Open Radar

 
Summary:
I'm experiencing a constant kernel panic when using dtrace probes with speculations. It also doesn't matter what target I attach dtrace to.

Steps to Reproduce:
1. Create (or download the attached) file `speculations.d` with the following contents:
----------------- speculations.d begins ----------------
syscall::open:entry
{
	self->spec = speculation();
	speculate(self->spec);
	printf("open(%s)\n", copyinstr(arg0));
}

syscall::open:return
/self->spec && errno == 0/
{
	commit(self->spec);
	self->spec = 0;
}
----------------- speculations.d ends ------------------
This simple dtrace script should log every successfull open() syscall.

2. Now run dtrace, compile the script above and attach to any target. I prefer `/usr/bin/file` because it actually open()s something:
	
	$ sudo dtrace -qs ./spec.d -c "/usr/bin/file /etc/passwd"
	

Expected Results:
The following output expected:
	
	/etc/passwd: ASCII English text
	open(/usr/share/file/magic.mgc)
	open(/etc/passwd)

Actual Results:
The OS X kernel panics (sample crash reports attached).

Version:
OS X 10.10.4 (14E46), not sure about other 10.10.x revisions.

Notes:
When I remove everything related to speculations from the script above, *it works fine*:
	
        ----------------- speculations.d begins ----------------
	syscall::open:entry
	{
		printf("open(%s)\n", copyinstr(arg0));
	}
        ----------------- speculations.d ends -------------------

Configuration:
I was able to reproduce this crash on both real (MacBookPro9,2 and MacBookPro11,2) and virtual machines with OS X 10.10(.4) installed. 

I've also tried to trigger it on OS X 10.8 and 10.9 (both on virtual machines), but had no success there.


Attachments:
'speculations.d', 'Kernel_2015-08-11-145337_Dmitrys-MacBook-Pro.panic' and 'Kernel_2015-08-11-051630_VirtualBox.panic' were successfully uploaded.