Index: head/lib/libprocstat/libprocstat.c
===================================================================
--- head/lib/libprocstat/libprocstat.c
+++ head/lib/libprocstat/libprocstat.c
@@ -445,6 +445,15 @@
 	return (sess.s_ttyvp);
 }
 
+static int
+procstat_vm_map_reader(void *token, vm_map_entry_t addr, vm_map_entry_t dest)
+{
+	kvm_t *kd;
+
+	kd = (kvm_t *)token;
+	return (kvm_read_all(kd, (unsigned long)addr, dest, sizeof(*dest)));
+}
+
 static struct filestat_list *
 procstat_getfiles_kvm(struct procstat *procstat, struct kinfo_proc *kp, int mmapped)
 {
@@ -454,7 +463,6 @@
 	struct vm_object object;
 	struct vmspace vmspace;
 	vm_map_entry_t entryp;
-	vm_map_t map;
 	vm_object_t objp;
 	struct vnode *vp;
 	struct file **ofiles;
@@ -615,17 +623,11 @@
 			    (void *)kp->ki_vmspace);
 			goto exit;
 		}
-		map = &vmspace.vm_map;
 
-		for (entryp = vm_map_entry_first(map);
-		    entryp != &kp->ki_vmspace->vm_map.header;
-		    entryp = vm_map_entry_succ(&vmentry)) {
-			if (!kvm_read_all(kd, (unsigned long)entryp, &vmentry,
-			    sizeof(vmentry))) {
-				warnx("can't read vm_map_entry at %p",
-				    (void *)entryp);
-				continue;
-			}
+		vmentry = vmspace.vm_map.header;
+		for (entryp = vm_map_entry_read_succ(kd, &vmentry, procstat_vm_map_reader);
+		    entryp != NULL && entryp != &kp->ki_vmspace->vm_map.header;
+		     entryp = vm_map_entry_read_succ(kd, &vmentry, procstat_vm_map_reader)) {
 			if (vmentry.eflags & MAP_ENTRY_IS_SUB_MAP)
 				continue;
 			if ((objp = vmentry.object.vm_object) == NULL)
@@ -660,6 +662,8 @@
 			if (entry != NULL)
 				STAILQ_INSERT_TAIL(head, entry, next);
 		}
+		if (entryp == NULL)
+			warnx("can't read vm_map_entry");
 	}
 exit:
 	return (head);
Index: head/sys/vm/vm_map.h
===================================================================
--- head/sys/vm/vm_map.h
+++ head/sys/vm/vm_map.h
@@ -402,6 +402,47 @@
 
 #define VM_MAP_WIRE_WRITE	4	/* Validate writable. */
 
+typedef int vm_map_entry_reader(void *token, vm_map_entry_t addr, 
+    vm_map_entry_t dest);
+
+#ifndef _KERNEL
+/*
+ * Find the successor of a map_entry, using a reader to dereference pointers.
+ * '*clone' is a copy of a vm_map entry.  'reader' is used to copy a map entry
+ * at some address into '*clone'.  Change *clone to a copy of the next map
+ * entry, and return the address of that entry, or NULL if copying has failed.
+ *
+ * This function is made available to user-space code that needs to traverse
+ * map entries.
+ */
+static inline vm_map_entry_t
+vm_map_entry_read_succ(void *token, struct vm_map_entry *const clone,
+    vm_map_entry_reader reader)
+{
+	vm_map_entry_t after, backup;
+	vm_offset_t start;
+
+	after = clone->right;
+	start = clone->start;
+	if (!reader(token, after, clone))
+		return (NULL);
+	backup = clone->left;
+	if (!reader(token, backup, clone))
+		return (NULL);
+	if (clone->start > start) {
+		do {
+			after = backup;
+			backup = clone->left;
+			if (!reader(token, backup, clone))
+				return (NULL);
+		} while (clone->start != start);
+	}
+	if (!reader(token, after, clone))
+		return (NULL);
+	return (after);
+}
+#endif				/* ! _KERNEL */
+
 static inline vm_map_entry_t
 vm_map_entry_first(vm_map_t map)
 {