Question about IRP for debugging

Is it able to use below information to know who sent the IRP to the device stack of vwifimp?
The reason to ask this question is that vwifimp caused the ndis driver BSod with error code 0xc2. (To free the same pool succeeds twice)

1: kd> !irp fffffa8017a84c60 1
Irp is active with 3 stacks 3 is current (= 0xfffffa8017a84dc0)
No Mdl: No System Buffer: Thread fffffa80066c6b50: Irp stack trace.
Flags = 00000000
ThreadListEntry.Flink = fffffa80066c6f40
ThreadListEntry.Blink = fffffa80066c6f40
IoStatus.Status = 00000000
IoStatus.Information = 00000000
RequestorMode = 00000000
Cancel = 00
CancelIrql = 0
ApcEnvironment = 00
UserIosb = fffff880033e76a0
UserEvent = fffff880033e76b0
Overlay.AsynchronousParameters.UserApcRoutine = 00000000
Overlay.AsynchronousParameters.UserApcContext = 00000000
Overlay.AllocationSize = 00000000 - 00000000
CancelRoutine = 00000000
UserBuffer = 00000000
&Tail.Overlay.DeviceQueueEntry = fffffa8017a84cd8
Tail.Overlay.Thread = fffffa80066c6b50
Tail.Overlay.AuxiliaryBuffer = 00000000
Tail.Overlay.ListEntry.Flink = 00000000
Tail.Overlay.ListEntry.Blink = 00000000
Tail.Overlay.CurrentStackLocation = fffffa8017a84dc0
Tail.Overlay.OriginalFileObject = 00000000
Tail.Apc = 00000000
Tail.CompletionKey = 00000000
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

[1b, 2] 0 0 fffffa800ac70050 00000000 00000000-00000000
\Driver\vwifimp
Args: 00000000 00000000 00000000 00000000

That is an IRP_MJ_PNP/IRP_MN_REMOVE IRP, so it was the PnP Manager that sent
it. Check out the requesting thread, you should be able to see the call
stack:

!thread fffffa80066c6b50

However, that doesn’t much help you in figuring our your crash. The device
is being removed and it’s triggering a double free, the problem isn’t the
remove it’s the double free. If you can reproduce the crash with Driver
Verifier enabled you can dump the alloc/free log with !verifier 80 and try
to spot the double free.

-scott
OSR
@OSRDrivers

wrote in message news:xxxxx@ntdev…

Is it able to use below information to know who sent the IRP to the device
stack of vwifimp?
The reason to ask this question is that vwifimp caused the ndis driver BSod
with error code 0xc2. (To free the same pool succeeds twice)

1: kd> !irp fffffa8017a84c60 1
Irp is active with 3 stacks 3 is current (= 0xfffffa8017a84dc0)
No Mdl: No System Buffer: Thread fffffa80066c6b50: Irp stack trace.
Flags = 00000000
ThreadListEntry.Flink = fffffa80066c6f40
ThreadListEntry.Blink = fffffa80066c6f40
IoStatus.Status = 00000000
IoStatus.Information = 00000000
RequestorMode = 00000000
Cancel = 00
CancelIrql = 0
ApcEnvironment = 00
UserIosb = fffff880033e76a0
UserEvent = fffff880033e76b0
Overlay.AsynchronousParameters.UserApcRoutine = 00000000
Overlay.AsynchronousParameters.UserApcContext = 00000000
Overlay.AllocationSize = 00000000 - 00000000
CancelRoutine = 00000000
UserBuffer = 00000000
&Tail.Overlay.DeviceQueueEntry = fffffa8017a84cd8
Tail.Overlay.Thread = fffffa80066c6b50
Tail.Overlay.AuxiliaryBuffer = 00000000
Tail.Overlay.ListEntry.Flink = 00000000
Tail.Overlay.ListEntry.Blink = 00000000
Tail.Overlay.CurrentStackLocation = fffffa8017a84dc0
Tail.Overlay.OriginalFileObject = 00000000
Tail.Apc = 00000000
Tail.CompletionKey = 00000000
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

[1b, 2] 0 0 fffffa800ac70050 00000000 00000000-00000000
\Driver\vwifimp
Args: 00000000 00000000 00000000 00000000

Hi Scott,

Thank you for the great suggestion,
Which setting of driver verifier should I enable for this issue?
Special pool and Pool tracking? or others?

