IODelete Deice Causing Error When Delete FILE_DEVICE_DISK_FILE_SYSTEM

I have created three Device on Control Device ,One Disk Device another is FS device . Driver Entry Routine initializing them properly and device object are visible in the WinObj.
But in unload routine when it delete the FS device then It Causes the BSOD with IRQL_NOT_LEss_then_EQUAL.Please suggest me what is wrong happening in this code. It alway causing error when the It delete FS device.

the Entry Routines and the Unload Routine are

NTSTATUS DriverEntry(In PDRIVER_OBJECT DriverObject, In PUNICODE_STRING RegistryPath){

UNREFERENCED_PARAMETER(DriverObject);
UNREFERENCED_PARAMETER(RegistryPath);
AFSPrint(“AFS:\t IN:DriverEntry\n”);
UNICODE_STRING ControllerName;
UNICODE_STRING VDName;
UNICODE_STRING FSName;

UNICODE_STRING SymController;
UNICODE_STRING SymVD;
UNICODE_STRING SymFS;

PDEVICE_OBJECT ControllerDevice ;
PDEVICE_OBJECT VirtualDiskDevice;
PDEVICE_OBJECT VolumeDevice;

NTSTATUS ReturnStatus = STATUS_SUCCESS;

RtlInitUnicodeString(&ControllerName, AFS_KERNEL_CONTORLLER_NAME);
RtlInitUnicodeString(&VDName, AFS_KERNEL_DISK_NAME);
RtlInitUnicodeString(&FSName, AFS_KERNEL_VOLUME_NAME);

RtlInitUnicodeString(&SymController, AFS_SYMBOLIC_CONTROLLER_NAME);
RtlInitUnicodeString(&SymVD, AFS_SYMBOLIC_DISK_NAME);
RtlInitUnicodeString(&SymFS, AFS_SYMBOLIC_VOLUME_NAME);

DriverObject->DriverUnload = UnloadDriver;
DriverObject->MajorFunction[IRP_MJ_CREATE] = CreateRoutine;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = CloseRoutine;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DeviceControlRoutine;
DriverObject->MajorFunction[IRP_MJ_READ] = ReadRoutine;
DriverObject->MajorFunction[IRP_MJ_WRITE] = UnsupportedRoutine;

/*Creating Controller Device…*/
AFSPrint(“AFS:Intializing Controller…\n”);
ReturnStatus = IoCreateDevice(DriverObject, sizeof(CONTROLLER_INSTANCE), &ControllerName, FILE_DEVICE_UNKNOWN, FILE_DEVICE_SECURE_OPEN, FALSE, &ControllerDevice);
if (SUCCESS(ReturnStatus))
{
AFSPrint(“AFS:Creating Controller Symbolic Link…\n”);
ReturnStatus = IoCreateSymbolicLink(&SymController, &ControllerName);
if (!SUCCESS(ReturnStatus))
{
AFSStatus(“Failed While Creating Controller Symbolic Link(VOLUME) Error -%x”, ReturnStatus);
IoDeleteDevice(ControllerDevice);
return STATUS_UNSUCCESSFUL;
}
}
else
{
AFSStatus(“Failed While Creating Controller(VOLUME) Error -%x”, ReturnStatus);
return STATUS_UNSUCCESSFUL;
}

/*Creating Disk Device…*/
AFSPrint(“AFS:Intializing Disk…\n”);
ReturnStatus = IoCreateDevice(DriverObject, 0, &VDName, FILE_DEVICE_VIRTUAL_DISK, FILE_DEVICE_SECURE_OPEN, FALSE, &VirtualDiskDevice);
if (SUCCESS(ReturnStatus))
{
AFSPrint(“AFS:Creating Disk Symbolic Link…\n”);
ReturnStatus = IoCreateSymbolicLink(&SymVD, &VDName);
if (!SUCCESS(ReturnStatus))
{
AFSStatus(“Failed While Creating Symbolic Link(Disk) Error -%x”, ReturnStatus);
IoDeleteSymbolicLink(&SymController);
IoDeleteDevice(ControllerDevice);
IoDeleteDevice(VirtualDiskDevice);
return STATUS_UNSUCCESSFUL;
}
}
else
{
AFSStatus(“Failed While Creating Disk Error -%x”, ReturnStatus);
IoDeleteSymbolicLink(&SymController);
IoDeleteDevice(ControllerDevice);
return STATUS_UNSUCCESSFUL;
}

/*Creating File System Volume Device…*/
AFSPrint(“AFS:Intializing File System…\n”);
ReturnStatus = IoCreateDevice(DriverObject, 0, &FSName, FILE_DEVICE_DISK_FILE_SYSTEM, FILE_DEVICE_SECURE_OPEN, FALSE, &VolumeDevice);
if (SUCCESS(ReturnStatus))
{
AFSPrint(“AFS:Creating FileSystem Symbolic Link…\n”);
ReturnStatus = IoCreateSymbolicLink(&SymFS, &FSName);
if (!SUCCESS(ReturnStatus))
{
IoDeleteSymbolicLink(&SymController);
IoDeleteSymbolicLink(&SymVD);
IoDeleteDevice(ControllerDevice);
IoDeleteDevice(VirtualDiskDevice);
IoDeleteDevice(VolumeDevice);
AFSStatus(“Failed While Creating Symbolic Link(VOLUME) Error -%x”, ReturnStatus);
return STATUS_UNSUCCESSFUL;
}
}
else
{
AFSStatus(“Failed While Creating VOLUME Error -%x”, ReturnStatus);
IoDeleteSymbolicLink(&SymController);
IoDeleteSymbolicLink(&SymVD);
IoDeleteDevice(ControllerDevice);
IoDeleteDevice(VirtualDiskDevice);
return STATUS_UNSUCCESSFUL;
}

