Exit notification for EVFILT_PROC removes knote from the knlist. In

particular, this invalidates the knote kn_link linkage, making the
SLIST_FOREACH() loop accessing undefined values (e.g. trashed by
QUEUE_MACRO_DEBUG).  If the knote is freed by other thread when kq
lock is released or when influx is cleared, e.g. by knote_scan() for
kqueue owning the knote, the iteration step would access freed memory.

Use SLIST_FOREACH_SAFE() to fix iteration.

Diagnosed by:	avg
Tested by:	avg, lstewart, pawel
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks

0 files changed, 0 insertions, 0 deletions