syswatch is my FS filter , it run well in the past, but  since I modified it some way,  
my system BSODs frequently but not regularly .  The complete kenel dump result is here:


1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

UNEXPECTED_KERNEL_MODE_TRAP_M (1000007f)
This means a trap occurred in kernel mode, and it's a trap of a kind
that the kernel isn't allowed to have/catch (bound trap) or that
is always instant death (double fault).  The first number in the
bugcheck params is the number of the trap (8 = double fault, etc)
Consult an Intel x86 family manual to learn more about what these
traps are. Here is a *portion* of those codes:
If kv shows a taskGate
        use .tss on the part before the colon, then kv.
Else if kv shows a trapframe
        use .trap on that value
Else
        .trap on the appropriate frame will show where the trap was taken
        (on x86, this will be the ebp that goes with the procedure KiTrap)
Endif
kb will then show the corrected stack.
Arguments:
Arg1: 00000008, EXCEPTION_DOUBLE_FAULT
Arg2: ba338d70
Arg3: 00000000
Arg4: 00000000

Debugging Details:
------------------

BUGCHECK_STR:  0x7f_8

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  DRIVER_FAULT

PROCESS_NAME:  cstrike-online.

TRAP_FRAME:  a28e0c98 -- (.trap 0xffffffffa28e0c98)
ErrCode = 00000000
eax=0000000f ebx=0000000e ecx=d24ad400 edx=00000000 esi=89c69030 edi=00000000
eip=8056b209 esp=a28e0d0c ebp=a28e0d58 iopl=0         nv up ei ng nz ac po cy
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010293
nt!CcMapData+0xef:
8056b209 8a0c0a          mov     cl,byte ptr [edx+ecx]      ds:0023:d24ad400=??
Resetting default scope