AFSPrint(“AFS:DriverEntry => All Device Intiallized SuccesFully”);
PCONTROLLER_INSTANCE controllerState = (PCONTROLLER_INSTANCE)AllocateFromNonPageTag(sizeof(CONTROLLER_INSTANCE));
controllerState->ControllerDevice = ControllerDevice;
controllerState->DiskDevice = VirtualDiskDevice;
controllerState->VolumeDevice = VolumeDevice;
DriverObject->DeviceObject = ControllerDevice;
ControllerDevice->DeviceExtension = controllerState;
AFSStatus(“AFS: Intilaialize %x”, ReturnStatus);
return ReturnStatus;

}

void UnloadDriver(In PDRIVER_OBJECT DriverObject){
PCONTROLLER_INSTANCE controllerState;
UNICODE_STRING ControllerName;
UNICODE_STRING VDName;
UNICODE_STRING FSName;

UNICODE_STRING SymController;
UNICODE_STRING SymVD;
UNICODE_STRING SymFS;

PDEVICE_OBJECT Cont, FS, Disk;

UNREFERENCED_PARAMETER(DriverObject);

AFSPrint(“AFS:\t IN:UnloadRoutine\n”);
RtlInitUnicodeString(&ControllerName, AFS_KERNEL_CONTORLLER_NAME);
RtlInitUnicodeString(&VDName, AFS_KERNEL_DISK_NAME);
RtlInitUnicodeString(&FSName, AFS_KERNEL_VOLUME_NAME);

RtlInitUnicodeString(&SymController, AFS_SYMBOLIC_CONTROLLER_NAME);
RtlInitUnicodeString(&SymVD, AFS_SYMBOLIC_DISK_NAME);
RtlInitUnicodeString(&SymFS, AFS_SYMBOLIC_VOLUME_NAME);
controllerState = (PCONTROLLER_INSTANCE)DriverObject->DeviceObject->DeviceExtension;
Cont = controllerState->ControllerDevice;
Disk = controllerState->DiskDevice;
FS = controllerState->VolumeDevice;

ASSERT(controllerState);
ASSERT(controllerState->ControllerDevice);
IoDeleteSymbolicLink(&SymController);
IoDeleteSymbolicLink(&SymVD);
IoDeleteSymbolicLink(&SymFS);
ASSERT(Cont);
IoDeleteDevice(Cont);
ASSERT(Disk);
IoDeleteDevice(Disk);
ASSERT(FS);
if (FS)
IoDeleteDevice(FS);

AFSPrint(“AFS:\t OUT:UnloadRoutine\n”);

// PrintDebug(“In:UnloadDriver\n”);
}

Why don’t you post the output from WinDBG in this case (“!analyze -v”). That might be more insightful into why it’s blowing up.

I also didn’t see you call IoRegisterFileSystem (it isn’t in the code you provided), which would be necessary if you wanted mounting. I suspect (but can’t say I’ve done it) that deleting a device object while it’s registered as a file system would cause horrible things to happen (like a BSOD or FFOD).

Finally, if this were a real file system, you’d probably want to unmounts and dismantle your file system device object FIRST - before the volume on which it’s mounted.

Oh, and for what it’s worth, file systems don’t use FILE_DEVICE_SECURE_OPEN (because file systems support naming structure, they want to be called and do the security checks. That’s not causing your BSOD, but it did jump out at me.

Go look at FAT. It creates device objects in three places and none of them use FILE_DEVICE_SECURE_OPEN. Here’s the most common case (the unnamed device object it creates to attach to a volume):

//
// Create a new volume device object. This will have the Vcb
// hanging off of its end, and set its alignment requirement
// from the device we talk to.
//
if (!NT_SUCCESS(Status = IoCreateDevice( FatData.DriverObject,
sizeof(VOLUME_DEVICE_OBJECT) - sizeof(DEVICE_OBJECT),
NULL,
FILE_DEVICE_DISK_FILE_SYSTEM,
0,
FALSE,
(PDEVICE_OBJECT *)&VolDo))) {

Tony
OSR

I am just trying to create and delete the device to make sure that the device creation and deletion procced as expected. So i have not mounted the volume and neither ihave called IORegisterFileSystem.
Windbg show the crash happening when we delete the File System device only.Other device is working very smoothly.
And thanks for pointing out the mistake in device characteristic.So the crash happen at IoDeleteDevice(FS) withe BugCheck 0xA.I will post Windbg anlysis as soon as possible.