v26.06rc1: fuzz-open_channel Error 134 (or "Aborted")

[whitslack]

While running the unit tests on v26.06rc1, I am seeing a consistent failure in tests/fuzz/fuzz-open_channel:

make: *** [Makefile:921: fuzzunittest/tests/fuzz/fuzz-open_channel] Error 134

No other information is emitted.

Oddly, if I remove the >/dev/null from the fuzz testing recipe in Makefile, then there still is no additional information emitted, but the Error 134 changes to Aborted.

If I run tests/fuzz/fuzz-open_channel under GDB, then I can get a backtrace:

Program received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=0) at pthread_kill.c:44
⚠ warning: 44  pthread_kill.c: No such file or directory
(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=6, no_tid=0) at pthread_kill.c:44
#1  __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:89
#2  __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at pthread_kill.c:100
#3  0x00007ffff77979a2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4  0x00007ffff777ae67 in __GI_abort () at abort.c:77
#5  0x000055555556a982 in call_error (msg=msg@entry=0x55555556df38 "Not a valid header") at ccan/ccan/tal/tal.c:95
#6  0x000055555556a9e5 in check_bounds (p=p@entry=0x278dfa4a) at ccan/ccan/tal/tal.c:169
#7  0x000055555556a9fc in to_tal_hdr (ctx=ctx@entry=0x278dfa72) at ccan/ccan/tal/tal.c:177
#8  0x000055555556b257 in tal_free (ctx=ctx@entry=0x278dfa72) at ccan/ccan/tal/tal.c:525
#9  0x000055555555aba8 in run (data=<optimized out>, data@entry=0x555555594808 "D", size=<optimized out>)
    at tests/fuzz/fuzz-open_channel.c:478
#10 0x00005555555594ea in main (argc=<optimized out>, argv=<optimized out>) at tests/fuzz/libfuzz.c:182

tests/fuzz/fuzz-open_channel.c:478 contains the cleanup call to tal_free(run_ctx) near the end of the run function. Is this possibly a double free?