There is a use after free in radare2 2.6.0 in r_anal_bb_free in libr/anal/bb.c via a crafted Java binary file.