Crash on shutdown when eventlog is used

Summary

When using the eventlog in a large server application, I observe

munmap_chunk(): invalid pointer
Aborted (core dumped)

when the program exits. The problem does not arise without the -l flag. The resulting eventlog cannot be read by eventlog2html, presumably because it is incomplete or corrupted.

A backtrace indicates the problem is that finishCapEventLogging tries to call stgFree on a buffer that has already been freed.

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007fcc82cde859 in __GI_abort () at abort.c:79
#2  0x00007fcc82d4926e in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7fcc82e73298 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007fcc82d512fc in malloc_printerr (str=str@entry=0x7fcc82e751e0 "munmap_chunk(): invalid pointer") at malloc.c:5347
#4  0x00007fcc82d5154c in munmap_chunk (p=<optimised out>) at malloc.c:2830
#5  0x00007fcc834004e6 in finishCapEventLogging () at rts/eventlog/EventLog.c:778
#6  0x00007fcc833d1a94 in hs_exit_ (wait_foreign=false) at rts/RtsStartup.c:526
#7  0x00007fcc833d2055 in shutdownHaskellAndExit (n=1, fastExit=<optimised out>) at rts/RtsStartup.c:652
#8  0x00007fcc84206680 in ?? () from /opt/ghc/9.2.2/lib/ghc-9.2.2/base-4.16.1.0/libHSbase-4.16.1.0-ghc9.2.2.so
#9  0x0000000000000000 in ?? ()

I don't see why finishCapEventLogging would be called twice though.

Steps to reproduce

Unfortunately this is a large commercial codebase so I can't post a public reproducer, and I'm not sure where to start with extracting a minimal example.

Expected behavior

finishCapEventLogging should not double free the buffer.

Environment

GHC version used: 9.2.2
Operating System: Linux
System Architecture: x86_64

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information