Inventory ASan crash

20:02:18 I Command   : command: move 9 1 6972958 1
   0: 14 00 3A 00 00 00 7F 7F - 7F 19 81 03 7F 7F 7F 7F  | ..:.............
  16: 7F 5F 87 6A A1 49 01 B7 - 40 03 6A 66 1E 05 B5 01  | ._.j.I..@.jf....
  32: 03 BA 09 03 B1 10 2E 03 - 09 FF 43 20 63 69 73 61  | ..........C cisa
  48: 42 87 6C 61 6F 7F 7F 7F - 7F 7F 7F 7F 7F 7F 7F 43  | B.lao..........C
  64: 00                                                 | .
=================================================================
==23393==ERROR: AddressSanitizer: heap-use-after-free on address 0x61a019b676d4 at pc 0x55555636b50b bp 0x7fffdcde4b20 sp 0x7fffdcde4b18
READ of size 4 at 0x61a019b676d4 thread T335
    #0 0x55555636b50a in Commands::Command_Inventory(Client*, Seperator*, EQ2_RemoteCommandString*) ../WorldServer/Commands/Commands.cpp:6484
    #1 0x5555563ebc8a in Commands::Process(unsigned int, EQ2_16BitString*, Client*, Spawn*) ../WorldServer/Commands/Commands.cpp:5173
    #2 0x555555f8d3c8 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1814
    #3 0x555555fa3020 in Client::Process(bool) ../WorldServer/client.cpp:2994
    #4 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181
    #5 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385
    #6 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865
    #7 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486
    #8 0x7ffff68274ce in clone (/lib/x86_64-linux-gnu/libc.so.6+0xf94ce)

0x61a019b676d4 is located 1108 bytes inside of 1184-byte region [0x61a019b67280,0x61a019b67720)
freed by thread T335 here:
    #0 0x7ffff72e0128 in operator delete(void*, unsigned long) (/lib/x86_64-linux-gnu/libasan.so.5+0xec128)
    #1 0x555555cbdf14 in Player::MoveInventoryItem(int, unsigned short, unsigned char, unsigned char, unsigned char, unsigned short) ../WorldServer/Player.cpp:2247
    #2 0x55555636b1f4 in Commands::Command_Inventory(Client*, Seperator*, EQ2_RemoteCommandString*) ../WorldServer/Commands/Commands.cpp:6480
    #3 0x5555563ebc8a in Commands::Process(unsigned int, EQ2_16BitString*, Client*, Spawn*) ../WorldServer/Commands/Commands.cpp:5173
    #4 0x555555f8d3c8 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1814
    #5 0x555555fa3020 in Client::Process(bool) ../WorldServer/client.cpp:2994
    #6 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181
    #7 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385
    #8 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865
    #9 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486

previously allocated by thread T335 here:
    #0 0x7ffff72ded30 in operator new(unsigned long) (/lib/x86_64-linux-gnu/libasan.so.5+0xead30)
    #1 0x5555565f46b3 in WorldDatabase::LoadCharacterItemList(unsigned int, unsigned int, Player*, unsigned short) ../WorldServer/Items/ItemsDB.cpp:1263
    #2 0x555555f5e3a0 in Client::SendLoginInfo() ../WorldServer/client.cpp:369
    #3 0x555555fa2e90 in Client::Process(bool) ../WorldServer/client.cpp:2970
    #4 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181
    #5 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385
    #6 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865
    #7 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486

Thread T335 created by T272 here:
    #0 0x7ffff7244db0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0)
    #1 0x5555559defbd in ZoneServer::Init() ../WorldServer/zoneserver.cpp:308
    #2 0x555555dc216f in ZoneList::Get(char const*, bool) ../WorldServer/World.cpp:568
    #3 0x555555f715be in Client::Zone(char const*, bool) ../WorldServer/client.cpp:4101
    #4 0x555555b78976 in Sign::HandleUse(Client*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) ../WorldServer/Sign.cpp:278
    #5 0x555555f8b599 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1689
    #6 0x555555fa3020 in Client::Process(bool) ../WorldServer/client.cpp:2994
    #7 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181
    #8 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385
    #9 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865
    #10 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486

Thread T272 created by T241 here:
    #0 0x7ffff7244db0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0)
    #1 0x5555559defbd in ZoneServer::Init() ../WorldServer/zoneserver.cpp:308
    #2 0x555555dc216f in ZoneList::Get(char const*, bool) ../WorldServer/World.cpp:568
    #3 0x555555f715be in Client::Zone(char const*, bool) ../WorldServer/client.cpp:4101
    #4 0x555555b78976 in Sign::HandleUse(Client*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) ../WorldServer/Sign.cpp:278
    #5 0x555555f8b599 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1689
    #6 0x555555fa3020 in Client::Process(bool) ../WorldServer/client.cpp:2994
    #7 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181
    #8 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385
    #9 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865
    #10 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486

