diff --git a/sys/cddl/dev/kinst/amd64/kinst_isa.c b/sys/cddl/dev/kinst/amd64/kinst_isa.c
--- a/sys/cddl/dev/kinst/amd64/kinst_isa.c
+++ b/sys/cddl/dev/kinst/amd64/kinst_isa.c
@@ -17,7 +17,6 @@
 
 #include "kinst.h"
 
-#define KINST_PUSHL_RBP		0x55
 #define KINST_STI		0xfb
 #define KINST_POPF		0x9d
 
@@ -512,7 +511,10 @@
 
 	pd = opaque;
 	func = symval->name;
-	if (strcmp(func, pd->kpd_func) != 0 || strcmp(func, "trap_check") == 0)
+
+	if (kinst_excluded(func))
+		return (0);
+	if (strcmp(func, pd->kpd_func) != 0)
 		return (0);
 
 	instr = (uint8_t *)symval->value;
@@ -520,15 +522,6 @@
 	if (instr >= limit)
 		return (0);
 
-	/*
-	 * Ignore functions not beginning with the usual function prologue.
-	 * These might correspond to exception handlers with which we should not
-	 * meddle.  This does however exclude functions which can be safely
-	 * traced, such as cpu_switch().
-	 */
-	if (*instr != KINST_PUSHL_RBP)
-		return (0);
-
 	n = 0;
 	while (instr < limit) {
 		instrsize = dtrace_instr_size(instr);
diff --git a/sys/cddl/dev/kinst/kinst.h b/sys/cddl/dev/kinst/kinst.h
--- a/sys/cddl/dev/kinst/kinst.h
+++ b/sys/cddl/dev/kinst/kinst.h
@@ -46,6 +46,7 @@
 struct linker_file;
 struct linker_symval;
 
+int	kinst_excluded(const char *);
 int	kinst_invop(uintptr_t, struct trapframe *, uintptr_t);
 int	kinst_make_probe(struct linker_file *, int, struct linker_symval *,
 	    void *);
diff --git a/sys/cddl/dev/kinst/kinst.c b/sys/cddl/dev/kinst/kinst.c
--- a/sys/cddl/dev/kinst/kinst.c
+++ b/sys/cddl/dev/kinst/kinst.c
@@ -65,6 +65,131 @@
 struct kinst_probe_list	*kinst_probetab;
 static struct cdev	*kinst_cdev;
 
