The unsafe.Pointer rules allow “conversion of a Pointer to a uintptr when calling syscall.Syscall”, with a caveat:

If a pointer argument must be converted to uintptr for use as an argument, that conversion must appear in the call expression itself:
…
The compiler handles a Pointer converted to a uintptr in the argument list of a call to a function implemented in assembly by arranging that the referenced allocated object, if any, is retained and not moved until the call completes, even though from the types alone it would appear that the object is no longer needed during the call.

The ptrace wrappers on both Linux and FreeBSD violate that requirement. They pass a uintptr argument to the ptrace helper function, which is what ultimately calls syscall.Syscall, and the arguments to the ptrace helper often do point to buffers allocated in Go:

• x/sys: https://cs.opensource.google/search?q=%5Cbptrace%5C(.*,%5C%20uintptr%5C(unsafe%5C.Pointer%5C(.*%5C)%5C)&sq=&ss=go%2Fx%2Fsys
• syscall: https://cs.opensource.google/search?q=%5Cbptrace%5Ba-z0-9%5D*%5C(.*,%5C%20uintptr%5C(unsafe%5C.Pointer%5C(.*%5C)%5C)%20-filepath:src%2Fcmd%2Fvendor&sq=&ss=go%2Fgo

These issues appear to date all the way back to 2009: the ptrace wrapper function was added in commit 9df5287 (CC @aclements), and in CL 126960043 which copied that pattern to x/sys.

The ptrace function likely needs a split like the one done for ioctl in #44834.

(attn @golang/runtime; CC @ianlancetaylor @bradfitz @tklauser)