Hello!
Could someone please help me make sense of this crash? It occurs only on Apple Silicon, and I can't make heads or tails of it.
The code is invoking a JIT-compiled routine. The same call to the same address works dozens of times during the program's run, then crashes unexpectedly with a bus error, evidently without executing any code.
According to the dump extract below, the region is readable, writable, and executable at the time of the crash. I've verified that the code in the region does not change between successful and crashing calls.
What possible change in the process configuration would explain SIGBUS at an address that's apparently mapped, executable, and contains valid code that previously ran without issues?
Thanks in advance for any insight!
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000280e37d38
Exception Codes: 0x0000000000000002, 0x0000000280e37d38
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process: exc handler [99567]
VM Region Info: 0x280e37d38 is in 0x280dc0000-0x280e40000; bytes after start: 490808 bytes before end: 33479
REGION TYPE START - END [VSIZE] PRT/MAX SHRMOD
VM_ALLOCATE 280d60000-280dc0000 [ 384K] rw-/rwx SM=ZER
---> VM_ALLOCATE 280dc0000-280e40000 [ 512K] rwx/rwx SM=ZER
VM_ALLOCATE 280e40000-280ec0000 [ 512K] rw-/rwx SM=ZER
An investigation has revealed the probable cause – Apple Silicon's unique "thread JIT write protection" feature (see pthread_jit_write_protect_np).
In addition to the usual page protections, Apple Silicon supports a per-thread binary state that controls whether JIT pages are writable or executable; they can never be both.
It would be great if crash dumps included information that helped distinguish this case from typical access or alignment violations.
