The file being closed is (fdp->fd_lastfile - i), not i. So compare

(fdp->fd_lastfile - i) against fd_knlistsize. Otherwise we can
call knote_fdclose() on a file descriptor that doesn't have a knote.

This issue explains random panics I have had on process exit over the
past few years.

sys/kern/kern_descrip.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_descrip.c,v 1.131 2005/02/26 21:34:55 perry Exp $	*/
+/*	$NetBSD: kern_descrip.c,v 1.132 2005/05/20 16:13:00 wrstuden Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1991, 1993
@@ -37,7 +37,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.131 2005/02/26 21:34:55 perry Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_descrip.c,v 1.132 2005/05/20 16:13:00 wrstuden Exp $");
 
 #include <sys/param.h>
 #include <sys/systm.h>
@@ -1285,7 +1285,7 @@ fdfree(struct proc *p)
 			*fpp = NULL;
 			simple_lock(&fp->f_slock);
 			FILE_USE(fp);
-			if (i < fdp->fd_knlistsize)
+			if ((fdp->fd_lastfile - i) < fdp->fd_knlistsize)
 				knote_fdclose(p, fdp->fd_lastfile - i);
 			(void) closef(fp, p);
 		}