Thanks David There is definitely a problem if you unlink a symlink. I am a bit concerned about the apporach you propose because I don't like the idea of using the object after it has been deleted. Instead I propose to do something like: static int yaffs_DeleteSymLink(yaffs_Object * in) { YFREE(in->variant.symLinkVariant.alias); + in->variant.symLinkVariant = NULL; return yaffs_DoGenericObjectDeletion(in); } then handling a NULL value properly where need be. -- Charles On Wednesday 02 December 2009 12:58:52 Charles Manning wrote: > What do you mean by "no longer mountable"? > > I'll take a look at your analysis to see what's going on. > > -- Charles > > On Wednesday 02 December 2009 11:33:52 Chris David wrote: > > Hello, > > > > I've been trying to figure out why sometimes our NAND device becomes > > corrupt and is no longer mountable. The symptom appears to be that in > > the yaffs_ScanBackwards function, around line 6719 in yaffs_guts.c, > > under the YAFFS_OBJECT_TYPE_SYMLINK case, there is a call: > > yaffs_CloneString(oh->alias), and this is returning an empty string. > > How could this happen? Well, I have a possible explanation and a > > patch. > > > > diff -u build_mipsel/linux-2.6.23-msp2/fs/yaffs2/yaffs_guts.c.orig > > build_mipsel/linux-2.6.23-msp2/fs/yaffs2/yaffs_guts.c --- > > build_mipsel/linux-2.6.23-msp2/fs/yaffs2/yaffs_guts.c.orig 2009-12-01 > > 14:41:27.000000000 -0800 +++ > > build_mipsel/linux-2.6.23-msp2/fs/yaffs2/yaffs_guts.c 2009-12-01 > > 14:42:21.000000000 -0800 @@ -5157,9 +5157,10 @@ > > > > static int yaffs_DeleteSymLink(yaffs_Object * in) > > { > > + int retv; > > + retv = yaffs_DoGenericObjectDeletion(in); > > YFREE(in->variant.symLinkVariant.alias); > > - > > - return yaffs_DoGenericObjectDeletion(in); > > + return retv; > > } > > > > static int yaffs_DeleteHardLink(yaffs_Object * in) > > > > I observed the following by analyzing the code. There could be a call > > stack as follows: > > > > yaffs_DeleteSymLink(yaffs_Object * in) > > yaffs_DoGenericObjectDeletion(in) > > yaffs_ChangeObjectName(in, ... > > yaffs_UpdateObjectHeader(obj, ... > > > > which gets to about line 3806 (still yaffs_guts.c), where there is: > > yaffs_strncpy(oh->alias, > > in->variant.symLinkVariant.alias, > > YAFFS_MAX_ALIAS_LENGTH); > > > > well, in->variant.symLinkVariant.alias is already freed at this point. > > The above patch would fix this. > > > > I am not 100% confident in my findings. Does anyone agree that this > > could be a real bug? I was thinking that if > > in->myDev->deletedDir->variantType is set to something other than > > YAFFS_OBJECT_TYPE_DIRECTORY, perhaps it isn't. > > > > Thanks, > > > > -Chris > > > > > > > > > > > > > > > > > > _______________________________________________ > > yaffs mailing list > > yaffs@lists.aleph1.co.uk > > http://lists.aleph1.co.uk/cgi-bin/mailman/listinfo/yaffs > > _______________________________________________ > yaffs mailing list > yaffs@lists.aleph1.co.uk > http://lists.aleph1.co.uk/cgi-bin/mailman/listinfo/yaffs