--- a/usr/src/lib/libdtrace/common/dt_options.c	Mon Sep 19 17:30:16 2005 -0700
+++ b/usr/src/lib/libdtrace/common/dt_options.c	Mon Sep 19 22:42:24 2005 -0700
@@ -915,6 +915,7 @@
 	{ "rawbytes", dt_opt_runtime, DTRACEOPT_RAWBYTES },
 	{ "stackindent", dt_opt_runtime, DTRACEOPT_STACKINDENT },
 	{ "switchrate", dt_opt_rate, DTRACEOPT_SWITCHRATE },
+	{ NULL }
 };
 
 int

--- a/usr/src/lib/libdtrace/common/dt_proc.c	Mon Sep 19 17:30:16 2005 -0700
+++ b/usr/src/lib/libdtrace/common/dt_proc.c	Mon Sep 19 22:42:24 2005 -0700
@@ -659,7 +659,7 @@
 static void
 dt_proc_destroy(dtrace_hdl_t *dtp, struct ps_prochandle *P)
 {
-	dt_proc_t *dpr = dt_proc_lookup(dtp, P, B_TRUE);
+	dt_proc_t *dpr = dt_proc_lookup(dtp, P, B_FALSE);
 	dt_proc_hash_t *dph = dtp->dt_procs;
 	dt_proc_t *npr, **npp;
 	int rflag;
@@ -715,10 +715,12 @@
 	}
 
 	/*
-	 * Before we free the process structure, walk the dt_proc_hash_t's
-	 * notification list and remove this dt_proc_t if it is enqueued.
+	 * Before we free the process structure, remove this dt_proc_t from the
+	 * lookup hash, and then walk the dt_proc_hash_t's notification list
+	 * and remove this dt_proc_t if it is enqueued.
 	 */
 	(void) pthread_mutex_lock(&dph->dph_lock);
+	(void) dt_proc_lookup(dtp, P, B_TRUE);
 	npp = &dph->dph_notify;
 
 	for (npr = *npp; npr != NULL; npr = npr->dpr_notify) {

--- a/usr/src/uts/intel/dtrace/fbt.c	Mon Sep 19 17:30:16 2005 -0700
+++ b/usr/src/uts/intel/dtrace/fbt.c	Mon Sep 19 22:42:24 2005 -0700
@@ -206,6 +206,9 @@
 	for (i = 1; i < nsyms; i++) {
 		uint8_t *instr, *limit;
 		Sym *sym = (Sym *)(symhdr->sh_addr + i * symsize);
+#ifdef __amd64
+		int j;
+#endif
 
 		if (ELF_ST_TYPE(sym->st_info) != STT_FUNC)
 			continue;
@@ -355,6 +358,34 @@
 			instr += size;
 			goto again;
 		}
+
+		/*
+		 * Because we are only looking for a one-byte marker here,
+		 * there is an increased likelihood of erroneously interpreting
+		 * a jump table to be an instrumentable instruction.  We
+		 * obviously want to avoid that, so we resort to some heuristic
+		 * sleeze:  we'll treat this instruction as being contained
+		 * within a pointer, and see if that pointer points to within
+		 * the body of the function.  If it does, we refuse to
+		 * instrument it.
+		 */
+		for (j = 0; j < sizeof (uintptr_t); j++) {
+			uintptr_t check = (uintptr_t)instr - j;
+			uint8_t *ptr;
+
+			if (check < sym->st_value)
+				break;
+
+			if (check + sizeof (uintptr_t) > (uintptr_t)limit)
+				continue;
+
+			ptr = *(uint8_t **)check;
+
+			if (ptr >= (uint8_t *)sym->st_value && ptr < limit) {
+				instr += size;
+				goto again;
+			}
+		}
 #else
 		if (!(size == 1 &&
 		    (*instr == FBT_POPL_EBP || *instr == FBT_LEAVE) &&