SEGV when using --full-cleanup

[MasterDuke17]

[dan@alexandria p6]$ valgrind /home/dan/Source/perl6/install/bin/moar --full-cleanup --execname="$0" --libpath="/home/dan/Source/perl6/install/share/nqp/lib" --libpath="/home/dan/Source/perl6/install/share/perl6/lib" --libpath="/home/dan/Source/perl6/install/share/perl6/runtime" /home/dan/Source/perl6/install/share/perl6/runtime/perl6.moarvm -e 'my $cmd = run « cat hs_ref_GRCh37.p5_chr1.fa », :out; $cmd.out.close'
==20944== Memcheck, a memory error detector
==20944== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==20944== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==20944== Command: /home/dan/Source/perl6/install/bin/moar --full-cleanup --execname=-bash --libpath=/home/dan/Source/perl6/install/share/nqp/lib --libpath=/home/dan/Source/perl6/install/share/perl6/lib --libpath=/home/dan/Source/perl6/install/share/perl6/runtime /home/dan/Source/perl6/install/share/perl6/runtime/perl6.moarvm -e my\ $cmd\ =\ run\ __\ cat\ hs_ref_GRCh37.p5_chr1.fa\ __,\ :out;\ $cmd.out.close
==20944== 
==20944== Invalid read of size 1
==20944==    at 0x4B63078: uv_loop_close (uv-common.c:660)
==20944==    by 0x4A6A766: MVM_io_eventloop_destroy (eventloop.c:297)
==20944==    by 0x4B272A8: MVM_vm_destroy_instance (moar.c:531)
==20944==    by 0x109563: main (main.c:312)
==20944==  Address 0xbe1b8b8 is 88 bytes inside a block of size 128 free'd
==20944==    at 0x48389AB: free (vg_replace_malloc.c:530)
==20944==    by 0x4A6A74F: MVM_free (alloc.h:40)
==20944==    by 0x4A6A74F: MVM_io_eventloop_destroy (eventloop.c:293)
==20944==    by 0x4B272A8: MVM_vm_destroy_instance (moar.c:531)
==20944==    by 0x109563: main (main.c:312)
==20944==  Block was alloc'd at
==20944==    at 0x483777F: malloc (vg_replace_malloc.c:299)
==20944==    by 0x4A6A01B: MVM_malloc (alloc.h:2)
==20944==    by 0x4A6A01B: MVM_io_eventloop_start (eventloop.c:120)
==20944==    by 0x4A6A161: MVM_io_eventloop_queue_work (eventloop.c:153)
==20944==    by 0x4A6FD8D: MVM_proc_spawn_async (procops.c:994)
==20944==    by 0x4A21159: MVM_interp_run (interp.c:4334)
==20944==    by 0x4B27124: MVM_vm_run_file (moar.c:444)
==20944==    by 0x10974F: main (main.c:302)
==20944== 
==20944== 
==20944== Process terminating with default action of signal 6 (SIGABRT): dumping core
==20944==    at 0x50FBD7F: raise (in /usr/lib/libc-2.28.so)
==20944==    by 0x50E6671: abort (in /usr/lib/libc-2.28.so)
==20944==    by 0x4A19032: uv_mutex_destroy.cold.3 (thread.c:269)
==20944==    by 0x4A9FE69: gc_free (ConcBlockingQueue.c:74)
==20944==    by 0x4A65C9A: MVM_gc_collect_free_gen2_unmarked (collect.c:745)
==20944==    by 0x4A61DF9: MVM_gc_global_destruction (orchestrate.c:674)
==20944==    by 0x4B272B0: MVM_vm_destroy_instance (moar.c:535)
==20944==    by 0x109563: main (main.c:312)
==20944== 
==20944== HEAP SUMMARY:
==20944==     in use at exit: 423,942,457 bytes in 200,327 blocks
==20944==   total heap usage: 331,466 allocs, 131,139 frees, 550,091,546 bytes allocated
==20944== 
==20944== LEAK SUMMARY:
==20944==    definitely lost: 160 bytes in 2 blocks
==20944==    indirectly lost: 0 bytes in 0 blocks
==20944==      possibly lost: 237,520 bytes in 4,233 blocks
==20944==    still reachable: 423,704,777 bytes in 196,092 blocks
==20944==         suppressed: 0 bytes in 0 blocks
==20944== Rerun with --leak-check=full to see details of leaked memory
==20944== 
==20944== For counts of detected and suppressed errors, rerun with: -v
==20944== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Aborted (core dumped)

