Segfault when using hardened memory allocator

[xlfe]

Problem

I'm using neovim on Nixos with the hardened profile which means instead of the normal glibc memory allocator, I'm using scudo

I've had a number of Segfaults with libtreesitter in the stack - is this a tree-sitter problem? I'm not sure how to get a reproducible example because neovim crashes seemingly at random

I'm not sure, but perhaps running your test suite using scudo instead of the standard libc allocator might catch the same bug?

Thread 1 (Thread 0x6385f7b7b900 (LWP 47978)):
#0  0x00006385f72f881e in uw_frame_state_for () from /nix/store/31axfs6jsslijkdybyl3410zwfy1gvky-gcc-12.3.0-lib/lib/libgcc_s.so.1
#1  0x00006385f72fa57b in _Unwind_Backtrace () from /nix/store/31axfs6jsslijkdybyl3410zwfy1gvky-gcc-12.3.0-lib/lib/libgcc_s.so.1
#2  0x00006385f741dc63 in backtrace () from /nix/store/p9ysh5rk109gyjj3cn6jr54znvvlahfl-glibc-2.38-66/lib/libc.so.6
#3  0x00006385f7620b79 in (anonymous namespace)::Backtrace(unsigned long*, unsigned long) () from /nix/store/xdgdr2fy94can5bfkg89705lnj7yly1c-malloc-provider-scudo/lib/libclang_rt.scudo-x86_64.so
#4  0x00006385f761efa5 in gwp_asan::AllocationMetadata::CallSiteInfo::RecordBacktrace(unsigned long (*)(unsigned long*, unsigned long)) () from /nix/store/xdgdr2fy94can5bfkg89705lnj7yly1c-malloc-provider-scudo/lib/libclang_rt.scudo-x86_64.so
#5  0x00006385f761fe34 in gwp_asan::GuardedPoolAllocator::deallocate(void*) () from /nix/store/xdgdr2fy94can5bfkg89705lnj7yly1c-malloc-provider-scudo/lib/libclang_rt.scudo-x86_64.so
#6  0x00006385f7c61b8c in ts_subtree_release () from /nix/store/rvyp1qc2cv67j2i142g9lyqmiczwhdlq-tree-sitter-0.20.8/lib/libtree-sitter.so.0
#7  0x00006385f7c63176 in ts_tree_delete () from /nix/store/rvyp1qc2cv67j2i142g9lyqmiczwhdlq-tree-sitter-0.20.8/lib/libtree-sitter.so.0
#8  0x00000000005bcb62 in tree_gc ()
#9  0x00006385f7ba3a36 in ?? () from /nix/store/zimx006789fdxjxjw2z2fvslk77pjgcg-luajit-2.1.1693350652-env/lib/libluajit-5.1.so.2
#10 0x00006385f7beade7 in ?? () from /nix/store/zimx006789fdxjxjw2z2fvslk77pjgcg-luajit-2.1.1693350652-env/lib/libluajit-5.1.so.2
#11 0x00006385f7beb0d8 in ?? () from /nix/store/zimx006789fdxjxjw2z2fvslk77pjgcg-luajit-2.1.1693350652-env/lib/libluajit-5.1.so.2
#12 0x00006385f7beb6c5 in ?? () from /nix/store/zimx006789fdxjxjw2z2fvslk77pjgcg-luajit-2.1.1693350652-env/lib/libluajit-5.1.so.2
#13 0x00006385f7c00cc1 in ?? () from /nix/store/zimx006789fdxjxjw2z2fvslk77pjgcg-luajit-2.1.1693350652-env/lib/libluajit-5.1.so.2
#14 0x00006385f7ba5a19 in ?? () from /nix/store/zimx006789fdxjxjw2z2fvslk77pjgcg-luajit-2.1.1693350652-env/lib/libluajit-5.1.so.2
#15 0x0020000000000020 in ?? ()
#16 0x3f3f3f3f3f3f3f3f in ?? ()
#17 0x9999999999999999 in ?? ()
#18 0x2020202020202020 in ?? ()
#19 0x403e000000000000 in ?? ()
#20 0xbff0000000000000 in ?? ()
#21 0x0000000000000000 in ?? ()

