Hi,
I am seeing an issue where I think filter manager is trying to unlock a user buffer locked via FltLockUserBuffer twice when an Io is cancelled.
Here is the relevant call stack:
nt!RtlpBreakWithStatusInstruction
nt!KiBugCheckDebugBreak+0x1c
nt!KeBugCheck2+0x66d
nt!MiFreeMdlTracker+0x9d
nt!MmUnlockPages+0x1be
nt!IopfCompleteRequest+0x388
nt!IovCompleteRequest+0x11c
fltmgr!FltpCompleteRequest+0x2d
fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x162
fltmgr!FltCompletePendedPreOperation+0x8b
fltmgr!FltvCompletePendedPreOperation+0x133
cpdrm!CbdqCompleteCanceledIo+0x7a
fltmgr!FltpCompleteCanceledIrp+0x13
nt!IopCsqCancelRoutine+0x59
nt!IoCancelIrp+0x83
nt!NtCancelIoFile+0xed
nt!KiFastCallEntry+0x12a
ntdll!KiFastSystemCallRet
ntdll!NtCancelIoFile+0xc
kernel32!CancelIo+0x14
filesystest!TestReadWriteThreadProc+0x51e
filesystest!TruncateAndBuild+0x195
filesystest!TestTruncationAndRebuild+0x2c
filesystest!MasterPhase1+0xb2
filesystest!wmain+0x1c1
filesystest!__tmainCRTStartup+0x1a8
filesystest!wmainCRTStartup+0xf
kernel32!BaseThreadInitThunk+0xe
ntdll!__RtlUserThreadStart+0x23
ntdll!_RtlUserThreadStart+0x1b
The BC is telling me that the driver is attempting to unlock pages that are not locked.
I am calling FltLockUserBuffer before inserting the Io into the CBDQ in my preop. In the CBDQ cancellation routine I do some cleanup (no manual unlocking) and then complete the IRP with STATUS_CANCELLED.
Is this a bug in filter manager? Or my mistake? I am going to change the code now so that I lock the buffer in the CBDQ IO processing routine before completing the pended pre-operation. I assume that will fix the issue.
Thanks,
Matt