Safe code causes an "illegal hardware instruction" at runtime

[carllerche]

I'm not really sure what is going on here. Here is the code snippet:

use std::thread;

pub struct Duration {
   nanos: u64
}

impl Duration {
   pub fn seconds(secs: u64) -> Duration {
       Duration { nanos: secs }
   }
}

pub fn spawn(mut handler: Vec<(String, String)>, tick: Duration) {
   unimplemented!();
}

fn main() {
   let t = thread::spawn(|| {
       let mut env = vec![];

       env.push(("foo".to_string(), "bar".to_string()));

       spawn(env, Duration::seconds(0));
   });

   t.join();
}

Output:

/segv
thread '<unnamed>' panicked at 'not yet implemented', segv.rs:14
[1]    54686 illegal hardware instruction  ./segv

System info:

$ rustc --version
rustc 1.2.0-nightly (99c2f779d 2015-05-29) (built 2015-05-28)

$ uname -a
Darwin Carls-MacBook-Pro.local 12.6.0 Darwin Kernel Version 12.6.0: Wed Dec 17 19:11:40 PST 2014; root:xnu-2050.48.15~1/RELEASE_X86_64 x86_64

[emberian]

Interesting, the segfault is in jemalloc. Sounds like a heap corruption on unwind.

[emberian]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff6ef5700 (LWP 3433)]
0x0000555555580e68 in je_arena_dalloc_bin_locked ()
(gdb) 
(gdb) where
#0  0x0000555555580e68 in je_arena_dalloc_bin_locked ()
#1  0x0000555555593d26 in tcache_destroy ()
#2  0x00005555555945f2 in je_tcache_cleanup ()
#3  0x0000555555596ffd in je_tsd_cleanup ()
#4  0x00007ffff79c03d9 in __nptl_deallocate_tsd.part.5 () from /usr/lib/libpthread.so.0
#5  0x00007ffff79c141d in start_thread () from /usr/lib/libpthread.so.0
#6  0x00007ffff72e1bfd in clone () from /usr/lib/libc.so.6

[alexcrichton]

Confirmed dupe of #25089.

[alexcrichton]

Diagnosis is here, and this is a double-free.