[dan@alexandria p6]$ gdb --args /home/dan/Source/perl6/install/bin/moar --full-cleanup --execname="$0" --libpath="/home/dan/Source/perl6/install/share/nqp/lib" --libpath="/home/dan/Source/perl6/install/share/perl6/lib" --libpath="/home/dan/Source/perl6/install/share/perl6/runtime" /home/dan/Source/perl6/install/share/perl6/runtime/perl6.moarvm -e 'for ^2 { my $cmd = run « cat hs_ref_GRCh37.p5_chr1.fa », :out; $cmd.out.close }'
GNU gdb (GDB) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /home/dan/Source/perl6/install/bin/moar...done.
.gdbinit: running app
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7ffff6fad700 (LWP 20671)]
[New Thread 0x7ffff4bf8700 (LWP 20672)]
[New Thread 0x7fffeffff700 (LWP 20673)]
[New Thread 0x7fffef7fe700 (LWP 20674)]
[Detaching after fork from child process 20675]
[New Thread 0x7fffeeffd700 (LWP 20676)]
[Detaching after fork from child process 20677]
[Thread 0x7ffff6fad700 (LWP 20671) exited]
[Thread 0x7fffef7fe700 (LWP 20674) exited]

Thread 1 "moar" received signal SIGABRT, Aborted.
0x00007ffff75c1d7f in raise () from /usr/lib/libc.so.6
MoarVM string pretty printer registered
moar-heap registered
diff-moar-heap registered
(gdb) bt
#0  0x00007ffff75c1d7f in raise () from /usr/lib/libc.so.6
#1  0x00007ffff75ac672 in abort () from /usr/lib/libc.so.6
#2  0x00007ffff797b033 in uv_mutex_destroy (mutex=mutex@entry=0x555558366ee8) at 3rdparty/libuv/src/unix/thread.c:269
#3  0x00007ffff7a01e5a in gc_free (tc=<optimized out>, obj=<optimized out>) at src/6model/reprs/ConcBlockingQueue.c:74
#4  0x00007ffff79c7c9b in MVM_gc_collect_free_gen2_unmarked (tc=tc@entry=0x555555559cb0, global_destruction=global_destruction@entry=1) at src/gc/collect.c:745
#5  0x00007ffff79c3dfa in MVM_gc_global_destruction (tc=0x555555559cb0) at src/gc/orchestrate.c:674
#6  0x00007ffff7a892a1 in MVM_vm_destroy_instance (instance=0x555555559260) at src/moar.c:535
#7  0x0000555555555564 in main (argc=9, argv=0x7fffffffe728) at src/main.c:312
(gdb)

[bdw]

NB - this is a SEGV that happens when there's a subprocess run.
Running a subprocess starts the eventloop, the cleanup of which is apparently wrong.
I expect that you can also trigger this with run "echo hi"

[MasterDuke17]

Getting different output now.

