[BUG] Deterministic Bun segfault at 0xCD on Windows 10 — Trend Micro Apex One DLLs (TmUmEvt64 / Wtmmon64) in crash stack; 2.1.112 (Node) works, 2.1.113+ (Bun) crash

Open 💬 2 comments Opened Jun 15, 2026 by akaribrahim

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Every Claude Code version from 2.1.113 onward (Bun-compiled claude.exe) deterministically segfaults at startup on my Windows 10 machine. The last Node-based release, 2.1.112, works perfectly. The crash stack trace contains DLLs belonging to Trend Micro Apex One (TmUmEvt64.dll, Wtmmon64.dll) — a centrally managed third-party security agent that DLL-injects into user processes. Bun (1.3.14, Windows x64 baseline) panics with a null-pointer-style segfault at address 0xCD during startup. 100% reproducible across reboots. This is distinct from prior issues (#55219, #52817, #28544) which had different addresses and no third-party DLL in the trace.

What Should Happen?

claude should launch and reach the interactive prompt without crashing, regardless of Trend Micro Apex One's process monitoring being active. Either Bun's startup needs to be hardened against this AV's DLL injection, or Claude Code should offer a Node-runtime distribution as a fallback (as it shipped pre-2.1.113).

Error Messages/Logs

============================================================
Bun v1.3.14 (2a41ca97) Windows x64 (baseline)
Windows v.win10_cu7
Args: "C:\Users\<user>\AppData\Roaming\npm\node_modules\@anthropic-ai\claude-code\bin\claude.exe" "--dangerously-skip-permissions"
Elapsed: 37886ms | User: 20859ms | Sys: 2125ms
RSS: 0.45GB | Peak: 0.52GB | Commit: 0.62GB | Faults: 174278 | Machine: 68.63GB
Features: http_client_proxy(16) jsc spawn(20) standalone_executable yaml_parse(4) claude_code
Builtins: "bun:ffi" "bun:main" "node:assert" "node:async_hooks" "node:buffer" "node:child_process" "node:constants" "node:crypto" "node:dns" "node:events" "node:fs" "node:fs/promises" "node:http" "node:https" "node:module" "node:net" "node:os" "node:path" "node:path/posix" "node:path/win32" "node:perf_hooks" "node:process" "node:readline" "node:stream" "node:stream/consumers" "node:stream/promises" "node:string_decoder" "node:timers/promises" "node:tls" "node:tty" "node:url" "node:util" "node:vm" "node:zlib" "undici" "ws" "node:http2"

panic(thread 23832): Segmentation fault at address 0xCD
oh no: Bun has crashed. This indicates a bug in Bun, not your code.

To send a redacted crash report to Bun's team,
please file a GitHub issue using the link below:

 https://bun.report/1.3.14/e_12a41ca9mgggkEuhogDCSntdll.dllw0qMCSntdll.dllgkoMCSntdll.dll2nnMCYKERNEL32.DLLwkICaTmUmEvt64.dlls65OCaTmUmEvt64.dllw7idCaTmUmEvt64.dlluyrLCaTmUmEvt64.dll27rOCaTmUmEvt64.dll4gxOCaTmUmEvt64.dll4n5eCaTmUmEvt64.dllguxQCaTmUmEvt64.dll0ygaCWtmmon64.dlls8JCWtmmon64.dllk3rbCWtmmon64.dll2ktbCWtmmon64.dlliprmC65t0SA2A6M

Steps to Reproduce

  1. On a Windows 10 host with Trend Micro Apex One Antivirus running (processes: Ntrtscan, PccNTMon, TmCCSF, TmListen, TmPfw, TmWSCSvc).
  2. npm install -g @anthropic-ai/claude-code@2.1.173 (or any version from 2.1.113 onward).
  3. From PowerShell: claude --version or claude --dangerously-skip-permissions.
  4. Process panics with the segfault shown above within seconds. 100% reproducible.

Confirmed clean downgrade: npm install -g @anthropic-ai/claude-code@2.1.112 immediately restores full functionality with no other system changes — the only delta is Bun-vs-Node runtime in the package. PATH, env, and Trend Micro config are untouched.

Claude Model

Opus

Is this a regression?

Yes, this worked in a previous version

Last Working Version

2.1.112

Claude Code Version

2.1.173

Platform

Anthropic API

Operating System

Windows

Terminal/Shell

PowerShell

Additional Information

Stack frame analysis (decoded from the bun.report URL, in call order):

  1. ntdll.dll ×4 — early process init
  2. KERNEL32.DLL ×1
  3. TmUmEvt64.dll ×8 — Trend Micro User Mode Event Monitor (injected hooks)
  4. Wtmmon64.dll ×4 — Trend Micro Web Threat Monitor (injected hooks)
  5. Final fault inside Bun-compiled code

The Trend Micro DLLs sit between Windows loader code and Bun's own initialization. The 0xCD fault address is consistent with a null-pointer dereference after Trend Micro hooks have mutated state Bun reads during startup.

(also tried CMD — same crash)
(also tested 2.1.113 and 2.1.114 — same crash)

Hardware

  • CPU: Intel Xeon E5-2630 v4 @ 2.20GHz (has AVX2; Bun still chose the "baseline" build)
  • RAM: 64 GB

Security agent

  • Trend Micro Apex One Antivirus (centrally managed by IT — cannot disable or add exclusions locally)
  • Running processes: Ntrtscan, PccNTMon, TmCCSF, TmListen, TmPfw, TmWSCSvc
  • DLLs visible in crash trace: TmUmEvt64.dll, Wtmmon64.dll

Related issues (different stacks — not duplicates)

  • #55219 — Windows 11 startup segfault at 0x3C in USER32.dll (closed as not planned)
  • #54530 — 2.1.122 / Bun 1.3.14 segfault at 0x38
  • #52817 — Bun segfault at 0x35C23800000
  • #28544 — Bun segfault at 0xFFFFFFFFFFFFFFFF
  • #51477 — i7-13700H Bun segfault
  • #11201 — VS Code extension Bun 1.3.1 crash

None of those mention a specific third-party security DLL in the trace, so I'm filing this separately to surface the Trend Micro Apex One conflict explicitly.

Asks (in order of preference)

  1. Investigate a Bun-side hardening / workaround for Trend Micro's DLL injection (and ideally other common Windows EDR/AV agents). If reproducible inside a Bun-only repro, this likely belongs upstream at oven-sh/bun and I'm happy to file there too.
  2. Provide an opt-in Node-runtime distribution (or a claude-code-node package). 2.1.112's cli.js was the only thing that worked in this environment, and a corporate-managed AV is not something most users can change.
  3. Document Trend Micro Apex One (and similar managed EDRs) as a known-incompatible environment, with the exclusion paths IT needs to whitelist (node_modules\@anthropic-ai\claude-code\bin\claude.exe plus any install staging dir).

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