[OSR-DETECTED-SPAM] BSOD when process exits(filter/layered fsd)

Hi, all
I am developping a filter/layered fsd to encrypt/decrypt files. It works fine on local system,but when I new a excel document and open it on the shared folder, and then edit it and close it, the windbg stops with infor £º A driver has leaked 4096 bytes of physical memory. Break instruction exception - code 80000003 (first chance)and then I click the key F5, windbg goes well again.
When I open the file second time, edit it and close it. But this time, system crashes. Windbg shows some info: *** Fatal System Error: 0x000000cb (0xBAF2C2EB,0xBAF261A5,0x811AE060,0x00000004)
Driver at fault: *** rdbss.sys - Address BAF2C2EB base at BAF1F000, DateStamp 48025ee6.Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.Debugger entered on first try; Bugcheck callbacks have not been invoked.
A fatal system error has occurred.
Connected to Windows XP 2600 x86 compatible target at (Sun Mar 4 21:47:42.097 2012 (GMT+8)), ptr64 FALSELoading Kernel Symbols…Loading User SymbolsPEB is paged out (Peb.Ldr = 7ffde00c). Type “.hh dbgerr001” for detailsLoading unloaded module list…*** ERROR: Module load completed but symbols could not be loaded for vmhgfs.sys*** ERROR: Module load completed but symbols could not be loaded for ipnat.sys*** ERROR: Module load completed but symbols could not be loaded for vmx_fb.dll*** ERROR: Module load completed but symbols could not be loaded for ipsec.sys*** ERROR: Module load completed but symbols could not be loaded for dump_VMscsi.sys*** ERROR: Module load completed but symbols could not be loaded for isapnp.sys*** ERROR: Symbol file could not be found. Defaulted to export symbols for vmci.sys - *** ERROR: Symbol file could not be found. Defaul
ted to export symbols for drmk.sys - *** ERROR: Module load completed but symbols could not be loaded for intelppm.sys*** ERROR: Module load completed but symbols could not be loaded for vmdebug.sys*** ERROR: Module load completed but symbols could not be loaded for vmx_svga.sys*** ERROR: Module load completed but symbols could not be loaded for vmxnet.sys*** ERROR: Module load completed but symbols could not be loaded for vmscsi.sys*** ERROR: Module load completed but symbols could not be loaded for intelide.sys*** ERROR: Module load completed but symbols could not be loaded for vmmouse.sys*** ERROR: Module load completed but symbols could not be loaded for vmmemctl.sys******************************************************************************** ** Bugcheck Analysis **
********************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck CB, {baf2c2eb, baf261a5, 811ae060, 4}
PEB is paged out (Peb.Ldr = 7ffde00c). Type “.hh dbgerr001” for detailsPEB is paged out (Peb.Ldr = 7ffde00c). Type “.hh dbgerr001” for detailsProbably caused by : rdbss.sys ( rdbss!RxLockUserBuffer+ba )
Followup: MachineOwner---------
nt!RtlpBreakWithStatusInstruction:80528bdc cc int 3kd> !analyze -v******************************************************************************** ** Bugcheck Analysis ** ********************************************************************************
DRIVER_LEFT_LOCKED_PAGES_IN_PROCESS (cb)Caused by a driver not cleaning up completely after an I/O.When possible, the guilty driver’s name (Unicode string) is printed onthe bugcheck screen and saved in KiBugCheckDriver.Arguments:Arg1: baf2c2eb, The calling address in the driver that locked the pages or if the IO manager locked the pages this points to the dispatch routine of the top driver on the stack to which the IRP was sent.Arg2: baf261a5, The caller of the calling address in the driver that locked the pages. If the IO manager locked the pages this points to the device object of the top driver on the stack to which the IRP was sent.Arg3: 811ae060, A pointer to the MDL containing the locked pages.Arg4: 00000004, The number of locked pages.
Debugging Details:------------------
PEB is paged out (Peb.Ldr = 7ffde00c). Type “.hh dbgerr001” for detailsPEB is paged out (Peb.Ldr = 7ffde00c). Type “.hh dbgerr001” for details
FAULTING_IP: rdbss!RxLockUserBuffer+babaf2c2eb 834dfcff or dword ptr [ebp-4],0FFFFFFFFh
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xCB
PROCESS_NAME: EXCEL.EXE
LAST_CONTROL_TRANSFER: from 804f8b9d to 80528bdc
STACK_TEXT: ba6337b4 804f8b9d 00000003 ba633b10 00000000 nt!RtlpBreakWithStatusInstructionba633800 804f978a 00000003 00000000 81588430 nt!KiBugCheckDebugBreak+0x19ba633be0 804f9cb5 000000cb baf2c2eb baf261a5 nt!KeBugCheck2+0x574ba633c00 805116fb 000000cb baf2c2eb baf261a5 nt!KeBugCheckEx+0x1bba633c48 805c9991 81718d58 8148d020 8148d268 nt!MmCleanProcessAddressSpace+0x34bba633d08 805c9b54 00000000 8148d020 00000000 nt!PspExitThread+0x6c3ba633d28 805c9d2f 8148d020 00000000 ba633d64 nt!PspTerminateThreadByPointer+0x52ba633d54 8053e638 00000000 00000000 0013f394 nt!NtTerminateProcess+0x105ba633d54 7c92e4f4 00000000 00000000 0013f394 nt!KiFastCallEntry+0xf8WARNING: Frame IP not in any known module. Following frames may be wrong.0013f394 00000000 00000000 00000000 00000000 0x7c92e4f4

STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP: rdbss!RxLockUserBuffer+babaf2c2eb 834dfcff or dword ptr [ebp-4],0FFFFFFFFh
SYMBOL_NAME: rdbss!RxLockUserBuffer+ba
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: rdbss
IMAGE_NAME: rdbss.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 48025ee6
FAILURE_BUCKET_ID: 0xCB_rdbss!RxLockUserBuffer+ba
BUCKET_ID: 0xCB_rdbss!RxLockUserBuffer+ba
Followup: MachineOwner---------
some circumstances:
system debugged is XP, the remote system is XP tooEXCEL is 2003
It puzzled me many days, help me please!!!