Hi Sunny,
Yes, we have a similar mechanism in Chromium and many system calls trigger a "crash" by design because we don't expect them to ever be used.
If you're not seeing a crash, then the syscall is "gracefully denied", meaning we almost certainly return EPERM or ENOENT. The problem is that userland is sadly failing silently without reporting any error where it should.
Unfortunately, we've never finished plugging this in a user-friendly way (
https://crbug.com/389383) and it would require some manual work to use.
A potentially quicker alternative could be for you to try and bisect allowing some system call ranges in the GPU policy (bpf_gpu_policy_linux.cc) and see if you can figure out which one you need to allow.
Julien