Rik,

the bug which Peter Vendrovec reported appears to have snuck in
with the pte.direct optimisation.

- boot with mem=512m
- service ntpd start
- usemem 800 megs (a few times)
- service ntpd stop  (goes bang)

I've attached the original diff.  A patch -R of this still applies,
and it makes the problem go away.   Have you time to see if you
can debug this problem?

I saw one rather strange looking thing which appears to add
two pte_chains for a single pte.  But this patch:


--- 2.5.29/mm/rmap.c~rmap-fixes	Wed Jul 31 20:59:34 2002
+++ 2.5.29-akpm/mm/rmap.c	Wed Jul 31 20:59:53 2002
@@ -135,16 +135,17 @@ void page_add_rmap(struct page * page, p
 		pte_chain->next = NULL;
 		page->pte.chain = pte_chain;
 		ClearPageDirect(page);
-	}
-	if (page->pte.chain) {
-		/* Hook up the pte_chain to the page. */
-		pte_chain = pte_chain_alloc();
-		pte_chain->ptep = ptep;
-		pte_chain->next = page->pte.chain;
-		page->pte.chain = pte_chain;
 	} else {
-		page->pte.direct = ptep;
-		SetPageDirect(page);
+		if (page->pte.chain) {
+			/* Hook up the pte_chain to the page. */
+			pte_chain = pte_chain_alloc();
+			pte_chain->ptep = ptep;
+			pte_chain->next = page->pte.chain;
+			page->pte.chain = pte_chain;
+		} else {
+			page->pte.direct = ptep;
+			SetPageDirect(page);
+		}
 	}
 	pte_chain_unlock(page);
 }


doesn't help :(