LAST_CONTROL_TRANSFER:  from a5ed9b43 to a5ed75d4

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
a28e045c a5ed9b43 00000001 a28e0524 00000000 syswatch+0x5d4
a28e0508 a5eda2f0 89b1970c a28e0524 00000001 syswatch+0x2b43
a28e093c a5edae4a 8a087a50 89b195a0 a28e0b48 syswatch+0x32f0
a28e094c 804f018f 8a087a50 89b195a0 89b19754 syswatch+0x3e4a
a28e0954 89b195a0 89b19754 a21da3d6 8a0f9160 nt!IopfCallDriver+0x31
a28e0b48 a21da5dd 89ce5718 89b195a0 804f018f 0x89b195a0
a28e0b78 804f0b9f 89ce5718 89b25a09 89b25a80 FILEM701+0x85dd
a28e0b98 805176b0 8a0f9160 89b25aa0 89b25a80 nt!IoPageRead+0x1b
a28e0c14 80521239 e2dbc968 d24ad400 c0692568 nt!MiDispatchFault+0x292
a28e0c80 80545578 00000000 d24ad400 00000000 nt!MmAccessFault+0x877
a28e0c80 8056b209 00000000 d24ad400 00000000 nt!KiTrap0E+0xd0
a28e0d58 b9e42a6e 8a0f9160 a28e0d88 00000400 nt!CcMapData+0xef
a28e0d78 b9e42c89 8a367490 89f94308 0412d400 Ntfs+0x26a6e
a28e0dec b9e42b96 8a367490 89f95638 e3783690 Ntfs+0x26c89
a28e0e24 b9e42aed 8a367490 89f95638 e3783690 Ntfs+0x26b96
a28e0e5c b9e5173d 8a367490 e3783688 e3783690 Ntfs+0x26aed
a28e0f0c b9e5135c 8a367490 00000001 e3783688 Ntfs+0x3573d
a28e0fe4 b9e516f5 8a367490 89c1a008 89c1a174 Ntfs+0x3535c
a28e123c b9e41f2d 8a367490 89c1a008 a28e1294 Ntfs+0x356f5
a28e1320 804f018f 89f95558 89c1a008 8a0bd890 Ntfs+0x25f2d
a28e1388 805f0a79 00000004 00000010 e36fec2c nt!IopfCallDriver+0x31
a28e1758 a5edae4a 8a087a50 89c1a008 a28e1964 nt!SepNormalAccessCheck+0x125
a28e1768 804f018f 8a087a50 89c1a008 89c1a1bc syswatch+0x3e4a
a28e17c8 b9e403e5 b9e403d8 e16d6c58 00000000 nt!IopfCallDriver+0x31
a28e1964 a21da5dd 89ce5718 89c1a008 804f018f Ntfs+0x243e5
a28e1a60 805c0444 8a59f7b8 00000000 8a4684c0 FILEM701+0x85dd
a28e1ad8 805bc9d0 00000000 a28e1b18 00000240 nt!ObpLookupObjectName+0x53c
a28e1b2c 80577033 00000000 00000000 e41c9d00 nt!ObOpenObjectByName+0xea
a28e1ba8 805779aa a28e1d60 80000000 a28e1f74 nt!IopCreateFile+0x407
a28e1c04 8057b1a9 a28e1d60 80000000 a28e1f74 nt!IoCreateFile+0x8e
a28e1c44 8054261c a28e1d60 80000000 a28e1f74 nt!NtOpenFile+0x27
a28e1c44 8050164d a28e1d60 80000000 a28e1f74 nt!KiFastCallEntry+0xfc
a28e1cd4 a29e2e69 a28e1d60 80000000 a28e1f74 nt!ZwOpenFile+0x11
a28e240c 804f018f 89f95558 89e07698 8a0bd890 HookSys+0x13e69
a28e24e8 b9e45317 b9e442e8 a28e253c 89e07698 nt!IopfCallDriver+0x31
a28e2844 a5edae4a 8a087a50 89e07698 a28e2a50 Ntfs+0x29317
a28e2854 804f018f 8a087a50 89e07698 89e0784c syswatch+0x3e4a
a28e288c a5aa666d 8a4b2368 00000043 8a37bcc0 nt!IopfCallDriver+0x31
a28e2a50 a21da5dd 89ce5718 89e07698 804f018f HOOKHELP!SetProcQueryValueInfo+0x198d
a28e2b4c 805c0444 8a59f7b8 00000000 8a4aa6c8 FILEM701+0x85dd
a28e2bc4 805bc9d0 00000000 a28e2c04 00000040 nt!ObpLookupObjectName+0x53c
a28e2c18 80577033 00000000 00000000 4738c001 nt!ObOpenObjectByName+0xea
a28e2c94 805779aa 07bfa8e8 c0100080 07bfa888 nt!IopCreateFile+0x407
a28e2cf0 8057a0b4 07bfa8e8 c0100080 07bfa888 nt!IoCreateFile+0x8e
a28e2d30 8054261c 07bfa8e8 c0100080 07bfa888 nt!NtCreateFile+0x30
a28e2d30 7c92e4f4 07bfa8e8 c0100080 07bfa888 nt!KiFastCallEntry+0xfc
07bfa8e0 00000000 00000000 00000000 00000000 0x7c92e4f4

STACK_COMMAND:  kb

FOLLOWUP_IP:
syswatch+5d4
a5ed75d4 50              push    eax

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  syswatch+5d4

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: syswatch

IMAGE_NAME:  syswatch.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4b547ed5

FAILURE_BUCKET_ID:  0x7f_8_syswatch+5d4

BUCKET_ID:  0x7f_8_syswatch+5d4

Followup: MachineOwner
---------

In whitch HOOKHELP , HookSys is drivers of Rising,  and FILEM701 is the driver of Filemon.
The exception first take place in nt!CcMapData+0xef
I suspect it has something to do with Filemon because every time it BSODs I have run Filemon.
Just from the calling stack,  who can tell some  possible fault in my filter driver, such as buffer overflow.  
Any suggestion work, I spent too much time on this problem already. thanks!

_________________________________________________________________

SOLVED

Because the stack of dispatch routine is too large.

[招生]科锐逆向工程师培训(2024年11月15日实地，远程教学同时开班, 第51期)