There should a block of error messages just above the panic, starting with a line that says "Eeek! page_mapcount(page) went negative!". Can you post those?

Sure, here it is.

Feb 10 08:00:34 tusdell kernel: Eeek! page_mapcount(page) went negative! (-1)
Feb 10 08:00:34 tusdell kernel:  page pfn = 0
Feb 10 08:00:34 tusdell kernel:  page->flags = 400
Feb 10 08:00:34 tusdell kernel:  page->count = 1
Feb 10 08:00:34 tusdell kernel:  page->mapping = 0000000000000000
Feb 10 08:00:34 tusdell kernel:  vma->vm_ops = generic_file_vm_ops+0x0/0x40
Feb 10 08:00:34 tusdell kernel:  vma->vm_ops->fault = filemap_fault+0x0/0x328
Feb 10 08:00:34 tusdell kernel:  vma->vm_file->f_op->mmap = generic_file_mmap+0x0/0x52

I might add that I have also just had this exact (as best I can see) error and that I notice that I am also running the VirtualBox drivers. My full trace follows

Code: e8 12 ff ff ff 49 8b 84 24 90 00 00 00 48 85 c0 74 19 48 8b 40 20 48 85 c0 74 10 48 8b 70 58 48 c7 c7 39 98 43 81 e8 ec fe ff ff <0f> 0b eb fe 48 8b 77 18 83 e6 01 f7 de 83 c6 04 e8 ac 3b ff ff 
RIP  [<ffffffff810a7c3e>] page_remove_rmap+0x109/0x123
 RSP <ffff8800301d9ca8>
---[ end trace bf704baaf5036adf ]---
Fixing recursive fault but reboot is needed!
mtrr: no MTRR for d0000000,10000000 found
mtrr: type mismatch for d0000000,10000000 old: write-back new: write-combining
Eeek! page_mapcount(page) went negative! (-1)
  page pfn = 161275
  page->flags = 4000000001086c
  page->count = 3
  page->mapping = ffff8801669231d8
  vma->vm_ops = generic_file_vm_ops+0x0/0x40
  vma->vm_ops->fault = filemap_fault+0x0/0x328
  vma->vm_file->f_op->mmap = generic_file_mmap+0x0/0x52
------------[ cut here ]------------
kernel BUG at mm/rmap.c:684!
invalid opcode: 0000 [2] SMP 
CPU 0 
Modules linked in: nls_utf8 fuse ipt_MASQUERADE iptable_nat nf_nat sco bridge stp bnep l2cap bluetooth vboxnetflt vboxdrv coretemp hwmon sunrpc ip6t_REJECT nf_conntrack_ipv6 ip6table_filter ip6_tables ipv6 cpufreq_ondemand acpi_cpufreq freq_table dm_multipath uinput snd_hda_intel snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm ppdev i2c_i801 usb_storage snd_timer floppy dcdbas i2c_core snd_page_alloc snd_hwdep pcspkr snd iTCO_wdt serio_raw parport_pc iTCO_vendor_support e1000e ata_generic parport soundcore pata_acpi joydev [last unloaded: kvm]
Pid: 14676, comm: gdm-simple-gree Tainted: G      D   2.6.27.21-170.2.56.fc10.x86_64 #1 OptiPlex 755                 
RIP: 0010:[<ffffffff810a7c3e>]  [<ffffffff810a7c3e>] page_remove_rmap+0x109/0x123
RSP: 0018:ffff8801638c3ca8  EFLAGS: 00010286
RAX: 000000000000003b RBX: ffffe20004d40998 RCX: 000000000000b0c4
RDX: 0000000000000001 RSI: ffff8801638c3a48 RDI: 0000000000000246
RBP: ffff8801638c3cb8 R08: 00000000ffffffff R09: 000000000000b0c4
R10: ffff8801e38c3b87 R11: 0000000000000010 R12: ffff88012ef55d10
R13: 0000000161275025 R14: 0000000000193324 R15: ffff8801639de018
FS:  0000000000000000(0000) GS:ffffffff81717000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000366e00fc80 CR3: 0000000000201000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process gdm-simple-gree (pid: 14676, threadinfo ffff8801638c2000, task ffff88015bbaae20)
Stack:  ffffe20004d40998 0000003f1dc03000 ffff8801638c3e08 ffffffff8109f1ad
 00ff8801638c3ed8 0000003f1dc38fff 0000003f1dc38fff 0000000000000001
 0000000000000000 ffff8801638c3e20 ffffffffffffffff 0000000000000000
Call Trace:
 [<ffffffff8109f1ad>] unmap_vmas+0x5c2/0x894
 [<ffffffff81090d55>] ? generic_file_aio_write+0x72/0xc3
 [<ffffffff810a361f>] exit_mmap+0x8c/0x105
 [<ffffffff8103f491>] mmput+0x42/0x9f
 [<ffffffff81043138>] exit_mm+0x10b/0x116
 [<ffffffff81044d74>] do_exit+0x24f/0x8a0
 [<ffffffff810c000a>] ? fsnotify_modify+0x62/0x6a
 [<ffffffff810c7883>] ? path_put+0x1d/0x21
 [<ffffffff81045447>] do_group_exit+0x82/0xaf
 [<ffffffff81045486>] sys_exit_group+0x12/0x16
 [<ffffffff8101027a>] system_call_fastpath+0x16/0x1b


Code: e8 12 ff ff ff 49 8b 84 24 90 00 00 00 48 85 c0 74 19 48 8b 40 20 48 85 c0 74 10 48 8b 70 58 48 c7 c7 39 98 43 81 e8 ec fe ff ff <0f> 0b eb fe 48 8b 77 18 83 e6 01 f7 de 83 c6 04 e8 ac 3b ff ff 
RIP  [<ffffffff810a7c3e>] page_remove_rmap+0x109/0x123
 RSP <ffff8801638c3ca8>

This message is a reminder that Fedora 10 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 10.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '10'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 10's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 10 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

It stopped to behave like that out of the blue as it started. I close that bug now since this kernel isn't current since a long time.