As of the latest round of "apt-get update, apt-get upgrade", about 9 out of 10 boots of either of the Pis crashes with "Kernel panic - not syncing: Attempted to kill the idle task!" as in this screen:
If you keep unplugging the Pi and plugging it back in, occasionally (about 1 in 10 times) the splash screen will come up and it'll boot normally.
The only "cause" I can think of is that we're using read-only booting (they're for displays that get turned off at the wall, so we use an overlay to protect the filesystem) as per this thread: viewtopic.php?t=161416
I did of course generate a new initrd7.img when the kernel updated.
Just wondering if something has changed that makes this method unstable...