I omitted one more interesting case.
If the verity metadata (signature, root hash) is corrupted after installation but before
the file is opened, then opening/exec-ing the file can fail. Also, if pages from a binary
read in during the exec itself are corrupted, the system call itself could fail (rather
than the process getting sigbus like for a random page during execution)