On Wednesday 30 June 2010 18:49:57 YingChao LI wrote:
[snip]
> Panic occurs when call yaffs_RemoveObjectCallback at line:
> if(sc->nextReturn == obj), because referred the buffer has been freed by
> yaffs_readdir. Seems sc buffer(*0xd6f01780*) has been freed, but still in
> search context doubly linked list(the next pointer of "sc**
> other(*0xdc1e40c8)*" is*  0xd6f0178c*, the prev pointer of "*0xd6f0178c*"
> is *0xdc1e40c8*). Is it possible that the search context lock mechanism has
> some issue or other reason?
>
> I only met this panic once, and can NOT reproduce it. Any suggestion about
> this? Thanks a lot.

Thanks for pointing that out.

This will be hard to reproduce.

There was indeed  a problem in the locking of the search context. This has 
been fixed.
http://yaffs.net/gitweb?p=yaffs2/.git;a=commit;h=c1399b62aaa71a3da498b5fa67adb25e59181ab0