Hi, I see a random crash due to kernel panic in yaffs_rename(). Following is the crash dump. <1>[ 31 NULL pointer dereference at virtual address 0000005c <1>[ 31.471994] pgd = e9294000 <1>[ 31.472004] [0000005c] *pgd=29761831, *pte=00000000, *ppte=00000000 <0>[ 31.472029] Internal error: Oops: 17 1 PREEMPT <4>[ 31.472059] Modules linked in: [last unloaded: librasdioif] <4>[ 31.472098] CPU: 0 Tainted: P (3.0.8-perf-00013-gcec6400 #1) <4>[ 31.472143] PC is at yaffs_rename+0xe0/0x158 <4>[ 31.472169] LR is at yaffs_rename+0xc4/0x158 <4>[ 31.472198] pc : [] lr : [] psr: a0000013 <4>[ 31.472206] sp : e561fe68 ip 31.472249] r10: 00000001 r9 : e561e000 r8 : e9781000 <4>[ 31.472278] r7 : e981a9a8 r6 : ed53c8 ЕЕЕ <0>[ 31.478984] ffe0: 401c5794 5044cbc0 401ac9ad 400f6c7c 60000010 002ceca8 00000000 00000000 <4>[ 31.479056] [] (yaffs_rename+0xe0/0x158) from [] (vfs_rename+0x298/0x414) <4>[ 31.479116] [] (vfs_rename+0x298/0x414) from [] (sys_renameat+0x168/0x1e0) <4>[ 31.479174] [] (sys_renameat+0x168/0x1e0) from [] (ret_fast_syscall+0x0/0x30) <0>[ 31.479233] Code: e3570000 0a000006 e5963020 e3a01007 (e593205c) <4>[ [] (panic+0x60/0x178)ort+0x34/0x94) from []1.486076] Exception stack(0xe5616174] fe40: e9781000 e561e000 00< Comparing it with objdump output the crash point refers to new_dentry->d_inode being NULL. When passed to inode_dec_link_count() it tries to dereference and crash. if (ret_val == YAFFS_OK) { if (target) inode_dec_link_count(new_dentry->d_inode); Can the "target = yaffs_find_by_name()" return NON-NULL even if new_dentry->d_inode is NULL? Could there be any race condition while deleting a directory and renaming the same, concurrently in different contexts? The issue is very rare to reproduce and seen only twice in normal user power on-off scenarios. So can't really test much to see if there are any race conditions. -- Regards, Sujit Reddy Thumma Sent by a consultant of the Qualcomm Innovation Center, Inc. The Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum.