MacOS uses an insecure swap file
This came out of a discussion with Jann Horn this afternoon; credit is his.
It turns out that even with SIP enabled a regular root user can write to the swapfile under /private/var/vm/swapfile0.
That file is created on demand when the system starts to swap; if you can't see it increase system load.
Then as root (with SIP enabled) do:
cat /dev/urandom > /private/var/vm/swapfile0
We observed multiple interesting-looking kernel panics including in the swapfile decompression code and also the intel GPU driver doing something with GPU pages.
Found by: ianbeer