Thread T241 created by T229 here:
    #0 0x7ffff7244db0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0)
    #1 0x5555559defbd in ZoneServer::Init() ../WorldServer/zoneserver.cpp:308
    #2 0x555555dc216f in ZoneList::Get(char const*, bool) ../WorldServer/World.cpp:568
    #3 0x555555f715be in Client::Zone(char const*, bool) ../WorldServer/client.cpp:4101
    #4 0x555555b78976 in Sign::HandleUse(Client*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) ../WorldServer/Sign.cpp:278
    #5 0x555555f8b599 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1689
    #6 0x555555fa3020 in Client::Process(bool) ../WorldServer/client.cpp:2994
    #7 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181
    #8 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385
    #9 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865
    #10 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486

Thread T229 created by T129 here:
    #0 0x7ffff7244db0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0)
    #1 0x5555559defbd in ZoneServer::Init() ../WorldServer/zoneserver.cpp:308
    #2 0x555555dc216f in ZoneList::Get(char const*, bool) ../WorldServer/World.cpp:568
    #3 0x555555f715be in Client::Zone(char const*, bool) ../WorldServer/client.cpp:4101
    #4 0x555555b78976 in Sign::HandleUse(Client*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) ../WorldServer/Sign.cpp:278
    #5 0x555555f8b599 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1689
    #6 0x555555fa3020 in Client::Process(bool) ../WorldServer/client.cpp:2994
    #7 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181
    #8 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385
    #9 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865
    #10 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486

Thread T129 created by T101 here:
    #0 0x7ffff7244db0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0)
    #1 0x5555559defbd in ZoneServer::Init() ../WorldServer/zoneserver.cpp:308
    #2 0x555555dc289a in ZoneList::Get(unsigned int, bool) ../WorldServer/World.cpp:595
    #3 0x555555e3dcc1 in EQ2Emu_lua_GetZone(lua_State*) ../WorldServer/LuaFunctions.cpp:1586
    #4 0x5555567a43c3 in luaD_precall (/home/eq2emu_server/server/eq2world+0x12503c3)
    #5 0x5555567b1343 in luaV_execute (/home/eq2emu_server/server/eq2world+0x125d343)
    #6 0x5555567a4752 in luaD_call (/home/eq2emu_server/server/eq2world+0x1250752)
    #7 0x5555567a47b0 in luaD_callnoyield (/home/eq2emu_server/server/eq2world+0x12507b0)
    #8 0x5555567b5ab2 in f_call (/home/eq2emu_server/server/eq2world+0x1261ab2)
    #9 0x5555567a379b in luaD_rawrunprotected (/home/eq2emu_server/server/eq2world+0x124f79b)
    #10 0x5555567a4f6b in luaD_pcall (/home/eq2emu_server/server/eq2world+0x1250f6b)
    #11 0x5555567b5b80 in lua_pcallk (/home/eq2emu_server/server/eq2world+0x1261b80)
    #12 0x555555c18d5b in LuaInterface::CallScriptSInt32(lua_State*, unsigned char, int*) ../WorldServer/LuaInterface.cpp:734
    #13 0x555555c2e1f9 in LuaInterface::RunSpawnScript(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, char const*, Spawn*, Spawn*, char const*, bool, int, int*) ../WorldServer/LuaInterface.cpp:2265
    #14 0x555555938fd9 in ZoneServer::CallSpawnScript(Spawn*, unsigned char, Spawn*, char const*, bool, int, int*) ../WorldServer/zoneserver.cpp:2791
    #15 0x555555f86e52 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1284
    #16 0x555555fa3020 in Client::Process(bool) ../WorldServer/client.cpp:2994
    #17 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181
    #18 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385
    #19 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865
    #20 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486

