Thanks for your quickly responds.<br><br>One concern is that why sc buffer(0xd6f01780) is still in search context doubly linked list after freed. In another word, who modified the prev pointer of  &quot;sc other(0xd6f0178c)&quot; and the next pointer of &quot;sc other(0xdc1e40c8)&quot; after sc buffer(0xd6f01780) is freed. <br>
<br>Thanks a lot.<br><br><div class="gmail_quote">On Thu, Jul 1, 2010 at 10:34 AM, Charles Manning <span dir="ltr">&lt;<a href="mailto:manningc2@actrix.gen.nz" target="_blank">manningc2@actrix.gen.nz</a>&gt;</span> wrote:<br>


<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">On Wednesday 30 June 2010 18:49:57 YingChao LI wrote:<br>
[snip]<br>
<div>&gt; Panic occurs when call yaffs_RemoveObjectCallback at line:<br>
&gt; if(sc-&gt;nextReturn == obj), because referred the buffer has been freed by<br>
&gt; yaffs_readdir. Seems sc buffer(*0xd6f01780*) has been freed, but still in<br>
&gt; search context doubly linked list(the next pointer of &quot;sc**<br>
&gt; other(*0xdc1e40c8)*&quot; is*  0xd6f0178c*, the prev pointer of &quot;*0xd6f0178c*&quot;<br>
&gt; is *0xdc1e40c8*). Is it possible that the search context lock mechanism has<br>
&gt; some issue or other reason?<br>
&gt;<br>
&gt; I only met this panic once, and can NOT reproduce it. Any suggestion about<br>
&gt; this? Thanks a lot.<br>
<br>
</div>Thanks for pointing that out.<br>
<br>
This will be hard to reproduce.<br>
<br>
There was indeed  a problem in the locking of the search context. This has<br>
been fixed.<br>
<a href="http://yaffs.net/gitweb?p=yaffs2/.git;a=commit;h=c1399b62aaa71a3da498b5fa67adb25e59181ab0" target="_blank">http://yaffs.net/gitweb?p=yaffs2/.git;a=commit;h=c1399b62aaa71a3da498b5fa67adb25e59181ab0</a><br>
<br>
<br>
<br>
</blockquote></div><br>