Capture issue on Arch systems (6.0.6-arch1-1) #199
Description
We reproduced this bug on test_01.
Everything seems to work correctly until entering the tracer_dump function in cere_tracer.c. After receiving codelet arguments from the tracee, we need to unprotect pages containing those arguments. However, from this point, syscalls do not work anymore. When inspecting the inject_syscall function, registers are modified correctly, but the syscalls are not executed.
The bug does not happen when running a dockerized debian image on the same kernel, which points to an environment specific issue.
Hints: are syscalls breaking due to a bad injection or a memory protection/corruption issue ?
Attached a detailed log demonstrating the issue.
test_01.txt
Syscalls start breaking after line 146.