It's kind of lame some syscalls cannot be patched ends up handling by the tracer (regardless early syscalls before LD_PRELOAD), it forces us to write two different versions of the same logic, hence it would be necessary to force syscall to be trapped by the tracee instead. This can be done by:

• install another RET_TRAP seccomp filter in LD_PRELOAD;
• replace syscall instruction with predefined reserved x86 instructions, and handle it in tracee's signal handler

Both methods can trap the syscalls we cannot handle at this moment, even they wouldn't be as fast as patched syscalls, they wouldn't be any slower than handle syscalls in tracer either.