Below is the pool information that was double freed.

1: kd> !pool fffffa800735e010
Pool page fffffa800735e010 region is Nonpaged pool
*fffffa800735e000 size: 660 previous size: 0 (Free ) *NDoa
Pooltag NDoa : NDIS_TAG_OID_ARRAY, Binary : ndis.sys
fffffa800735e660 size: 200 previous size: 660 (Free) …
fffffa800735e860 size: 30 previous size: 200 (Allocated) MmSi
fffffa800735e890 size: 130 previous size: 30 (Allocated) File (Protected)
fffffa800735e9c0 size: 310 previous size: 130 (Free) Dnod
fffffa800735ecd0 size: 330 previous size: 310 (Allocated) MmCi

Turn on everything but the Low Resource Simulation related options. Also, be
sure to turn Verifier on for both vwifimp.sys and ndis.sys.

-scott
OSR
@OSRDrivers

wrote in message news:xxxxx@ntdev…

Hi Scott,

Thank you for the great suggestion,
Which setting of driver verifier should I enable for this issue?
Special pool and Pool tracking? or others?

I’m not able to repro such error with enabling verifier,
it appears another BSoD error code 0x50.

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa801199e308, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff800033757b7, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000000, (reserved)

Debugging Details:

WRITE_ADDRESS: fffffa801199e308 Nonpaged pool

FAULTING_IP:
nt!RtlFreeAnsiString+1b
fffff800`033757b7 4c891b mov qword ptr [rbx],r11

MM_INTERNAL_CODE: 0

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x50

PROCESS_NAME: System

CURRENT_IRQL: 0

TRAP_FRAME: fffff88003078940 – (.trap 0xfffff88003078940)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa800833d6b0 rbx=0000000000000000 rcx=fffffa80066643a0
rdx=fffff8a0036be480 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800033757b7 rsp=fffff88003078ad0 rbp=0000000000000080
r8=0000000000000000 r9=0000000000000130 r10=fffff80003049000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!RtlFreeAnsiString+0x1b:
fffff800`033757b7 4c891b mov qword ptr [rbx],r11 ds:9878:0000=???
Resetting default scope

LAST_CONTROL_TRANSFER: from fffff8000313cbf0 to fffff800030bebc0

STACK_TEXT:
fffff880030787d8 fffff8000313cbf0 : 0000000000000050 fffffa801199e308 0000000000000001 fffff88003078940 : nt!KeBugCheckEx
fffff880030787e0 fffff800030bccee : 0000000000000001 fffffa801199e308 0000000000000000 fffffa801199e308 : nt! ?? ::FNODOBFM::string'+0x4518f fffff88003078940 fffff800033757b7 : 0000000000000000 0000000000010282 fffff88020207050 0000000000000018 : nt!KiPageFault+0x16e fffff88003078ad0 fffff8800193e761 : fffffa801199e1a0 0000000000000080 0000000000000000 0000000000000000 : nt!RtlFreeAnsiString+0x1b fffff88003078b00 fffff88001987fd4 : 0000000000000001 fffff8800195e110 fffff8800190c500 fffffa801199e1a0 : ndis!ndisDeleteMiniportOnLastDeref+0x271 fffff88003078b40 fffff8800199ddeb : fffff980046c68d0 fffff8800195e101 0000000000000080 fffff8800195e101 : ndis! ?? ::DKGKHJNI::string’+0x1507
fffff88003078b80 fffff8800190c64a : 0000000000000000 0000000000000080 fffff8800195e110 fffff980046c6a28 : ndis!ndisMQueuedFinishClose+0x18b
fffff88003078bd0 fffff8000335b2ea : fffffa800833d660 fffffa8006676b30 fffff88003078c70 fffffa800833d660 : ndis!ndisWorkerThread+0xba
fffff88003078c00 fffff800030af8e6 : fffff880009c0180 fffffa800833d660 fffff880009cafc0 a1a1a1a1a1a1a1a1 : nt!PspSystemThreadStartup+0x5a
fffff88003078c40 0000000000000000 : fffff88003079000 fffff88003073000 fffff880030784b0 0000000000000000 : nt!KiStartSystemThread+0x16