Thread 1 (Thread 0x67bc8aad3900 (LWP 172405)):
#0  0x000067bc8aaf381e in uw_frame_state_for () from /nix/store/hc0jij4wmrcdrad7fd381r4x2j12d550-gcc-12.3.0-lib/lib/libgcc_s.so.1
#1  0x000067bc8aaf557b in _Unwind_Backtrace () from /nix/store/hc0jij4wmrcdrad7fd381r4x2j12d550-gcc-12.3.0-lib/lib/libgcc_s.so.1
#2  0x000067bc8ac18c43 in backtrace () from /nix/store/anlf335xlh41yjhm114swi87406mq5pw-glibc-2.38-44/lib/libc.so.6
#3  0x000067bc8ae20b79 in (anonymous namespace)::Backtrace(unsigned long*, unsigned long) () from /nix/store/civcvh53r4h3g3797rpgkdafi2ibq04k-malloc-provider-scudo/lib/libclang_rt.scudo-x86_64.so
#4  0x000067bc8ae1efa5 in gwp_asan::AllocationMetadata::CallSiteInfo::RecordBacktrace(unsigned long (*)(unsigned long*, unsigned long)) () from /nix/store/civcvh53r4h3g3797rpgkdafi2ibq04k-malloc-provider-scudo/lib/libclang_rt.scudo-x86_64.so
#5  0x000067bc8ae1fe34 in gwp_asan::GuardedPoolAllocator::deallocate(void*) () from /nix/store/civcvh53r4h3g3797rpgkdafi2ibq04k-malloc-provider-scudo/lib/libclang_rt.scudo-x86_64.so
#6  0x000067bc8b447aa3 in ts_subtree_release () from /nix/store/mxvi52xmlhs7dz1nww17mdwl3i03w5ps-tree-sitter-0.20.8/lib/libtree-sitter.so.0
#7  0x000067bc8b449176 in ts_tree_delete () from /nix/store/mxvi52xmlhs7dz1nww17mdwl3i03w5ps-tree-sitter-0.20.8/lib/libtree-sitter.so.0
#8  0x00000000005bcb62 in tree_gc ()
#9  0x000067bc8b389a36 in ?? () from /nix/store/08lab32sarzg4jp2ms8kzvk1g181ba7z-luajit-2.1.1693350652-env/lib/libluajit-5.1.so.2
#10 0x000067bc8b3d0de7 in ?? () from /nix/store/08lab32sarzg4jp2ms8kzvk1g181ba7z-luajit-2.1.1693350652-env/lib/libluajit-5.1.so.2
#11 0x000067bc8b3d10d8 in ?? () from /nix/store/08lab32sarzg4jp2ms8kzvk1g181ba7z-luajit-2.1.1693350652-env/lib/libluajit-5.1.so.2
#12 0x000067bc8b3d16c5 in ?? () from /nix/store/08lab32sarzg4jp2ms8kzvk1g181ba7z-luajit-2.1.1693350652-env/lib/libluajit-5.1.so.2
#13 0x000067bc8b3e6cc1 in ?? () from /nix/store/08lab32sarzg4jp2ms8kzvk1g181ba7z-luajit-2.1.1693350652-env/lib/libluajit-5.1.so.2
#14 0x000067bc8b38ba19 in ?? () from /nix/store/08lab32sarzg4jp2ms8kzvk1g181ba7z-luajit-2.1.1693350652-env/lib/libluajit-5.1.so.2
#15 0xffffffffffff0000 in ?? ()
#16 0x0000000000000000 in ?? ()

Apologies for the noise if this isn't relevant!

Steps to reproduce

The segfaults happen seemingly at random sorry

Expected behavior

Neovim / tree-sitter doesn't cause segfaults

Tree-sitter version (tree-sitter --version)

tree-sitter 20.8

Operating system/version

NixOs 23.11

[amaanq]

0.20.8 is quite old - can you use a newer version (preferably 0.22.0+)? also - it'd help if you can compile a release build with debug symbols (RelWithDebInfo if you build neovim from source, it's in the docs somewhere)