From 62cb91e84da7543ee6d4f34fa5a4c5a3943ca9a4 Mon Sep 17 00:00:00 2001 From: Riccardo Schirone Date: Fri, 21 Nov 2025 14:12:24 +0000 Subject: [PATCH] usertrap: disable syscall patching when ptraced --- .../platform/systrap/usertrap/usertrap_amd64.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go b/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go index 730f526533..abbdf3aa53 100644 --- a/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go +++ b/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go @@ -193,6 +193,18 @@ func (s *State) PatchSyscall(ctx context.Context, ac *arch.Context64, mm memoryM return fmt.Errorf("no task found") } + // Skip syscall patching when the task is being ptraced, because + // single-stepping and other debugger features are incompatible with + // the "syshandler" routine used to handle patched syscalls (see + // syshandler_amd64.S). This incompatibility can result in inconsistent + // process states and failures (e.g. SIGSEGV). + // TODO: for a full fix we'd need to roll back existing patched + // syscalls, in case the traced program was patched before being + // traced (e.g. PTRACE_ATTACH on an already running process). + if task.Tracer() != nil { + return nil + } + s.mu.Lock() defer s.mu.Unlock()