It is typical buffer overrun: The sizeof(PDEVICE_EXTENSION) gives you the size of pointer.
status = IoCreateDevice(DriverObject,
sizeof(PDEVICE_EXTENSION),
&ntDeviceName,…)
Note that you shouldn’t access device extension after IoDeleteDevice():
You are accessing released memory, which might be okready owned by some other driver
IoDeleteSymbolicLink(&symbolicLinkName);
IoDeleteDevice(ControlDeviceObject);
ControlDeviceObject->DeviceExtension = NULL; ///!!!
ControlDeviceObject= NULL;
Before you delete control device you should cancel all IRPs which are in cancel queue.
Not speaking about detaching devices from device stacks.
Hope that helps.
Bronislav Gabrhelik
> Not speaking about detaching devices from device stacks.
I was little bit unclear. By that I ment that it is impossible safely detach FSF legacy driver from FSD stack. Simply FSFD shouldn’t unload. I do it personally just during development, so I don’t have to restart the machine, but I cannot recommend to do that in production release on production machine.
Bronislav Gabrhelik
Yeap, I’ve got it about detaching FSF driver, I even have written that need unload for development and test only too.
Thank you, your advice about
status = IoCreateDevice(DriverObject, sizeof(PDEVICE_EXTENSION), &ntDeviceName,…)
^^^
was very helpful.
This is very stupid error but it’s very hard for me to find out it after dozens times of looking there 
I just dont know why it works fine before unload 0_o.
That’s reason why I don’t use to define typedefs for pointers pointing to PODs and classes.
Regards.
Bronislav Gabrhelik