Hi Martin,
My theory is this:
* The main loop has (at least) two pending sources:
1) a gatchat callback to e.g. a plugin CFUN=0 command
2) rx data ready on the cmux uart channel
* The main loop calls the plugin callback first, where g_at_mux_unref()
is called
* The main l
When closing down a cmux object, the address sanitizer detects a
use-after-free in gatmux.c (see below). It is caused by glib sources not being
entirely removed in g_at_mux_shutdown(), an so their callbacks can be
called with a freed mux object.
Avoid this by deferring the free of the mux object u