[dan@alexandria p6]$ gdb --args /home/dan/Source/perl6/install/bin/perl6 --full-cleanup -e 'for ^2 { my $cmd = run « echo 1 », :out; $cmd.out.close }'  
GNU gdb (GDB) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /home/dan/Source/perl6/install/bin/perl6...done.
(gdb) r
Starting program: /home/dan/Source/perl6/install/bin/perl6 --full-cleanup -e for\ \^2\ \{\ my\ \$cmd\ =\ run\ «\ echo\ 1\ »,\ :out\;\ \$cmd.out.close\ \}
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7ffff7007700 (LWP 12566)]
[New Thread 0x7ffff4b03700 (LWP 12568)]
[New Thread 0x7fffeffff700 (LWP 12569)]
[New Thread 0x7fffef7fe700 (LWP 12570)]
[Detaching after fork from child process 12571]
[New Thread 0x7fffeeffd700 (LWP 12572)]
[Detaching after fork from child process 12573]
[Thread 0x7ffff7007700 (LWP 12566) exited]
[Thread 0x7fffef7fe700 (LWP 12570) exited]
Unhandled exception: Cannot find method 'name' on object of type Perl6::Metamodel::ClassHOW
   at gen/moar/BOOTSTRAP.nqp:3720  (/home/dan/Source/perl6/install/bin/../share/nqp/lib/Perl6/BOOTSTRAP.moarvm:)
 from SETTING::src/core/ThreadPoolScheduler.pm6:612  (/home/dan/Source/perl6/install/bin/../share/perl6/runtime/CORE.setting.moarvm:)
 from SETTING::src/core/ThreadPoolScheduler.pm6:611  (/home/dan/Source/perl6/install/bin/../share/perl6/runtime/CORE.setting.moarvm:)
 from SETTING::src/core/Thread.pm6:54  (/home/dan/Source/perl6/install/bin/../share/perl6/runtime/CORE.setting.moarvm:THREAD-ENTRY)
[Thread 0x7fffeeffd700 (LWP 12572) exited]
[Thread 0x7fffeffff700 (LWP 12569) exited]
[Thread 0x7ffff4b03700 (LWP 12568) exited]
[Inferior 1 (process 12562) exited with code 01]
(gdb)

and

[dan@alexandria p6]$ MVM_JIT_DISABLE=1 valgrind /home/dan/Source/perl6/install/bin/perl6 --full-cleanup -e 'for ^2 { my $cmd = run « echo 1 », :out; $cmd.out.close }'    
==11950== Memcheck, a memory error detector
==11950== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==11950== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==11950== Command: /home/dan/Source/perl6/install/bin/perl6 --full-cleanup -e for\ ^2\ {\ my\ $cmd\ =\ run\ __\ echo\ 1\ __,\ :out;\ $cmd.out.close\ }
==11950== 
==11950== Invalid read of size 1
==11950==    at 0x4B669E8: uv_loop_close (uv-common.c:665)
==11950==    by 0x4A6E6D6: MVM_io_eventloop_destroy (eventloop.c:299)
==11950==    by 0x4B2B168: MVM_vm_destroy_instance (moar.c:531)
==11950==    by 0x109804: main (main.c:392)
==11950==  Address 0xc16ae48 is 88 bytes inside a block of size 128 free'd
==11950==    at 0x48399AB: free (vg_replace_malloc.c:530)
==11950==    by 0x4A6E6BF: MVM_free (alloc.h:40)
==11950==    by 0x4A6E6BF: MVM_io_eventloop_destroy (eventloop.c:295)
==11950==    by 0x4B2B168: MVM_vm_destroy_instance (moar.c:531)
==11950==    by 0x109804: main (main.c:392)
==11950==  Block was alloc'd at
==11950==    at 0x483877F: malloc (vg_replace_malloc.c:299)
==11950==    by 0x4A6DF3B: MVM_malloc (alloc.h:2)
==11950==    by 0x4A6DF3B: MVM_io_eventloop_start (eventloop.c:120)
==11950==    by 0x4A6E091: MVM_io_eventloop_queue_work (eventloop.c:155)
==11950==    by 0x4A73D2D: MVM_proc_spawn_async (procops.c:1000)
==11950==    by 0x4A224A0: MVM_interp_run (interp.c:4377)
==11950==    by 0x4B2AFE4: MVM_vm_run_file (moar.c:444)
==11950==    by 0x109777: main (main.c:363)
==11950== 
==11950== 
==11950== Process terminating with default action of signal 6 (SIGABRT): dumping core
==11950==    at 0x510182F: raise (in /usr/lib/libc-2.29.so)
==11950==    by 0x50EC671: abort (in /usr/lib/libc-2.29.so)
==11950==    by 0x4A1A0A7: uv_mutex_destroy.cold.4 (thread.c:303)
==11950==    by 0x4AA3FB9: gc_free (ConcBlockingQueue.c:80)
==11950==    by 0x4A69BB7: MVM_gc_collect_free_gen2_unmarked (collect.c:763)
==11950==    by 0x4A65C3F: MVM_gc_global_destruction (orchestrate.c:675)
==11950==    by 0x4B2B170: MVM_vm_destroy_instance (moar.c:535)
==11950==    by 0x109804: main (main.c:392)
==11950== 
==11950== HEAP SUMMARY:
==11950==     in use at exit: 64,108,716 bytes in 213,684 blocks
==11950==   total heap usage: 386,887 allocs, 46,357 frees, 117,054,509 bytes allocated
==11950== 

