Race condition when loading drivers concurrently can lead to use after free

With MmSpecialPoolTag = 'omlk', a use after free situation in IopActionInitChildServices is observable.
The function is accessing a ModuleObject that has been freed. This is caused by concurrent calls to this function, with MmLoadSystemImage returning a ModuleObject and another instance freeing it due to a failure condition.