(Apple Silicon) (M1) Inexplicable SIGBUS crash

Question

In some native M1 code I'm working on, calling a particular function raises a SIGBUS fault that makes no sense:

Exception Type:        EXC_BAD_ACCESS (SIGBUS)
Exception Codes:       KERN_PROTECTION_FAILURE at 0x0000000280dc7da0
Exception Codes:       0x0000000000000002, 0x0000000280dc7da0
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process:   exc handler [12171]

VM Region Info: 0x280dc7da0 is in 0x280d50000-0x280dd0000;  bytes after start: 490912  bytes before end: 33375
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      VM_ALLOCATE                 280cf0000-280d50000    [  384K] rw-/rwx SM=ZER  
--->  VM_ALLOCATE                 280d50000-280dd0000    [  512K] rwx/rwx SM=ZER  
      VM_ALLOCATE                 280dd0000-280e50000    [  512K] rw-/rwx SM=ZER  

According to this dump:

• The fault address is the same as the function address.
• The function address (0x280dc7da0) is properly aligned.
• The target region has rwx protection and is therefore executable.

What could possibly be triggering SIGBUS here?

BTW, an Intel (x64) version of this program works fine on x64 Macs and in Rosetta.

Answer 1

The problem here is most likely Thread JIT Write Protection, a feature that only exists on Apple Silicon and operates in addition to conventional memory page permissions. Unfortunately, Apple's crash dumps seem to provide no indication that Thread JIT Write Protection could be the SIGBUS trigger.