Memcheck: mc_main.c:5761 (vgMemCheck_is_valid_aligned_word): Assertion 'VG_IS_WORD_ALIGNED(a)' failed.

host stacktrace:
==11950==    at 0x58048114: show_sched_status_wrk (m_libcassert.c:369)
==11950==    by 0x58048227: report_and_quit (m_libcassert.c:440)
==11950==    by 0x580483B9: vgPlain_assert_fail (m_libcassert.c:506)
==11950==    by 0x58012C29: vgMemCheck_is_valid_aligned_word (mc_main.c:5761)
==11950==    by 0x580017A8: heuristic_reachedness.isra.3 (mc_leakcheck.c:782)
==11950==    by 0x58001C77: lc_push_without_clique_if_a_chunk_ptr (mc_leakcheck.c:915)
==11950==    by 0x5800240D: lc_push_if_a_chunk_ptr (mc_leakcheck.c:1000)
==11950==    by 0x5800240D: lc_scan_memory (mc_leakcheck.c:1170)
==11950==    by 0x58002A22: lc_process_markstack (mc_leakcheck.c:1194)
==11950==    by 0x5800487E: vgMemCheck_detect_memory_leaks (mc_leakcheck.c:2183)
==11950==    by 0x58007B0E: mc_fini (mc_main.c:8003)
==11950==    by 0x580B9FE5: shutdown_actions_NORETURN (m_main.c:2149)
==11950==    by 0x580F58E3: run_a_thread_NORETURN (syswrap-linux.c:203)

sched status:
  running_tid=1


Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind
version, and what OS and version you are using.  Thanks.

[bdw]

Very quick notes:

• the stack trace looks like a user-after-free. So, the uv_loop_close() is accessing frreed memory

• however, valgrind claims that it is freed on line 293, but that line does not contain a MVM_free() currently, so I'm a little confused. @pamplemoussecache - what line does it give for you?

• the event loop is setup by MoarVM when starting asynchronous work (e.g. starting a process and waiting for events like signals). It is torn down during --full-cleanup. Now - if I recall matters entirely correctly, then instance->event_loop should be NULL after it has been freed. So if it ins't that's weird.

• What I'd actually suggest is opening a debugger, setting a breakpoint on the MVM_io_eventloop_destroy function, and stepping through to see what happens. It may be the case that this function is just called twice! I can walk you through the process if it helps.

[MasterDuke17]

dan@alexandria p6]$ pg6 --full-cleanup -e 'for ^2 { my $cmd = run « echo 1 », :out; $cmd.out.close }' 
================================================================================================
This is Rakudo Perl 6 running in the  debugger, which often allows the user to generate useful back-
traces to debug or report issues in Rakudo, the MoarVM backend or the currently running code.

