May be  problem in nandemul2k.c : nand_read_oob, its debug info:

  nand_read_oob: from = 0x00000000, buf = 0x00000000, len = -145564792

And:

 1. MTD info after insmod nandemul2k:
mtdblock: read on "NANDemul partition 1" at 0x34c00, size 0x200
mtdblock: read on "NANDemul partition 1" at 0x34e00, size 0x200
mtdblock: read on "NANDemul partition 1" at 0x35000, size 0x200


 2.yaffs  debug info:

new trace = 0xFFFFFFFF
+allocate
+always
+bad_blocks
+buffers
+bug
+checkpt
+deletion
+erase
+error
+gc_detail
+gc
+mtd
+nandaccess
+os
+scan_debug
+scan
+tracing
+verify
+verify_nand
+verify_full
+verify_all
+write
+all
+none
mtdblock_open
ok
yaffs: dev is 32505856 name is "mtdblock0"
yaffs: passed flags ""
yaffs_read_super: Using yaffs1
yaffs_read_super: block size 4096
yaffs: Attempting MTD mount on 31.0, "mtdblock0"
 erase f88c1c47
 read f88c1fb8
 write f88c1aa6
 readoob f88c1f2a
 writeoob f88c1b34
 block_isbad f88c1d90
 block_markbad f88c1dc7
 writesize 2048
 oobsize 64
 erasesize 131072
 size 4194304
yaffs: auto selecting yaffs2
yaffs locking
yaffs: yaffs_GutsInitialise()
yaffs_ScanBackwards starts  intstartblk 1 intendblk 32...
nandmtd2_QueryNANDBlock 0
nandmtd2_ReadChunkWithTagsFromNAND chunk 0 data 00000000 tags f752dbe8
  nand_read_oob: from = 0x00000000, buf = 0x00000000, len = -145564792
BUG: unable to handle kernel paging request at virtual address 00400000
printing eip: f88cb34c *pde = 00000000
Oops: 0002 [#1] SMP
Modules linked in: nandemul2k yaffs2 mtdblock mtd_blkdevs nand nand_ids
nand_ecc mtd

Pid: 5702, comm: mount Not tainted (2.6.24.3 #1)
EIP: 0060:[<f88cb34c>] EFLAGS: 00010246 CPU: 0
EIP is at nand_read_oob+0x33/0x8b [nandemul2k]
EAX: 00400000 EBX: f88ccc04 ECX: c05a865b EDX: 00000000
ESI: 00000000 EDI: 00000000 EBP: f752db88 ESP: f752db24
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process mount (pid: 5702, ti=f752c000 task=f2d8a540 task.ti=f752c000)
Stack: f88cb43b 00000000 00000000 f752db88 f88ccc04 00000000 00000000
f7d6e900
       f88c1f8d f752db88 00400000 00000000 f2de4000 f7d6e900 00000000
00000000
       f88f3492 f752db88 00000000 00000000 f752dbe8 00000000 00000000
00000000
Call Trace:
 [<f88c1f8d>] part_read_oob+0x63/0x8e [mtd]
 [<f88f3492>] nandmtd2_ReadChunkWithTagsFromNAND+0x103/0x192 [yaffs2]
 [<c014cc84>] __alloc_pages+0x66/0x2e2
 [<f88f35a1>] nandmtd2_QueryNANDBlock+0x80/0xdd [yaffs2]
 [<c0162cf8>] __slab_alloc+0x236/0x424
 [<f88fcc41>] yaffs_GutsInitialise+0x612/0x12e1 [yaffs2]
 [<f88f3521>] nandmtd2_QueryNANDBlock+0x0/0xdd [yaffs2]
 [<f88ff445>] yaffs_QueryInitialBlockState+0x29/0x2d [yaffs2]
 [<f88fcd85>] yaffs_GutsInitialise+0x756/0x12e1 [yaffs2]
 [<c0125321>] release_console_sem+0x17c/0x195
 [<c014cc84>] __alloc_pages+0x66/0x2e2
 [<c0125734>] printk+0x1b/0x1f
 [<f88f596d>] yaffs_internal_read_super+0x607/0x6d8 [yaffs2]
 [<c01da05d>] snprintf+0x1f/0x22
 [<f88f5a70>] yaffs_internal_read_super_mtd+0x14/0x1e [yaffs2]
 [<c0167fe6>] get_sb_bdev+0xd1/0x10f
 [<f88f401a>] yaffs_read_super+0x20/0x25 [yaffs2]
 [<f88f5a5c>] yaffs_internal_read_super_mtd+0x0/0x1e [yaffs2]
 [<c0167b0f>] vfs_kern_mount+0x40/0x79
 [<c0167b91>] do_kern_mount+0x35/0xbb
 [<c017885e>] do_mount+0x5cd/0x614
 [<c014cc84>] __alloc_pages+0x66/0x2e2
 [<c016dded>] link_path_walk+0xa9/0xb3
 [<c0159b84>] anon_vma_prepare+0x11/0xaa
 [<c0155092>] handle_mm_fault+0x205/0x53b
 [<c014cc84>] __alloc_pages+0x66/0x2e2
 [<c0177483>] copy_mount_options+0x26/0x10d
 [<c01dabf8>] strncpy_from_user+0x29/0x42
 [<c0178d7a>] sys_mount+0x77/0xb3
 [<c0104e5a>] sysenter_past_esp+0x5f/0x85
 =======================
Code: 89 c3 83 ec 10 8b 6c 24 24 8b 44 24 2c 89 54 24 04 c7 04 24 3b b4 8c
f8 89 6c 24 0c 89 44 24 08 e8 d3 a3 85 c7 31 d2 8b 44 24 28 <c7> 00 00 00 00
00 89 e8 8b 4b 08 01 f0 11 fa 83 fa 00 7c 17 7f
EIP: [<f88cb34c>] nand_read_oob+0x33/0x8b [nandemul2k] SS:ESP 0068:f752db24
---[ end trace eecbd76b9ebfba41 ]---