IRQL_NOT_LESS_OR_EQUAL when using IoAttachDeviceToDeviceStack

Hi,

My FSFD is based on SFilter from Win2k IFS kit.
And I got the blue screen with IRQL_NOT_LESS_OR_EQUAL (0x0101B1C4, 2, 0, 0x8042CA04)
when my driver starts.
It seems that blue screen occurs when my driver calls IoAttachDeviceToDeviceStack() on
FileSystem Notification routine. Cuz I can’t see the blue screen when I disabled the blue line
on my code.

pasting my fsnotification and driverentry routines.

please help me to wake up my driver.

VOID FsNotification(IN PDEVICE_OBJECT DeviceObject, IN BOOLEAN FsActive)
{
NTSTATUS status;
PDEVICE_OBJECT deviceObject, AttachedDeviceObject;
PDEVICE_OBJECT nextAttachedDevice;
PDEVICE_OBJECT fsDevice;

if(DeviceObject->DeviceType != FILE_DEVICE_DISK_FILE_SYSTEM)
{
return;
}

if(FsActive)
{
PDEVICE_EXTENSION deviceExtension;

ExAcquireResourceExclusiveLite(&FsLock, TRUE);

status = IoCreateDevice(FsDriverObject, sizeof(DEVICE_EXTENSION), NULL, FILE_DEVICE_DISK_FILE_SYSTEM, 0, FALSE, &deviceObject);

if(NT_SUCCESS(status))
{
deviceExtension = deviceObject->DeviceExtension;
DeviceObject = IoAttachDeviceToDeviceStack(deviceObject, DeviceObject);
deviceExtension->FileSystemDeviceObject = DeviceObject;
deviceExtension->Type = SHERIFF_DEVICE_TYPE;
deviceExtension->Size = sizeof(DEVICE_EXTENSION);
deviceExtension->Attached = TRUE;
deviceExtension->MountedVolume = FALSE;
deviceObject->Flags &= ~DO_DEVICE_INITIALIZING;
}

ExReleaseResourceLite(&FsLock);
}
return;
}

NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
WCHAR deviceLinkBuffer = L"\DosDevices\FsFD";
UNICODE_STRING nameString, deviceLinkUnicodeString;
PDEVICE_OBJECT deviceObject;
PFILE_OBJECT fileObject;
NTSTATUS status;
PFAST_IO_DISPATCH fastIoDispatch;
ULONG i;

RtlInitUnicodeString(&nameString, L"\FileSystem\FsFD");

status = IoCreateDevice(DriverObject, 0, &nameString, FILE_DEVICE_DISK_FILE_SYSTEM, 0, FALSE, &deviceObject);

if(!NT_SUCCESS(status))
{
return status;
}

RtlInitUnicodeString(&deviceLinkUnicodeString, deviceLinkBuffer);
status = IoCreateSymbolicLink(&deviceLinkUnicodeString, &nameString);

SheriffDevice = deviceObject;

for(i = 0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
{
DriverObject->MajorFunction[i] = SheriffPassThrough;
}

DriverObject->MajorFunction[IRP_MJ_CREATE] = CreateClose;
DriverObject->MajorFunction[IRP_MJ_FILE_SYSTEM_CONTROL] = FsControl;

fastIoDispatch = ExAllocatePool(NonPagedPool, sizeof(FAST_IO_DISPATCH));

if(!fastIoDispatch)
{
IoDeleteDevice(deviceObject);

return STATUS_INSUFFICIENT_RESOURCES;
}
// hooking fastio routines

DriverObject->FastIoDispatch = fastIoDispatch;

InitializeListHead(&FsDeviceQueue);
ExInitializeResource(&FsLock);

status = IoRegisterFsRegistrationChange(DriverObject, FsNotification);

if(!NT_SUCCESS(status))
{
IoDeleteDevice(deviceObject);

return status;
}

return STATUS_SUCCESS;
}

Jaehong Ahn