This Rakudo version is 2019.03.1.454.g.8.e.49.a.86.bd built on MoarVM version 2019.05.16.gdc.3.f.36.c.03,
running on arch (5.0.8.arch.1.1.arch) / linux (1.SMP.PREEMPT.Wed.May.22.08.06.56.UTC.2019)

Type `bt full` to generate a backtrace if applicable, type `q` to quit or `help` for help.
------------------------------------------------------------------------------------------------
Reading symbols from /home/dan/Source/perl6/install/bin/perl6-m...
Starting program: /home/dan/Source/perl6/install/bin/perl6-m --full-cleanup -e for\ \^2\ \{\ my\ \$cmd\ =\ run\ «\ echo\ 1\ »,\ :out\;\ \$cmd.out.close\ \}
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7ffff7007700 (LWP 31867)]
[New Thread 0x7ffff4b00700 (LWP 31868)]
[New Thread 0x7fffeffff700 (LWP 31869)]
[New Thread 0x7fffef7fe700 (LWP 31870)]
[Detaching after fork from child process 31871]
[New Thread 0x7fffeeffd700 (LWP 31872)]
[Detaching after fork from child process 31873]
[Thread 0x7ffff7007700 (LWP 31867) exited]
[Thread 0x7fffef7fe700 (LWP 31870) exited]

Thread 1 "perl6-m" received signal SIGABRT, Aborted.
0x00007ffff75bb82f in raise () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff75bb82f in raise () from /usr/lib/libc.so.6
#1  0x00007ffff75a6672 in abort () from /usr/lib/libc.so.6
#2  0x00007ffff79780b8 in uv_mutex_destroy (mutex=mutex@entry=0x5555584f9e38) at 3rdparty/libuv/src/unix/thread.c:303
#3  0x00007ffff7a01b8a in gc_free (tc=<optimized out>, obj=<optimized out>) at src/6model/reprs/ConcBlockingQueue.c:80
#4  0x00007ffff79c7788 in MVM_gc_collect_free_gen2_unmarked (executing_thread=executing_thread@entry=0x55555555aff0, tc=tc@entry=0x55555555aff0, global_destruction=global_destruction@entry=1) at src/gc/collect.c:763
#5  0x00007ffff79c3810 in MVM_gc_global_destruction (tc=0x55555555aff0) at src/gc/orchestrate.c:679
#6  0x00007ffff7a88d51 in MVM_vm_destroy_instance (instance=0x55555555a5a0) at src/moar.c:535
#7  0x000055555555587d in main (argc=<optimized out>, argv=0x7fffffffe868) at src/vm/moar/runner/main.c:392
(gdb)

[MasterDuke17]

Still seeing the exact same thing after #1103 was merged.

[MasterDuke17]

After rebuilding with GC_DEBUG set to 2.

[dan@alexandria p6]$ p6 --full-cleanup -e 'for ^2 { my $cmd = run « echo 1 », :out; $cmd.out.close }' 
MoarVM panic: Collectable 0x559dc8a449e0 in a gen2 freelist accessed
[dan@alexandria p6]$ pg6 --full-cleanup -e 'for ^2 { my $cmd = run « echo 1 », :out; $cmd.out.close }'
================================================================================================
This is Rakudo Perl 6 running in the  debugger, which often allows the user to generate useful back-
traces to debug or report issues in Rakudo, the MoarVM backend or the currently running code.