+int
+kinst_excluded(const char *name)
+{
+	if (strncmp(name, "dtrace_", strlen("dtrace_")) == 0 &&
+	    strncmp(name, "dtrace_safe_", strlen("dtrace_safe_")) != 0) {
+		/*
+		 * Anything beginning with "dtrace_" may be called
+		 * from probe context unless it explicitly indicates
+		 * that it won't be called from probe context by
+		 * using the prefix "dtrace_safe_".
+		 */
+		return (1);
+	}
+
+	/*
+	 * Do not allow instrumentation of exception handlers.
+	 */
+#ifdef __amd64__
+	/* Xfast_syscall* are safe to trace. */
+	if (strcmp(name, "Xdiv") == 0 ||
+	    strcmp(name, "Xdbg") == 0 ||
+	    strcmp(name, "Xnmi") == 0 ||
+	    strcmp(name, "Xbpt") == 0 ||
+	    strcmp(name, "Xofl") == 0 ||
+	    strcmp(name, "Xbnd") == 0 ||
+	    strcmp(name, "Xill") == 0 ||
+	    strcmp(name, "Xdna") == 0 ||
+	    strcmp(name, "Xfpusegm") == 0 ||
+	    strcmp(name, "Xtss") == 0 ||
+	    strcmp(name, "Xmissing") == 0 ||
+	    strcmp(name, "Xstk") == 0 ||
+	    strcmp(name, "Xprot") == 0 ||
+	    strcmp(name, "Xpage") == 0 ||
+	    strcmp(name, "Xmchk") == 0 ||
+	    strcmp(name, "Xrsvd") == 0 ||
+	    strcmp(name, "Xfpu") == 0 ||
+	    strcmp(name, "Xalign") == 0 ||
+	    strcmp(name, "Xxmm") == 0 ||
+	    strcmp(name, "Xdblfault") == 0 ||
+	    strcmp(name, "Xdiv_pti") == 0 ||
+	    strcmp(name, "Xbpt_pti") == 0 ||
+	    strcmp(name, "Xofl_pti") == 0 ||
+	    strcmp(name, "Xbnd_pti") == 0 ||
+	    strcmp(name, "Xill_pti") == 0 ||
+	    strcmp(name, "Xdna_pti") == 0 ||
+	    strcmp(name, "Xfpusegm_pti") == 0 ||
+	    strcmp(name, "Xtss_pti") == 0 ||
+	    strcmp(name, "Xmissing_pti") == 0 ||
+	    strcmp(name, "Xstk_pti") == 0 ||
+	    strcmp(name, "Xprot_pti") == 0 ||
+	    strcmp(name, "Xpage_pti") == 0 ||
+	    strcmp(name, "Xrsvd_pti") == 0 ||
+	    strcmp(name, "Xfpu_pti") == 0 ||
+	    strcmp(name, "Xalign_pti") == 0 ||
+	    strcmp(name, "Xxmm_pti") == 0 ||
+	    strcmp(name, "Xdtrace_ret") == 0 ||
+	    strcmp(name, "Xdtrace_ret_pti") == 0 ||
+	    strcmp(name, "Xxen_intr_upcall") == 0 ||
+	    strcmp(name, "Xxen_intr_upcall_pti") == 0)
+		return (1);
+#endif /* __amd64__ */
+#ifdef __riscv
+	if (strcmp(name, "cpu_exception_handler") == 0 ||
+	    strcmp(name, "cpu_exception_handler_supervisor") == 0 ||
+	    strcmp(name, "cpu_exception_handler_user") == 0 ||
+	    strcmp(name, "do_trap_supervisor") == 0 ||
+	    strcmp(name, "do_trap_user") == 0)
+		return (1);
+#endif /* __riscv */
+#ifdef __aarch64__
+	if (strcmp(name, "handle_el1h_sync") == 0 ||
+	    strcmp(name, "do_el1h_sync") == 0)
+		return (0);
+#endif /* __aarch64__ */
+
+	/*
+	 * Tracing cpu_switch() can trigger panics.
+	 */
+	if (strcmp(name, "cpu_switch") == 0)
+		return (1);
+
+	/*
+	 * Omit instrumentation of functions that are probably in DDB.  It
+	 * makes it too hard to debug broken kinst.
+	 *
+	 * NB: kdb_enter() can be excluded, but its call to printf() can't be.
+	 * This is generally OK since we're not yet in debugging context.
+	 */
+	if (strncmp(name, "db_", strlen("db_")) == 0 ||
+	    strncmp(name, "kdb_", strlen("kdb_")) == 0)
+		return (1);
+
+	/*
+	 * Lock owner methods may be called from probe context.
+	 */
+	if (strcmp(name, "owner_mtx") == 0 ||
+	    strcmp(name, "owner_rm") == 0 ||
+	    strcmp(name, "owner_rw") == 0 ||
+	    strcmp(name, "owner_sx") == 0)
+		return (1);
+
+	/*
+	 * Stack unwinders may be called from probe context on some
+	 * platforms.
+	 */
+#if defined(__aarch64__) || defined(__riscv)
+	if (strcmp(name, "unwind_frame") == 0)
+		return (1);
+#endif
+
+	/*
+	 * When DTrace is built into the kernel we need to exclude the kinst
+	 * functions from instrumentation.
+	 */
+#ifndef _KLD_MODULE
+	if (strncmp(name, "kinst_", strlen("kinst_")) == 0)
+		return (1);
+#endif
+
+	if (strcmp(name, "trap_check") == 0)
+		return (1);
+
+	return (0);
+}
+
 void
 kinst_probe_create(struct kinst_probe *kp, linker_file_t lf)
 {