STACK_COMMAND: kb

FOLLOWUP_IP:
ndis!ndisDeleteMiniportOnLastDeref+271
fffff880`0193e761 4889b370010000 mov qword ptr [rbx+170h],rsi

SYMBOL_STACK_INDEX: 4

SYMBOL_NAME: ndis!ndisDeleteMiniportOnLastDeref+271

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: ndis

IMAGE_NAME: ndis.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 5034f6b2

FAILURE_BUCKET_ID: X64_0x50_VRF_ndis!ndisDeleteMiniportOnLastDeref+271

BUCKET_ID: X64_0x50_VRF_ndis!ndisDeleteMiniportOnLastDeref+271

Followup: MachineOwner

1: kd> !verifier 80 fffffa801199e308

Log of recent kernel pool Allocate and Free operations:

There are up to 0x10000 entries in the log.

Parsing 0x0000000000010000 log entries, searching for address 0xfffffa801199e308.

======================================================================
Pool block fffffa801199e000, Size 0000000000001940, Thread fffffa80066fd040
fffff8000355ca4a nt!VfFreePoolNotification+0x4a
fffff800031f1a6f nt!ExDeferredFreePool+0x107b
fffff800030c7e5c nt!ObfDereferenceObject+0xdc
fffff800031c10fb nt!PnpRemoveLockedDeviceNode+0x23b
fffff800034aaef4 nt!PnpDeleteLockedDeviceNode+0x44
fffff800034ab000 nt!PnpDeleteLockedDeviceNodes+0xa0
fffff800034ab0f9 nt!PnpDelayedRemoveWorker+0x79
fffff800034ab271 nt!PnpChainDereferenceComplete+0x131
fffff800031c129a nt!PnpIsChainDereferenced+0xda
fffff8000353c2a0 nt!PnpProcessQueryRemoveAndEject+0xff0
fffff8000353c53c nt!PnpProcessTargetDeviceEvent+0x4c
fffff8000342573e nt! ?? ::NNGAKEGL::`string’+0x54d9b

Finished parsing all pool tracking information.