Thread T101 created by T0 here:
    #0 0x7ffff7244db0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0)
    #1 0x5555559defbd in ZoneServer::Init() ../WorldServer/zoneserver.cpp:308
    #2 0x555555dc357d in ZoneList::GetByInstanceID(unsigned int, unsigned int) ../WorldServer/World.cpp:649
    #3 0x55555618f2b9 in WorldDatabase::UpdateStartingZone(unsigned int, unsigned char, unsigned char, PacketStruct*) ../WorldServer/WorldDatabase.cpp:3713
    #4 0x55555619bb95 in WorldDatabase::SaveCharacter(PacketStruct*, unsigned int) ../WorldServer/WorldDatabase.cpp:2295
    #5 0x55555591a652 in LoginServer::Process() ../WorldServer/LoginServer.cpp:363
    #6 0x555555b71b80 in main ../WorldServer/net.cpp:459
    #7 0x7ffff675209a in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: heap-use-after-free ../WorldServer/Commands/Commands.cpp:6484 in Commands::Command_Inventory(Client*, Seperator*, EQ2_RemoteCommandString*)
Shadow bytes around the buggy address:
  0x0c3483364e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3483364e90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3483364ea0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3483364eb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c3483364ec0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c3483364ed0: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd
  0x0c3483364ee0: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3483364ef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3483364f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c3483364f10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c3483364f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==23393==ABORTING
[Thread 0x7fffd4ab9700 (LWP 10573) exited]
[Thread 0x7fffdcdf2700 (LWP 10572) exited]
[Thread 0x7fffd68c1700 (LWP 10209) exited]
[Thread 0x7fffee52f700 (LWP 10208) exited]
[Thread 0x7fffe2169700 (LWP 10002) exited]
[Thread 0x7fffe6ac1700 (LWP 10001) exited]
[Thread 0x7fffda695700 (LWP 23417) exited]
[Thread 0x7fffdc51c700 (LWP 23414) exited]
[Thread 0x7fffe1135700 (LWP 23412) exited]
[Thread 0x7fffe1968700 (LWP 23411) exited]
[Thread 0x7fffecc40700 (LWP 23409) exited]
[Thread 0x7fffed441700 (LWP 23408) exited]
[Thread 0x7fffeed30700 (LWP 23406) exited]
[Thread 0x7fffef531700 (LWP 23405) exited]
[Thread 0x7ffff0533700 (LWP 23403) exited]
[Thread 0x7ffff10a2700 (LWP 23402) exited]
[Thread 0x7ffff18b1700 (LWP 23401) exited]
[Thread 0x7ffff20b2700 (LWP 23398) exited]
[Thread 0x7ffff32ff700 (LWP 23397) exited]
[Thread 0x7ffff5f5d9c0 (LWP 23393) exited]
[Inferior 1 (process 23393) exited with code 01]

``` 20:02:18 I Command : command: move 9 1 6972958 1 0: 14 00 3A 00 00 00 7F 7F - 7F 19 81 03 7F 7F 7F 7F | ..:............. 16: 7F 5F 87 6A A1 49 01 B7 - 40 03 6A 66 1E 05 B5 01 | ._.j.I..@.jf.... 32: 03 BA 09 03 B1 10 2E 03 - 09 FF 43 20 63 69 73 61 | ..........C cisa 48: 42 87 6C 61 6F 7F 7F 7F - 7F 7F 7F 7F 7F 7F 7F 43 | B.lao..........C 64: 00 | . ================================================================= ==23393==ERROR: AddressSanitizer: heap-use-after-free on address 0x61a019b676d4 at pc 0x55555636b50b bp 0x7fffdcde4b20 sp 0x7fffdcde4b18 READ of size 4 at 0x61a019b676d4 thread T335 #0 0x55555636b50a in Commands::Command_Inventory(Client*, Seperator*, EQ2_RemoteCommandString*) ../WorldServer/Commands/Commands.cpp:6484 #1 0x5555563ebc8a in Commands::Process(unsigned int, EQ2_16BitString*, Client*, Spawn*) ../WorldServer/Commands/Commands.cpp:5173 #2 0x555555f8d3c8 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1814 #3 0x555555fa3020 in Client::Process(bool) ../WorldServer/client.cpp:2994 #4 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181 #5 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385 #6 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865 #7 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486 #8 0x7ffff68274ce in clone (/lib/x86_64-linux-gnu/libc.so.6+0xf94ce) 0x61a019b676d4 is located 1108 bytes inside of 1184-byte region [0x61a019b67280,0x61a019b67720) freed by thread T335 here: #0 0x7ffff72e0128 in operator delete(void*, unsigned long) (/lib/x86_64-linux-gnu/libasan.so.5+0xec128) #1 0x555555cbdf14 in Player::MoveInventoryItem(int, unsigned short, unsigned char, unsigned char, unsigned char, unsigned short) ../WorldServer/Player.cpp:2247 #2 0x55555636b1f4 in Commands::Command_Inventory(Client*, Seperator*, EQ2_RemoteCommandString*) ../WorldServer/Commands/Commands.cpp:6480 #3 0x5555563ebc8a in Commands::Process(unsigned