FltLockUserBuffer and PROCESS_HAS_LOCKED_PAGES

I’ve been getting a PROCESS_HAS_LOCKED_PAGES crash when restarting the system. I’ve narrowed the problem down to when I pend IRP_MJ_DIRECTORY_CONTROL. The !analyze -v output of PROCESS_HAS_LOCKED_PAGES isn’t all that helpful so I’m not sure what memory is still locked and find the code path it took. The only call I make to lock a buffer is FltLockUserBuffer and the documentation says that “When the callback data structure is freed, the locked buffer is automatically unlocked, and the MDL is freed.” In my pending worker function, I can return NO_CALLBACK, WITH_CALLBACK or COMPLETE so I’m curious if there is something I need to do manually to unlock the buffer depending on how I completed the pended operation?

It appears that this is a simple case of not setting Data->IoStatus.Status properly in the pending worker function.

Once I set the value, I don’t get any more crashes. I’m hoping it’s was that simple anyway.