1: kd> !thread fffffa80066fd040
THREAD fffffa80066fd040 Cid 0004.0064 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (UserRequest) KernelMode Non-Alertable
fffff88003507fe0 SynchronizationEvent
IRP List:
fffff9800dfbae50: (0006,01a8) Flags: 40000000 Mdl: 00000000
Not impersonating
DeviceMap fffff8a000007d90
Owning Process fffffa8006676b30 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 7164 Ticks: 0
Context Switch Count 1583
UserTime 00:00:00.000
KernelTime 00:00:00.358
Win32 Start Address nt!ExpWorkerThread (0xfffff800030c8150)
Stack Init fffff88003508c70 Current fffff88003507c10
Base fffff88003509000 Limit fffff88003503000 Call 0
Priority 13 BasePriority 12 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
fffff88003507c50 fffff800030b45f2 : fffffa80066fd040 fffffa80066fd040 0000000000000000 fffffa800000000c : nt!KiSwapContext+0x7a
fffff88003507d90 fffff800030c599f : fffff8a0033a3000 fffff8a006853000 fffff8a000000000 fffff880009c0180 : nt!KiCommitThreadWait+0x1d2
fffff88003507e20 fffff88001a85957 : 0000000000000000 fffff80000000006 0000000000000000 0000000000000000 : nt!KeWaitForSingleObject+0x19f
fffff88003507ec0 fffff88001a85a4c : 0000000000000000 fffff880035080a0 0000000000000040 fffff800031f205a : tcpip!FlpNdisRequestUnderReference+0xc7
fffff88003508030 fffff88001a52b43 : fffffa800f73d0a0 00000000fc01020a fffffa8011b4b6e0 0000000000000000 : tcpip!FlQueryInterface+0x8c
fffff88003508080 fffff88001a5347d : fffffa8011b4b010 0000000000000000 fffff88001b6d668 fffff88001b68800 : tcpip!IppQueryInterfaceProperty+0x73
fffff880035080d0 fffff88001a023fd : fffffa8000000040 fffffa8011b4b010 fffff88001b68800 fffffa8011b4b6e0 : tcpip!IppAddInterfaceStats+0x7d
fffff88003508150 fffff88001a027e2 : fffffa8011b4b010 0000000000000017 fffffa8011b141a0 fffff980046228d0 : tcpip!IpFlcDeleteInterface+0x7d
fffff880035081c0 fffff880019a2375 : fffff980046228d0 fffffa8011b141a0 fffff88003508448 fffffa8011b141a0 : tcpip!FlUnbindAdapter+0x102
fffff88003508290 fffff880019b3adf : fffffa8011b141a0 fffffa8011b14100 fffffa80119a2c60 0000000000000000 : ndis!ndisUnbindProtocol+0x205
fffff880035083a0 fffff880019b4c5b : fffffa8011b14101 0000000000000001 fffff88003508430 0000000000000001 : ndis!ndisCloseMiniportBindings+0x2df
fffff880035084b0 fffff8800194dbc2 : fffffa8011b141a0 fffffa8011b141a0 fffff9800dfbae50 fffffa8011b141a0 : ndis!ndisPnPRemoveDevice+0x25b
fffff88003508650 fffff880019b7dc1 : 0000000000000000 fffff9800dfbae50 0000000000000000 fffffa8011b141a0 : ndis!ndisPnPRemoveDeviceEx+0xa2
fffff88003508690 fffff80003567d26 : fffff9800dfbae50 fffff9800dfbae50 0000000000000002 0000000000000000 : ndis!ndisPnPDispatch+0x862
fffff88003508730 fffff8000332b121 : fffffa8011b14050 fffff88003508848 00000000c00000bb fffffa80115649a0 : nt!IovCallDriver+0x566
fffff88003508790 fffff800034ab3a1 : fffffa80119fdbc0 0000000000000000 fffffa80119fd430 0000000000000000 : nt!IopSynchronousCall+0xe1
fffff88003508800 fffff800034a5d78 : 0000000000000000 fffffa80119fdbc0 000000000000030a 0000000000000308 : nt!IopRemoveDevice+0x101
fffff880035088c0 fffff800034aaee7 : fffffa80119fd430 0000000000000000 0000000000000003 00000000000007ff : nt!PnpSurpriseRemoveLockedDeviceNode+0x128
fffff88003508900 fffff800034ab000 : 0000000000000000 fffff8a015e62300 fffff8a0030a64b0 fffff88003508a58 : nt!PnpDeleteLockedDeviceNode+0x37
fffff88003508930 fffff8000353b97f : 0000000000000002 0000000000000000 fffffa80119fd430 0000000000000000 : nt!PnpDeleteLockedDeviceNodes+0xa0
fffff880035089a0 fffff8000353c53c : fffff88003508b78 fffffa8011d03800 fffffa80066fd000 fffffa8000000000 : nt!PnpProcessQueryRemoveAndEject+0x6cf
fffff88003508ae0 fffff8000342573e : 0000000000000000 fffffa8011d03820 fffff8a015e62360 0000000000000000 : nt!PnpProcessTargetDeviceEvent+0x4c
fffff88003508b10 fffff800030c8261 : fffff80003329f88 fffff8a015e62360 fffff800032642d8 fffffa80066fd040 : nt! ?? ::NNGAKEGL::string'+0x54d9b fffff88003508b70 fffff8000335b2ea : 0000000000000000 fffffa80066fd040 0000000000000080 fffffa8006676b30 : nt!ExpWorkerThread+0x111 fffff88003508c00 fffff800030af8e6 : fffff880031b4180 fffffa80066fd040 fffff880031befc0 0000000000000000 : nt!PspSystemThreadStartup+0x5a fffff88003508c40 0000000000000000 : fffff88003509000 fffff88003503000 fffff88003507f00 00000000`00000000 : nt!KiStartSystemThread+0x16

