MxGeneralKm.h @ 156] 
0a ffffc182`daf9f4a0 fffff801`4ca28493     Wdf01000!FxVerifierDbgBreakPoint+0x50 [minkernel\wdf\framework\shared\inc\private\common\fxverifier.h @ 103] 
0b ffffc182`daf9f4e0 fffff801`4ca264f2     Wdf01000!FxPoolDump+0x17b [minkernel\wdf\framework\shared\object\wdfpool.cpp @ 545] 
0c (Inline Function) --------`--------     Wdf01000!FxPoolDestroy+0x42 [minkernel\wdf\framework\shared\object\wdfpool.cpp @ 648] 
0d (Inline Function) --------`--------     Wdf01000!FxPoolPackageDestroy+0x46 [minkernel\wdf\framework\shared\object\wdfpool.cpp @ 707] 
0e ffffc182`daf9f580 fffff801`4ca236e7     Wdf01000!FxDestroy+0xa6 [minkernel\wdf\framework\shared\object\globals.cpp @ 1167] 
*** WARNING: Unable to verify timestamp for ovpn-dco.sys
0f ffffc182`daf9f5c0 fffff801`5a099682     Wdf01000!FxDriver::Unload+0xe7 [minkernel\wdf\framework\shared\core\fxdriver.cpp @ 202] 
10 ffffc182`daf9f610 ffff8d05`402ece30     ovpn_dco+0x9682
11 ffffc182`daf9f618 ffffc182`daf9f7a0     0xffff8d05`402ece30
12 ffffc182`daf9f620 00000000`c0000001     0xffffc182`daf9f7a0
13 ffffc182`daf9f628 ffffe70b`2ea45880     0xc0000001
14 ffffc182`daf9f630 00000000`00000000     0xffffe70b`2ea45880

It seems that WDF detected a leak (from wdfpool.cpp):

if (leak) {
    FxVerifierDbgBreakPoint(FxDriverGlobals);
    return STATUS_MORE_ENTRIES;
}

Normally this doesn't cause a bug check, but since I have KMDF verifier on, here we are.

I was unable to reproduce it anymore.

lstipakov avatar Dec 07 '22 09:12 lstipakov