Segmentation fault at address 0xFFFE000000000012

[ElYaiko]

How can we reproduce the crash?

I'm running puppeeter with Bun and crashes randomly. (Didn't happen before)

Relevant log output

Stack Trace (bun.report)

Bun v1.1.44-canary (9579e42) on linux aarch64 [AutoCommand]

Segmentation fault at address 0xFFFE000000000012

Features: process_dlopen, Bun.stderr, Bun.stdin, Bun.stdout, WebSocket, dotenv, fetch, jsc, shell, spawn, transpiler_cache, tsconfig, tsconfig

_{Sentry Issue: BUN-5Z}

[github-actions]

Hello @ElYaiko. Please provide a minimal reproduction using a GitHub repository, Replit, CodeSandbox, or provide a bulleted list of commands to run that reproduce this issue. Issues marked with needs repro will be closed if they have no activity within 3 days.

[190n]

Interested to see a reproduction if you can share one. The fault address looks like the JSValue representation of 0x12 as an integer:

     *     Pointer {  0000:PPPP:PPPP:PPPP
     *              / 0002:****:****:****
     *     Double  {         ...
     *              \ FFFC:****:****:****
     *     Integer {  FFFE:0000:IIII:IIII

But we shouldn't ever dereference such a value since it's tagged as an integer, not a pointer. Maybe this is a race condition where one thread tries to read a value thinking it's a pointer while another thread simultaneously replaces the value with an integer?