Strange BSOD

Hi all !

I have two strange BSODs, that occurred when my FS filter driver was
included in the following stacks with

antivirus and XP system recovery filter (sr):

!DevObj !DrvObj !DevExt ObjectName

82bb7c18 \Driver\Avg7RsW 82bb7cd0 –> antivirus

82ed4020 \FileSystem\MyFilter 82ed40d8

82ed4dd0 \FileSystem\sr 82ed4e88

82ed3020 \FileSystem\Ntfs 82ed30d8

82692298 \Driver\SymEvent 82692350

827345e8 \FileSystem\MyFilter 827346a0

82b99938 \FileSystem\sr 82b999f0

82720770 \FileSystem\Ntfs 82720828

My filter just forwarded the Irp in both case:



An attempt was made to access a pageable (or completely invalid) address at

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If a kernel debugger is available get the stack backtrace.


Arg1: bb89b9ee, memory referenced

Arg2: 00000002, IRQL

Arg3: 00000001, value 0 = read operation, 1 = write operation

Arg4: 80a28a16, address which referenced memory

eeeb274c f8696b33 bb89b9ba 00000001 00000001

eeeb274c f8696b33 bb89b9ba 00000001 00000001 Ntfs!NtfsFlushVolume+0xfa

eeeb27c8 f8696b0a 82740b18 82ed3100 00000001 Ntfs!NtfsFlushVolume+0xfa

eeeb2868 f8683e37 82740b18 8292a770 eeeb0000 Ntfs!NtfsCommonVolumeOpen+0x341

eeeb2944 8080a3d9 82ed3020 8292a770 8291d9e0 Ntfs!NtfsFsdCreate+0x14d

eeeb2954 f871d876 00000000 82f749f8 8292a770 nt!IopfCallDriver+0x31

eeeb29a0 8080a3d9 82ed4e88 00000001 82ed4020 sr!SrCreate+0x150

eeeb29b0 f86f8bb0 8292a770 82f747e8 8291d9e0 nt!IopfCallDriver+0x31

eeeb29d8 f870e57d 00ed4020 0092a770 8292a96c

eeeb2a0c 8080a3d9 82ed4020 8292a770 8292a770 MyFilter!

eeeb2a1c f8b6b328 f8d7d9f0 8292a770 82bb7cd0 nt!IopfCallDriver+0x31

WARNING: Stack unwind information not available. Following frames may be

eeeb2a38 f8b6a6ab 82bb7c18 8291d9e0 f8d7d436 avg7rsxp+0x2328

eeeb2b4c 80895063 82f75030 00000000 82a03c88 avg7rsxp+0x16ab

eeeb2bc4 808982a8 00000000 eeeb2c04 00000040 nt!ObpLookupObjectName+0x53c

eeeb2c18 808a62e2 00000000 00000000 00000001 nt!ObOpenObjectByName+0xea

eeeb2c94 808a63b1 0012fe6c c0100080 0012fe0c nt!IopCreateFile+0x407

eeeb2cf0 808a63f4 0012fe6c c0100080 0012fe0c nt!IoCreateFile+0x8e

eeeb2d30 8080699f 0012fe6c c0100080 0012fe0c nt!NtCreateFile+0x30

eeeb2d30 7c90eb94 0012fe6c c0100080 0012fe0c nt!KiFastCallEntry+0xfc

0012fdc8 7c90d68e 7c810916 0012fe6c c0100080 ntdll!KiFastSystemCallRet

The second case is the similar one, but with Symantec antivirus.

Any idea?