1: kd> !irp fffff9800dfbae50
Irp is active with 3 stacks 3 is current (= 0xfffff9800dfbafb0)
No Mdl: No System Buffer: Thread fffffa80066fd040: Irp stack trace.
cmd flg cl Device File Completion-Context
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000
[0, 0] 0 0 00000000 00000000 00000000-00000000

Args: 00000000 00000000 00000000 00000000

[1b,17] 0 0 fffffa8011b14050 00000000 00000000-00000000
\Driver\vwifimp
Args: 00000000 00000000 00000000 00000000

About the double free BSoD without enabling verifier,
I have some further update. I found the first thread freed the NDoa pool, and then the second thread free the NDoa pool again, but I don’t know who creates these threads that caused the BSoD. Is there any suggestion to discover which Ndis miniport driver triggers these threads?

1: kd> !stacks 2 ndis!
Proc.Thread .Thread Ticks ThreadState Blocker
[fffffa800664e9e0 System]
4.00001c fffffa800672c710 ffffeaec ??? nt!KxDispatchInterrupt+0x12f
nt!KiDpcInterrupt+0xcc
nt!ExDeferredFreePool+0x309
nt!ExFreePoolWithTag+0x411
ndis!ndisDeleteMiniportOnLastDeref+0x13d
ndis! ?? ::DKGKHJNI::string'+0x1507 ndis!ndisNsiQueuedMiniportRodChangeNotification+0xd2 nt!ExpWorkerThread+0x111 nt!PspSystemThreadStartup+0x5a nt!KiStartSystemThread+0x16 4.000054 fffffa80066c6b50 ffffeaec ???? nt!KeBugCheckEx nt!ExDeferredFreePool+0x1201 ndis!ndisDeleteMiniportOnLastDeref+0x13d ndis! ?? ::DKGKHJNI::string’+0x1507
ndis!ndisPnPDispatch+0x616
nt!IopSynchronousCall+0xe1
nt!IopRemoveDevice+0x101
nt!PnpRemoveLockedDeviceNode+0x1a3
nt!PnpDeleteLockedDeviceNode+0x44
nt!PnpDeleteLockedDeviceNodes+0xa0
nt!PnpDelayedRemoveWorker+0x79
nt!PnpChainDereferenceComplete+0x131
nt!PnpIsChainDereferenced+0xda
nt!PnpProcessQueryRemoveAndEject+0xff0
nt!PnpProcessTargetDeviceEvent+0x4c
nt! ?? ::NNGAKEGL::`string’+0x54d9b
nt!ExpWorkerThread+0x111
nt!PspSystemThreadStartup+0x5a
nt!KiStartSystemThread+0x16
*** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
4.0000f0 fffffa8007215040 ffffff6c Blocked nt!KiSwapContext+0x7a
nt!KiCommitThreadWait+0x1d2
nt!KeWaitForSingleObject+0x19f
ndis!ndisThreadPoolTimerHandler+0x21
nt!PspSystemThreadStartup+0x5a
nt!KiStartSystemThread+0x16
4.0000f4 fffffa8007215b50 ffffeaec Blocked nt!KiSwapContext+0x7a
nt!KiCommitThreadWait+0x1d2
nt!KeRemoveQueueEx+0x323
nt!KeRemoveQueue+0x21
ndis!ndisWorkerThread+0x28
nt!PspSystemThreadStartup+0x5a
nt!KiStartSystemThread+0x16
4.0000f8 fffffa800721a5f0 fffff064 Blocked nt!KiSwapContext+0x7a
nt!KiCommitThreadWait+0x1d2
nt!KeWaitForSingleObject+0x19f
ndis!ndisCmWaitThread+0x6e
nt!PspSystemThreadStartup+0x5a
nt!KiStartSystemThread+0x16