int, EQ2_16BitString*, Client*, Spawn*) ../WorldServer/Commands/Commands.cpp:5173 #4 0x555555f8d3c8 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1814 #5 0x555555fa3020 in Client::Process(bool) ../WorldServer/client.cpp:2994 #6 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181 #7 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385 #8 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865 #9 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486 previously allocated by thread T335 here: #0 0x7ffff72ded30 in operator new(unsigned long) (/lib/x86_64-linux-gnu/libasan.so.5+0xead30) #1 0x5555565f46b3 in WorldDatabase::LoadCharacterItemList(unsigned int, unsigned int, Player*, unsigned short) ../WorldServer/Items/ItemsDB.cpp:1263 #2 0x555555f5e3a0 in Client::SendLoginInfo() ../WorldServer/client.cpp:369 #3 0x555555fa2e90 in Client::Process(bool) ../WorldServer/client.cpp:2970 #4 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181 #5 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385 #6 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865 #7 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486 Thread T335 created by T272 here: #0 0x7ffff7244db0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0) #1 0x5555559defbd in ZoneServer::Init() ../WorldServer/zoneserver.cpp:308 #2 0x555555dc216f in ZoneList::Get(char const*, bool) ../WorldServer/World.cpp:568 #3 0x555555f715be in Client::Zone(char const*, bool) ../WorldServer/client.cpp:4101 #4 0x555555b78976 in Sign::HandleUse(Client*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) ../WorldServer/Sign.cpp:278 #5 0x555555f8b599 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1689 #6 0x555555fa3020 in Client::Process(bool) ../WorldServer/client.cpp:2994 #7 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181 #8 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385 #9 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865 #10 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486 Thread T272 created by T241 here: #0 0x7ffff7244db0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0) #1 0x5555559defbd in ZoneServer::Init() ../WorldServer/zoneserver.cpp:308 #2 0x555555dc216f in ZoneList::Get(char const*, bool) ../WorldServer/World.cpp:568 #3 0x555555f715be in Client::Zone(char const*, bool) ../WorldServer/client.cpp:4101 #4 0x555555b78976 in Sign::HandleUse(Client*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) ../WorldServer/Sign.cpp:278 #5 0x555555f8b599 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1689 #6 0x555555fa3020 in Client::Process(bool) ../WorldServer/client.cpp:2994 #7 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181 #8 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385 #9 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865 #10 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486 Thread T241 created by T229 here: #0 0x7ffff7244db0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0) #1 0x5555559defbd in ZoneServer::Init() ../WorldServer/zoneserver.cpp:308 #2 0x555555dc216f in ZoneList::Get(char const*, bool) ../WorldServer/World.cpp:568 #3 0x555555f715be in Client::Zone(char const*, bool) ../WorldServer/client.cpp:4101 #4 0x555555b78976 in Sign::HandleUse(Client*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) ../WorldServer/Sign.cpp:278 #5 0x555555f8b599 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1689 #6 0x555555fa3020 in Client::Process(bool) ../WorldServer/client.cpp:2994 #7 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181 #8 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385 #9 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865 #10 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486 Thread T229 created by T129 here: #0 0x7ffff7244db0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0) #1 0x5555559defbd in ZoneServer::Init() ../WorldServer/zoneserver.cpp:308 #2 0x555555dc216f in ZoneList::Get(char const*, bool) ../WorldServer/World.cpp:568 #3 0x555555f715be in Client::Zone(char const*, bool) ../WorldServer/client.cpp:4101 #4 0x555555b78976 in Sign::HandleUse(Client*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) ../WorldServer/Sign.cpp:278 #5 0x555555f8b599 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1689 #6 0x555555fa3020 in Client::Process(bool) ../WorldServer/client.cpp:2994 #7 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181 #8 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385 #9 