The bug in this case was that we had a worker thread making a foreign
call which invoked a callback (in this case it was performGC, I
think).  When the callback ended, boundTaskExiting() was setting
task->stopped, but the Task is now per-OS-thread, so it is shared by
the worker that made the original foreign call.  When the foreign call
returned, because task->stopped was set, the worker was not placed on
the queue of spare workers.  Somehow the worker woke up again, and
found the spare_workers queue empty, which lead to a crash.

Two bugs here: task->stopped should not have been set by
boundTaskExiting (this broke when I split the Task and InCall structs,
in 6.12.2), and releaseCapabilityAndQueueWorker() should not be
testing task->stopped anyway, because it should only ever be called
when task->stopped is false (this is now an assertion).