Index: sys/kern/kern_event.c
===================================================================
--- sys/kern/kern_event.c
+++ sys/kern/kern_event.c
@@ -228,12 +228,12 @@
 	mtx_assert(&(kq)->kq_lock, MA_NOTOWNED);			\
 } while (0)
 #define KN_LIST_LOCK(kn) do {						\
-	if (kn->kn_knlist != NULL)					\
-		kn->kn_knlist->kl_lock(kn->kn_knlist->kl_lockarg);	\
+	if ((kn)->kn_knlist != NULL)					\
+		(kn)->kn_knlist->kl_lock((kn)->kn_knlist->kl_lockarg);	\
 } while (0)
 #define KN_LIST_UNLOCK(kn) do {						\
-	if (kn->kn_knlist != NULL) 					\
-		kn->kn_knlist->kl_unlock(kn->kn_knlist->kl_lockarg);	\
+	if ((kn)->kn_knlist != NULL) 					\
+		(kn)->kn_knlist->kl_unlock((kn)->kn_knlist->kl_lockarg);\
 } while (0)
 #define	KNL_ASSERT_LOCK(knl, islocked) do {				\
 	if (islocked)							\
@@ -1132,7 +1132,8 @@
  * hold any mutexes.
  */
 static int
-kqueue_register(struct kqueue *kq, struct kevent *kev, struct thread *td, int waitok)
+kqueue_register(struct kqueue *kq, struct kevent *kev, struct thread *td,
+    int waitok)
 {
 	struct filterops *fops;
 	struct file *fp;
@@ -1341,11 +1342,12 @@
 	}
 
 	/*
-	 * We can get here with kn->kn_knlist == NULL.  This can happen when
-	 * the initial attach event decides that the event is "completed" 
-	 * already.  i.e. filt_procattach is called on a zombie process.  It
-	 * will call filt_proc which will remove it from the list, and NULL
-	 * kn_knlist.
+	 * We can get here with kn->kn_knlist == NULL or the knote
+	 * detached.  This can happen when the initial attach event
+	 * decides that the event is "completed" already,
+	 * i.e. filt_procattach is called on a zombie process.  It
+	 * will call filt_proc which will not add it to the list, and
+	 * leave NULL kn_knlist.
 	 */
 done_ev_add:
 	if ((kev->flags & EV_ENABLE) != 0)
@@ -2062,7 +2064,8 @@
 }
 
 static void
-knlist_remove_kq(struct knlist *knl, struct knote *kn, int knlislocked, int kqislocked)
+knlist_remove_kq(struct knlist *knl, struct knote *kn, int knlislocked,
+    int kqislocked)
 {
 	KASSERT(!(!!kqislocked && !knlislocked), ("kq locked w/o knl locked"));
 	KNL_ASSERT_LOCK(knl, knlislocked);
@@ -2073,7 +2076,6 @@
 	if (!knlislocked)
 		knl->kl_lock(knl->kl_lockarg);
 	SLIST_REMOVE(&knl->kl_list, kn, knote, kn_selnext);
-	kn->kn_knlist = NULL;
 	if (!knlislocked)
 		knl->kl_unlock(knl->kl_lockarg);
 	if (!kqislocked)
@@ -2233,7 +2235,6 @@
 		printf("WARNING: destroying knlist w/ knotes on it!\n");
 #endif
 
-	knl->kl_lockarg = knl->kl_lock = knl->kl_unlock = NULL;
 	SLIST_INIT(&knl->kl_list);
 }