bun icon indicating copy to clipboard operation
bun copied to clipboard
Published 2 weeks ago verified publisher icon oven-sh

Linux x64 WASM `wasm_trampoline_wasm_ipint_call_wide32` crash in JSC, potentially stack overflow in WebAssembly while using PGlite

Open sroussey opened this issue 10 months ago • 5 comments

How can we reproduce the crash?

Seems flakey. Using pg-lite in tests. Will update when i have more info

Relevant log output

https://github.com/sroussey/ellmers/actions/runs/13607530195/job/38040777616

Stack Trace (bun.report)

Bun v1.2.4 (fd9a5ea) on linux x86_64_baseline [TestCommand]

Segmentation fault at address 0x7F7146505845

Features: tsconfig, jsc

sroussey avatar Mar 01 '25 19:03 sroussey

Thank you for reporting this crash.

For Bun's internal tracking, this issue is BUN-D06.

github-actions[bot] avatar Mar 01 '25 19:03 github-actions[bot]

I can't repro locally (uname: Darwin 24.3.0 arm64 arm) with a debug build of bun. This may be linux-only.

DonIsaac avatar Mar 03 '25 01:03 DonIsaac

@190n is able to reproduce on Linux x64. We see it in our own CI as well. It's most likely an issue with JavaScriptCore's new WASM In-place interpreter, but it's hard for us to take action on our end and fix it. We've let them know about the issue, but we haven't yet come up with a minimal reproduction that can be reproduced in ARM64, only on x64. It's possible/likely this is an x64-specific bug.

Jarred-Sumner avatar Mar 03 '25 10:03 Jarred-Sumner

I reported a different, but similar-looking, crash to WebKit at https://bugs.webkit.org/show_bug.cgi?id=289009. I'm hoping that maybe the fix for that will also benefit pglite.

@sroussey, normally I would suggest you turn off IPInt (therefore reverting to the older Wasm interpreter) with the environment variable BUN_JSC_useWasmIPInt=0, but in my testing the old interpreter also has some issues with pglite. The working configurations I've found for running pglite seem to be:

  • use an aarch64 CPU instead of x86_64
  • use BUN_JSC_jitPolicyScale=0. This will force the engine to JIT-compile code ASAP and use the interpreter much less. But it also harms performance, especially startup time, so I'm not sure if that will be a good solution for you.

Thanks for reporting, and I'm sorry that there isn't a straightforward resolution for this right now.

190n avatar Mar 03 '25 23:03 190n

Are there any workarounds for this at the moment? I'm wanting to bundle the Gemini CLI, though this is a blocker. The above environment variable workarounds don't seem to be doing anything.

hwittenborn avatar Dec 12 '25 20:12 hwittenborn