From 62cb91e84da7543ee6d4f34fa5a4c5a3943ca9a4 Mon Sep 17 00:00:00 2001
From: Riccardo Schirone <riccardo.schirone@trailofbits.com>
Date: Fri, 21 Nov 2025 14:12:24 +0000
Subject: [PATCH 1/2] usertrap: disable syscall patching when ptraced

---
 .../platform/systrap/usertrap/usertrap_amd64.go      | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go b/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go
index 730f526533..abbdf3aa53 100644
--- a/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go
+++ b/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go
@@ -193,6 +193,18 @@ func (s *State) PatchSyscall(ctx context.Context, ac *arch.Context64, mm memoryM
 		return fmt.Errorf("no task found")
 	}
 
+	// Skip syscall patching when the task is being ptraced, because
+	// single-stepping and other debugger features are incompatible with
+	// the "syshandler" routine used to handle patched syscalls (see
+	// syshandler_amd64.S). This incompatibility can result in inconsistent
+	// process states and failures (e.g. SIGSEGV).
+	// TODO: for a full fix we'd need to roll back existing patched
+	//       syscalls, in case the traced program was patched before being
+	//       traced (e.g. PTRACE_ATTACH on an already running process).
+	if task.Tracer() != nil {
+		return nil
+	}
+
 	s.mu.Lock()
 	defer s.mu.Unlock()
 

From 3c52fedd53da176042cffdc701e31f4262623451 Mon Sep 17 00:00:00 2001
From: Riccardo Schirone <riccardo.schirone@trailofbits.com>
Date: Wed, 3 Dec 2025 09:13:45 +0000
Subject: [PATCH 2/2] Add warning if syscall patches exist already for a
 ptraced process

---
 pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go b/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go
index abbdf3aa53..0442901f01 100644
--- a/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go
+++ b/pkg/sentry/platform/systrap/usertrap/usertrap_amd64.go
@@ -198,10 +198,14 @@ func (s *State) PatchSyscall(ctx context.Context, ac *arch.Context64, mm memoryM
 	// the "syshandler" routine used to handle patched syscalls (see
 	// syshandler_amd64.S). This incompatibility can result in inconsistent
 	// process states and failures (e.g. SIGSEGV).
-	// TODO: for a full fix we'd need to roll back existing patched
-	//       syscalls, in case the traced program was patched before being
-	//       traced (e.g. PTRACE_ATTACH on an already running process).
+	// TODO(gvisor.dev/issue/11649): for a full fix we'd need to roll back
+	//     existing patched syscalls, in case the traced program was patched
+	//     before being traced (e.g. PTRACE_ATTACH on an already running
+	//     process).
 	if task.Tracer() != nil {
+		if s.nextTrap > 0 {
+			ctx.Warningf("LIKELY ERROR: Attached tracer to process with patched syscalls (traps %d)! Systrap is not fully compatible with ptrace/debuggers, program may die unexpectedly soon!", s.nextTrap)
+		}
 		return nil
 	}