When we call the destructor code for a WiredTigerRecoveryUnit, we check if we set the _prefetching field to true and reconfigure the session that we owned to disable _prefetching if this is the case. We do something similar for cache_max_wait_ms. We do this so that we do not release any sessions that have non-default configurations into the session_cache here. However, it is possible that we have shut down the storage engine before we call the RecoveryUnit destructor, which results in us accessing fields in the session that have been zeroed out, resulting in invalid memory access. 

We became aware of this following SERVER-86912 but that ticket seems to only have made this situation more common (because prefetch is set every time we perform validation).

One approach to resolving this could be to shift the reconfiguration to the release session code. Every time we set the session configuration to be something non-default, we could store the config string that undoes that change (for example, if we set "prefetch=(enabled=true)", we store "prefetch=(enabled=false)"). We could then make sure that we reset the confuguration.