Windows Driver programming, Thread function data argument gets corrupted?

Question

I'm testing this code:

int handler(void* data)
{
    KTIMER *Timer = (KTIMER *)data;
    DbgPrint("*** timer1.sys: Inside handler ...\n");
    DbgPrint("handler: Address of data: %p\n", data);
    if (STATUS_SUCCESS == KeWaitForSingleObject(Timer,
                                        Executive, KernelMode , 
                                        TRUE, NULL)){
            DbgPrint("Status_Succes for KeWaitForSingleObject");
    } 
    DbgPrint("Done waiting!!! ...\n");
    KeCancelTimer(Timer);
    return 1;
}

void start_timer()
{
    KTIMER Timer;
    LARGE_INTEGER lTimeOut;
    PKTHREAD *delayedWorkerThread;
    void* data;

    DbgPrint("*** timer1.SYS: ==>start_timer\n");

    KeInitializeTimer(&Timer);
    lTimeOut.QuadPart = 3000;           //Delay
    lTimeOut.QuadPart *= 10000;         // 100ns * 10000 = 1ms
    lTimeOut.QuadPart *= -1;            // exactly waiting time
    KeSetTimer(&Timer, lTimeOut, NULL);


    /*
    if (STATUS_SUCCESS == KeWaitForSingleObject(&Timer,
                                        Executive, KernelMode , 
                                        TRUE, NULL)){
            DbgPrint("Status_Succes for KeWaitForSingleObject");
    } 
    DbgPrint("Call Handler ...\n");
    KeCancelTimer(&Timer);
    */

    data = &Timer;
    DbgPrint("start_timer: Address of Timer: &Timer: %p\n", &Timer);
    DbgPrint("Start_timer: Address of Timer: data: %p\n", data);
    delayedWorkerThread = thread_create(handler, data, "Delayed Worker Thread"); // This function will create a thread using PsCreateSystemThread and will return PTHREAD object
    DbgPrint("timer1.sys: start_timer<==\n");
}

Now when I load this driver, my m/c crashes with (IRQL_NOT_LESS_OR_EQUAL_TO) at KeWaitForSingleObject that means, I'm trying to access invalid address. But Timer address is same in handler and in start_timer. Without KeWaitForSingleObject its fine. I don't know what is wrong, if anyone can help!

////////////////////////////// EDIT 1 //////////////////////////////

WIthout KeWaitForSingleObject i.e.

int handler(void* data)
{
    KTIMER *Timer = (KTIMER *)data;
    DbgPrint("*** timer1.sys: Inside handler ...\n");
    DbgPrint("handler: Address of data: %p\n", data);    // Same address
    DbgPrint("handler: Address of Timer: %p\n", TImer);  // Same address

    DbgPrint("Done waiting!!! ...\n");
    KeCancelTimer(Timer);
    return 1;
}

Its crashing later .. installing driver successfully and also unloading successfully ... then suddenly blue screen! Windows driver programming isn't child's play! :(

Still same address in both the function .. BTW it works fine whn I write without thread ... (Uncommenting code in start_timer()) But I have to do it with thread ... What I want to do is, calling start_timer() with different delay multiple time, and handler should be called accordingly it should not block other execution hence creating thread.