高手低手新手老手 快来救救我！

    我负责解决一个虚拟串口驱动程序的bug，当加了两个虚拟串口，驱动程序成功安装后，当com4,com3或者com1,com2来回反复选择其一后，系统就会崩溃，经过softice检测，弹出以下错误：

--com(4) ctrl history mask=0
--com(4)---wait_on_mask:use serial_ev_rxchar.begin test if empty
--com(4)markirp pending
--com(4)exit--ioctl_serial_wait-on_mask(pending wait on mask trp)--
--com(4)--exit iocontrol routine
Break due to page Fault(0Eh) fault=0000
 
找到代码后，是Ioctl.c中的
case IOCTL_SERIAL_WAIT_ON_MASK:
   {
    //WAIT_ON_ MASK irp 处理
    //KIRQL  OldIrql;
    BOOLEAN  bIsEmpty;
......

    #if 1      
      
      
      //状态线处理，status line process
      HistoryMasktemp = deviceExtension->HistoryMask;
      if(HistoryMasktemp)
      {
       DebugPrint(("-- COM( %d ) CTRL  HistoryMask = 0X%x\n",deviceExtension->ComX,HistoryMasktemp));
       *((PULONG)Irp->AssociatedIrp.SystemBuffer) = HistoryMasktemp;    
       CompleteRequest( Irp, STATUS_SUCCESS, sizeof( ULONG ));
       deviceExtension->WaitOnMaskIrp=NULL;  //clean WaitOnMaskIrp
       deviceExtension->bIsWaitOnMask=FALSE;
 
       deviceExtension->HistoryMask = 0x00;
       DebugPrint(("-- COM( %d ) CTRL  Completed -- SERIAL_EV(0X%x) -- WaitOnMaskIrp for StatusLine\n",deviceExtension->ComX,HistoryMasktemp));
      
       if(deviceExtension->bisCtlTimeout)
       {
        deviceExtension->ModemStatus=0x00; //clear status line
       }
      
       DebugPrint(("-- COM( %d ) --Exit IoControl routine\n",deviceExtension->ComX));
       return STATUS_SUCCESS;
      }
......


代码错误的意思是分页内存出错，但我不知道反复选择串口后，在这段程序里面，有哪些可能导致内存出错，我是新手，已经迷茫了好多天了，还请大家帮我分析一下！万分感谢！

IOCTL.C中在IOCTL_SERIAL_WAIT_ON_MASK这个例程中，对内存是怎么访问的呢？出现
Break due to page Fault(0Eh) fault=0000
是不是一定是访问内存分页出错了呢？

这个问题好像不好解决

大家看一下，下面是用windbg分析dmp文件得出的结果。

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is
caused by drivers that have corrupted the system pool.  Run the driver
verifier against any new (or suspect) drivers, and if that doesn't turn up
the culprit, then use gflags to enable special pool.
Arguments:
Arg1: 00602c03, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8054c38f, address which referenced memory

Debugging Details:
------------------




BUGCHECK_STR:  0xC5_2

CURRENT_IRQL:  2

FAULTING_IP:
nt!ExDeferredFreePool+ac
8054c38f 8b08            mov     ecx,dword ptr [eax]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

TRAP_FRAME:  80551150 -- (.trap 0xffffffff80551150)
ErrCode = 00000000
eax=00602c03 ebx=81e29000 ecx=00000000 edx=00000000 esi=80562b40 edi=000001ff
eip=8054c38f esp=805511c4 ebp=80551204 iopl=0         nv up ei pl nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010206
nt!ExDeferredFreePool+0xac:
8054c38f 8b08            mov     ecx,dword ptr [eax]  ds:0023:00602c03=????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from 8054c38f to 804e287f

STACK_TEXT:  
80551150 8054c38f badb0d00 00000000 f71211d8 nt!KiTrap0E+0x233
80551204 8054c51e 81998e48 81ca90ec 81a26ed8 nt!ExDeferredFreePool+0xac
80551244 8054c2b9 81a26ed8 00000000 805512c0 nt!ExFreePoolWithTag+0x489
80551254 f6ca1fb1 81a26ed8 81c133c0 81a26ed8 nt!ExFreePool+0xf
805512c0 f6ca2b57 81deea00 00000000 81ca97d8 USBPORT!USBPORT_CompleteTransfer+0x43f
805512f0 f6ca3754 026e6f44 81ca90e0 81ca90e0 USBPORT!USBPORT_DoneTransfer+0x137
80551328 f6ca4f6a 81ca9028 804e3eb4 81ca9230 USBPORT!USBPORT_FlushDoneTransferList+0x16c
80551354 f6cb2fb0 81ca9028 804e3eb4 81ca9028 USBPORT!USBPORT_DpcWorker+0x224
80551390 f6cb3128 81ca9028 00000001 8055a080 USBPORT!USBPORT_IsrDpcWorker+0x37e
805513ac 804dcbd4 81ca964c 6b755044 00000000 USBPORT!USBPORT_IsrDpc+0x166
805513c0 80559e20 ffdffc50 00000000 00000000 nt!KiRetireDpcList+0x46
805513d0 804dcb4d 00000000 0000000e 00000000 nt!KiIdleThread0
805513d4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x26


STACK_COMMAND:  kb

FOLLOWUP_IP:
nt!ExDeferredFreePool+ac
8054c38f 8b08            mov     ecx,dword ptr [eax]

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!ExDeferredFreePool+ac

FOLLOWUP_NAME:  Pool_corruption

IMAGE_NAME:  Pool_Corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MODULE_NAME: Pool_Corruption

FAILURE_BUCKET_ID:  0xC5_2_nt!ExDeferredFreePool+ac

BUCKET_ID:  0xC5_2_nt!ExDeferredFreePool+ac

Followup: Pool_corruption