ViPendingWorkerThread и ViPendingCompleteAfterWait, что это?

Падает драйвер с включенным верифаером, OS - Win7 32bit.

Код (Text):

1. kd> !analyze -v
2. *******************************************************************************
3. *                                                                             *
4. *                        Bugcheck Analysis                                    *
5. *                                                                             *
6. *******************************************************************************
7. IRQL_NOT_LESS_OR_EQUAL (a)
8. An attempt was made to access a pageable (or completely invalid) address at an
9. interrupt request level (IRQL) that is too high.  This is usually
10. caused by drivers using improper addresses.
11. If a kernel debugger is available get the stack backtrace.
12. Arguments:
13. Arg1: 8db8cfa8, memory referenced
14. Arg2: 00000002, IRQL
15. Arg3: 00000000, bitfield :
16.     bit 0 : value 0 = read operation, 1 = write operation
17.     bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
18. Arg4: 82978176, address which referenced memory
19.  
20. Debugging Details:
21. ------------------
22. READ_ADDRESS:  8db8cfa8 Special pool
23. CURRENT_IRQL:  2
24. FAULTING_IP:
25. nt!ViPendingCompleteAfterWait+30
26. 82978176 8b7860          mov     edi,dword ptr [eax+60h]
27. DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT
28. BUGCHECK_STR:  0xA
29. PROCESS_NAME:  System
30. TRAP_FRAME:  86944cbc -- (.trap 0xffffffff86944cbc)
31.  
32. ErrCode = 00000000
33. eax=8db8cf48 ebx=89bdb410 ecx=918b07fc edx=00000000 esi=918b07f8 edi=00000000
34. eip=82978176 esp=86944d30 ebp=86944d3c iopl=0         nv up ei pl zr na pe nc
35. cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010246
36. nt!ViPendingCompleteAfterWait+0x30:
37. 82978176 8b7860          mov     edi,dword ptr [eax+60h] ds:0023:8db8cfa8=????????
38. Resetting default scope
39. LAST_CONTROL_TRANSFER:  from 8271f089 to 8269ebc8
40.  
41. STACK_TEXT:  
42. 86944884 8271f089 00000003 247f3e2b 00000065 nt!RtlpBreakWithStatusInstruction
43. 869448d4 8271fb85 00000003 8db8cfa8 82978176 nt!KiBugCheckDebugBreak+0x1c
44. 86944c9c 8267e7bb 0000000a 8db8cfa8 00000002 nt!KeBugCheck2+0x68b
45. 86944c9c 82978176 0000000a 8db8cfa8 00000002 nt!KiTrap0E+0x2cf
46. 86944d3c 82978309 89bdb410 00000000 83db5a70 nt!ViPendingCompleteAfterWait+0x30
47. 86944d50 8283dbc3 82782f18 247f3b6f 00000000 nt!ViPendingWorkerThread+0x27
48. 86944d90 82700e29 829782e2 82782f18 00000000 nt!PspSystemThreadStartup+0x9e
49. 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
50.  
51. STACK_COMMAND:  kb
52. FOLLOWUP_IP:
53. nt!ViPendingCompleteAfterWait+30
54. 82978176 8b7860          mov     edi,dword ptr [eax+60h]
55. SYMBOL_STACK_INDEX:  4
56. SYMBOL_NAME:  nt!ViPendingCompleteAfterWait+30
57. FOLLOWUP_NAME:  MachineOwner
58. MODULE_NAME: nt
59. IMAGE_NAME:  ntkrpamp.exe
60. DEBUG_FLR_IMAGE_TIMESTAMP:  49ee8b4e
61. FAILURE_BUCKET_ID:  0xA_VRF_nt!ViPendingCompleteAfterWait+30
62. BUCKET_ID:  0xA_VRF_nt!ViPendingCompleteAfterWait+30
63. Followup: MachineOwner
64. ---------

Никак не могу понять в чём дело. Где искать ошибку? Неправильные параметры в IRP? Преждевременное освобождение памяти?

 

А что непонятного? IRQL 2, обращение к paged или уже освобождённой памяти.