This Rakudo version is 2019.03.1.454.g.8.e.49.a.86.bd built on MoarVM version 2019.05.18.g.2.ccc.20.fb.5,
running on arch (5.0.8.arch.1.1.arch) / linux (1.SMP.PREEMPT.Wed.May.22.08.06.56.UTC.2019)

Type `bt full` to generate a backtrace if applicable, type `q` to quit or `help` for help.
------------------------------------------------------------------------------------------------
Reading symbols from /home/dan/Source/perl6/install/bin/perl6-m...
Starting program: /home/dan/Source/perl6/install/bin/perl6-m --full-cleanup -e for\ \^2\ \{\ my\ \$cmd\ =\ run\ «\ echo\ 1\ »,\ :out\;\ \$cmd.out.close\ \}
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7ffff6fe2700 (LWP 3873)]
[New Thread 0x7ffff4adb700 (LWP 3874)]
[New Thread 0x7fffeffff700 (LWP 3875)]
[New Thread 0x7fffef7fe700 (LWP 3876)]
[Detaching after fork from child process 3877]
[New Thread 0x7fffeeffd700 (LWP 3878)]
[Detaching after fork from child process 3879]
[Thread 0x7ffff6fe2700 (LWP 3873) exited]
[Thread 0x7fffef7fe700 (LWP 3876) exited]
MoarVM panic: Collectable 0x5555568e26b8 in a gen2 freelist accessed
[Thread 0x7fffeeffd700 (LWP 3878) exited]
[Thread 0x7fffeffff700 (LWP 3875) exited]
[Thread 0x7ffff4adb700 (LWP 3874) exited]
[Inferior 1 (process 3869) exited with code 01]
(gdb) b MVM_panic
Breakpoint 1 at 0x7ffff7957ce0: file src/core/exceptions.c, line 830.
(gdb) r
Starting program: /home/dan/Source/perl6/install/bin/perl6-m --full-cleanup -e for\ \^2\ \{\ my\ \$cmd\ =\ run\ «\ echo\ 1\ »,\ :out\;\ \$cmd.out.close\ \}
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7ffff6fc1700 (LWP 3885)]
[New Thread 0x7ffff4a98700 (LWP 3887)]
[New Thread 0x7fffeffff700 (LWP 3888)]
[New Thread 0x7fffef7fe700 (LWP 3889)]
[Detaching after fork from child process 3890]
[New Thread 0x7fffeeffd700 (LWP 3891)]
[Detaching after fork from child process 3892]
[Thread 0x7ffff6fc1700 (LWP 3885) exited]
[Thread 0x7fffef7fe700 (LWP 3889) exited]
[Switching to Thread 0x7fffeffff700 (LWP 3888)]

Thread 4 "perl6-m" hit Breakpoint 1, MVM_panic (exitCode=exitCode@entry=1, messageFormat=messageFormat@entry=0x7ffff7ad49f8 "Collectable %p in a gen2 freelist accessed") at src/core/exceptions.c:830
830     MVM_NO_RETURN void MVM_panic(MVMint32 exitCode, const char *messageFormat, ...) {
(gdb) bt
#0  MVM_panic (exitCode=exitCode@entry=1, messageFormat=messageFormat@entry=0x7ffff7ad49f8 "Collectable %p in a gen2 freelist accessed") at src/core/exceptions.c:830
#1  0x00007ffff795aad5 in check_reg (idx=<optimized out>, reg_base=<optimized out>, tc=<optimized out>) at src/core/interp.c:14
#2  check_reg (tc=<optimized out>, reg_base=<optimized out>, idx=<optimized out>) at src/core/interp.c:8
#3  0x00007ffff7970e52 in MVM_interp_run (tc=0x1, tc@entry=0x5555585e2ae0, initial_invoke=0x0, invoke_data=0x5555555d1dd0, invoke_data@entry=0x5555585e2940) at src/core/interp.c:1212
#4  0x00007ffff7995866 in start_thread (data=0x5555585e2940) at src/core/threads.c:87
#5  0x00007ffff73ffa92 in start_thread () from /usr/lib/libpthread.so.0
#6  0x00007ffff7659cd3 in clone () from /usr/lib/libc.so.6
(gdb)

[bdw]

Different problem, an ABRT is not a SEGV, a locked mutex being destroyed is not a use-after-free.
So while I agree that this is an issue, I'd ask you to close this one and start a new one 😄

[MasterDuke17]

Sure, easy enough.