move_vma() calls do_munmap() and then uses the memory at *new_vma.

But when starting X11 it just happens that the memory which do_munmap
unmapped had the same start address and the range at *new_vma.  So new_vma
is freed by do_munmap().

This was never noticed before because (vm_flags & VM_LOCKED) evaluates
false when vm_flags is 0x5a5a5a5a.  But I just changed that to 0x6b6b6b6b
and boom - we call make_pages_present() with start == end == 0x6b6b6b6b and
it goes BUG.

So I think the right fix here is for move_vma() to not inspect the values
of any vma's after it has called do_munmap().

The patch does that, for `new_vma'.

The local variable `vma' is also being used after the call do do_munmap(),
and this may also be a bug.  Proving that this is not so, and adding a
comment to explain why is hereby added to Hugh's todo list ;)