1: kd> !thread fffffa800672c710
THREAD fffffa800672c710 Cid 0004.001c Teb: 0000000000000000 Win32Thread: 0000000000000000 ???
Not impersonating
DeviceMap fffff8a000008aa0
Owning Process fffffa800664e9e0 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 5396 Ticks: 0
Context Switch Count 3366
UserTime 00:00:00.000
KernelTime 00:00:00.031
Win32 Start Address nt!ExpWorkerThread (0xfffff8000308b150)
Stack Init fffff88003385c70 Current fffff88003385630
Base fffff88003386000 Limit fffff88003380000 Call 0
Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
fffff88003385670 fffff800030cca1c : fffffa8000000018 0000000000160032 fffffa8006718010 0000000000000001 : nt!KxDispatchInterrupt+0x12f
fffff880033857b0 fffff800031b6bc5 : fffff88003385ac0 fffff880018ce110 fffff88003385ab0 fffff8800196dab2 : nt!KiDpcInterrupt+0xcc (TrapFrame @ fffff880033857b0) fffff88003385940 fffff800031b54f1 : fffffa801700bc40 fffffa800735e000 0000000000000000 00000000000007ff : nt!ExDeferredFreePool+0x309 fffff880033859d0 fffff880018ae62d : 0000000000000000 fffffa80150dec00 fffff880616f444e 0000000000000000 : nt!ExFreePoolWithTag+0x411 fffff88003385a80 fffff880018f7fd4 : 0000000000000001 fffff880018ce110 0000000000000001 fffffa8007298d58 : ndis!ndisDeleteMiniportOnLastDeref+0x13d fffff88003385ac0 fffff88001879f22 : fffffa8007298870 fffffa800ac701a0 fffffa80150dec00 fffffa8007298870 : ndis! ?? ::DKGKHJNI::string’+0x1507
fffff88003385b00 fffff8000308b261 : fffff88001909010 fffff80003227280 fffffa800672c710 5d6e813f55652e00 : ndis!ndisNsiQueuedMiniportRodChangeNotification+0xd2
fffff88003385b70 fffff8000331e2ea : 0000000000000000 fffffa800672c710 0000000000000080 fffffa800664e9e0 : nt!ExpWorkerThread+0x111
fffff88003385c00 fffff800030728e6 : fffff880031b4180 fffffa800672c710 fffff880031befc0 0000000000000000 : nt!PspSystemThreadStartup+0x5a
fffff88003385c40 0000000000000000 : fffff88003386000 fffff88003380000 fffff880033858a0 0000000000000000 : nt!KiStartSystemThread+0x16

1: kd> !pool fffffa80`0735e000
Pool page fffffa800735e000 region is Nonpaged pool
*fffffa800735e000 size: 660 previous size: 0 (Free ) *NDoa
Pooltag NDoa : NDIS_TAG_OID_ARRAY, Binary : ndis.sys
fffffa800735e660 size: 200 previous size: 660 (Free) …
fffffa800735e860 size: 30 previous size: 200 (Allocated) MmSi
fffffa800735e890 size: 130 previous size: 30 (Allocated) File (Protected)
fffffa800735e9c0 size: 310 previous size: 130 (Free) Dnod
fffffa800735ecd0 size: 330 previous size: 310 (Allocated) MmCi