Andre Renaud wrote:
> It is 100% reproducable, but not in a nice small test case. I have a
> unit here that I can boot, and it will fail 100% of the time on startup
> in the same way.

I've found another way of reproducing the fault, that seems reasonably
regular (although not fool proof). Using "stress"
http://weather.ou.edu/~apw/projects/stress/, with the following options
./stress --hdd 10 --io 10
If I leave the application running for a while (around 1 minute), then
once I Ctrl-C the application, the following fault is produced (very
similar to the previously reported one). The fault is produced probably
about 10 times in rapid succession. The fault also doesn't happen
instantly after the Ctrl-C, it kicks in after about 5 seconds of idle time.

I'm not quite sure why this occurs only after I Ctrl-C the application -
I assume some kind of kernel level garbage collection of file
descriptors (this may explain the 5 seconds of idle time)?

kernel BUG at fs/inode.c:252!
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = c0004000
[00000000] *pgd=00000000
Internal error: Oops: 817 [#1]
Modules linked in:
CPU: 0
PC is at __bug+0x40/0x54
LR is at 0x1
pc : [<c005a61c>]    lr : [<00000001>]    Not tainted
sp : c5677d60  ip : 60000093  fp : c5677d70
r10: 00000002  r9 : c5677fb0  r8 : c5530228
r7 : c03f7780  r6 : c558a2b8  r5 : c5dcc174  r4 : 00000000
r3 : 00000000  r2 : 00000000  r1 : 00001e13  r0 : 00000001
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  Segment user
Control: 397F  Table: A5678000  DAC: 00000015
Process stress (pid: 865, stack limit = 0xc5676194)
Stack: (0xc5677d60 to 0xc5678000)
7d60: c558a2b8 c5677d84 c5677d74 c00c2ac4 c005a5e8 c5e6e000 c5677da0
c5677d88
7d80: c010e114 c00c2a7c c558a2b8 c010e0a4 c558a2b8 c5677db8 c5677da4
c00c3978
7da0: c010e0b0 c558a2b8 c558a2b8 c5677dc8 c5677dbc c00c3b5c c00c38f0
c5677ddc
7dc0: c5677dcc c00c3bfc c00c3b4c c5530228 c5677df4 c5677de0 c00c0af8
c00c3b74
7de0: c5c3d8c0 00000000 c5677e18 c5677df8 c00a8ac8 c00c0920 c5c3d8c0
00000000
7e00: c03eb900 c03eb908 00000001 c5677e28 c5677e1c c00a8980 c00a8990
c5677e44
7e20: c5677e2c c00a70fc c00a894c 00000001 c03eb900 00000003 c5677e68
c5677e48
7e40: c006c178 c00a709c 00000000 c565bd60 c5676000 c5676000 00000001
c5677e90
7e60: c5677e6c c006ce28 c006c0f4 00000002 c5640114 c5676000 c5640104
c5677ee0
7e80: c565bf54 c5677ea4 c5677e94 c006d160 c006ccbc 00000009 c5677ed4
c5677ea8
7ea0: c0076c94 c006d0d8 c5677f60 c5677fb0 c5676000 00000000 c5677f60
c5677ee0
7ec0: c565bf54 c0054e84 c5677f9c c5677ed8 c0058dc4 c00769ec c5677ed8
c5677ed8
7ee0: 00000009 00000000 00000000 00000000 00000000 c558a358 c5c3d8c0
c558a2b8
7f00: c5c3d8c0 00000000 c5677f48 c5677f18 c008ae1c 00000000 00000000
00000002
7f20: 00000002 c558a2b8 c5c3d8c0 000e000d c5676000 00000000 c5677f74
c5677f70
7f40: c5677f4c c00a7bfc c00d0758 c5c3d8e0 fffffff7 c5c3d8c0 c5677f74
00cffff3
7f60: 401ba4b8 c5677fa4 c5677f74 c00a7d08 c00a7ad8 00000000 befd4ca4
00008830
7f80: 00000004 c0054e84 c5676000 401ba4b8 c5677fac c5677fa0 c0058ef8
c0058d6c
7fa0: 00000000 c5677fb0 c0054d4c c0058edc 000e000d beed4c60 000fffff
40000000
7fc0: 00000000 befd4ca4 00008830 4000b99c 00000007 00008b98 401ba4b8
befd4cd4
7fe0: 00016488 beed4c58 0000c104 4015e7b4 20000010 00000003 00000000
00000000
Backtrace:

[<c005a5dc>] (__bug+0x0/0x54) from [<c00c2ac4>] (clear_inode+0x54/0xc8)
 r4 = C558A2B8
[<c00c2a70>] (clear_inode+0x0/0xc8) from [<c010e114>]
(yaffs_delete_inode+0x70/0x84)
 r4 = C5E6E000

[<c010e0a4>] (yaffs_delete_inode+0x0/0x84) from [<c00c3978>]
(generic_delete_inode+0x94/0x108)
 r6 = C558A2B8  r5 = C010E0A4  r4 = C558A2B8

[<c00c38e4>] (generic_delete_inode+0x0/0x108) from [<c00c3b5c>]
(generic_drop_inode+0x1c/0x28)
 r5 = C558A2B8  r4 = C558A2B8

[<c00c3b40>] (generic_drop_inode+0x0/0x28) from [<c00c3bfc>]
(iput+0x94/0xa8)
[<c00c3b68>] (iput+0x0/0xa8) from [<c00c0af8>] (dput+0x1e4/0x214)

 r4 = C5530228
[<c00c0914>] (dput+0x0/0x214) from [<c00a8ac8>] (__fput+0x144/0x180)
 r5 = 00000000  r4 = C5C3D8C0
[<c00a8984>] (__fput+0x0/0x180) from [<c00a8980>] (fput+0x40/0x44)
 r8 = 00000001  r7 = C03EB908  r6 = C03EB900  r5 = 00000000
 r4 = C5C3D8C0
[<c00a8940>] (fput+0x0/0x44) from [<c00a70fc>] (filp_close+0x6c/0x78)
[<c00a7090>] (filp_close+0x0/0x78) from [<c006c178>]
(put_files_struct+0x90/0xd0)
 r6 = 00000003  r5 = C03EB900  r4 = 00000001

[<c006c0e8>] (put_files_struct+0x0/0xd0) from [<c006ce28>]
(do_exit+0x178/0x3cc)
 r8 = 00000001  r7 = C5676000  r6 = C5676000  r5 = C565BD60

 r4 = 00000000
[<c006ccb0>] (do_exit+0x0/0x3cc) from [<c006d160>] (do_group_exit+0x94/0x9c)
[<c006d0cc>] (do_group_exit+0x0/0x9c) from [<c0076c94>]
(get_signal_to_deliver+0x2b4/0x2d4)
 r4 = 00000009

[<c00769e0>] (get_signal_to_deliver+0x0/0x2d4) from [<c0058dc4>]
(do_signal+0x64/0x170)
[<c0058d60>] (do_signal+0x0/0x170) from [<c0058ef8>]
(do_notify_resume+0x28/0x2c)
[<c0058ed0>] (do_notify_resume+0x0/0x2c) from [<c0054d4c>]
(work_pending+0x1c/0x24)
Code: 1b00412c e59f0014 eb00412a e3a03000 (e5833000)

 <1>Fixing recursive fault but reboot is needed!