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865 #10 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486 Thread T129 created by T101 here: #0 0x7ffff7244db0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0) #1 0x5555559defbd in ZoneServer::Init() ../WorldServer/zoneserver.cpp:308 #2 0x555555dc289a in ZoneList::Get(unsigned int, bool) ../WorldServer/World.cpp:595 #3 0x555555e3dcc1 in EQ2Emu_lua_GetZone(lua_State*) ../WorldServer/LuaFunctions.cpp:1586 #4 0x5555567a43c3 in luaD_precall (/home/eq2emu_server/server/eq2world+0x12503c3) #5 0x5555567b1343 in luaV_execute (/home/eq2emu_server/server/eq2world+0x125d343) #6 0x5555567a4752 in luaD_call (/home/eq2emu_server/server/eq2world+0x1250752) #7 0x5555567a47b0 in luaD_callnoyield (/home/eq2emu_server/server/eq2world+0x12507b0) #8 0x5555567b5ab2 in f_call (/home/eq2emu_server/server/eq2world+0x1261ab2) #9 0x5555567a379b in luaD_rawrunprotected (/home/eq2emu_server/server/eq2world+0x124f79b) #10 0x5555567a4f6b in luaD_pcall (/home/eq2emu_server/server/eq2world+0x1250f6b) #11 0x5555567b5b80 in lua_pcallk (/home/eq2emu_server/server/eq2world+0x1261b80) #12 0x555555c18d5b in LuaInterface::CallScriptSInt32(lua_State*, unsigned char, int*) ../WorldServer/LuaInterface.cpp:734 #13 0x555555c2e1f9 in LuaInterface::RunSpawnScript(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, char const*, Spawn*, Spawn*, char const*, bool, int, int*) ../WorldServer/LuaInterface.cpp:2265 #14 0x555555938fd9 in ZoneServer::CallSpawnScript(Spawn*, unsigned char, Spawn*, char const*, bool, int, int*) ../WorldServer/zoneserver.cpp:2791 #15 0x555555f86e52 in Client::HandlePacket(EQApplicationPacket*) ../WorldServer/client.cpp:1284 #16 0x555555fa3020 in Client::Process(bool) ../WorldServer/client.cpp:2994 #17 0x555555a05e42 in ZoneServer::ClientProcess() ../WorldServer/zoneserver.cpp:3181 #18 0x555555a126c5 in ZoneServer::Process() ../WorldServer/zoneserver.cpp:1385 #19 0x555555a1e965 in ZoneLoop(void*) ../WorldServer/zoneserver.cpp:6865 #20 0x7ffff6fbcfa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486 Thread T101 created by T0 here: #0 0x7ffff7244db0 in __interceptor_pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x50db0) #1 0x5555559defbd in ZoneServer::Init() ../WorldServer/zoneserver.cpp:308 #2 0x555555dc357d in ZoneList::GetByInstanceID(unsigned int, unsigned int) ../WorldServer/World.cpp:649 #3 0x55555618f2b9 in WorldDatabase::UpdateStartingZone(unsigned int, unsigned char, unsigned char, PacketStruct*) ../WorldServer/WorldDatabase.cpp:3713 #4 0x55555619bb95 in WorldDatabase::SaveCharacter(PacketStruct*, unsigned int) ../WorldServer/WorldDatabase.cpp:2295 #5 0x55555591a652 in LoginServer::Process() ../WorldServer/LoginServer.cpp:363 #6 0x555555b71b80 in main ../WorldServer/net.cpp:459 #7 0x7ffff675209a in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: heap-use-after-free ../WorldServer/Commands/Commands.cpp:6484 in Commands::Command_Inventory(Client*, Seperator*, EQ2_RemoteCommandString*) Shadow bytes around the buggy address: 0x0c3483364e80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3483364e90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3483364ea0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3483364eb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c3483364ec0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c3483364ed0: fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd 0x0c3483364ee0: fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3483364ef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3483364f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c3483364f10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c3483364f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==23393==ABORTING [Thread 0x7fffd4ab9700 (LWP 10573) exited] [Thread 0x7fffdcdf2700 (LWP 10572) exited] [Thread 0x7fffd68c1700 (LWP 10209) exited] [Thread 0x7fffee52f700 (LWP 10208) exited] [Thread 0x7fffe2169700 (LWP 10002) exited] [Thread 0x7fffe6ac1700 (LWP 10001) exited] [Thread 0x7fffda695700 (LWP 23417) exited] [Thread 0x7fffdc51c700 (LWP 23414) exited] [Thread 0x7fffe1135700 (LWP 23412) exited] [Thread 0x7fffe1968700 (LWP 23411) exited] [Thread 0x7fffecc40700 (LWP 23409) exited] [Thread 0x7fffed441700 (LWP 23408) exited] [Thread 0x7fffeed30700 (LWP 23406) exited] [Thread 0x7fffef531700 (LWP 23405) exited] [Thread 0x7ffff0533700 (LWP 23403) exited] [Thread 0x7ffff10a2700 (LWP 23402) exited] [Thread 0x7ffff18b1700 (LWP 23401) exited] [Thread 0x7ffff20b2700 (LWP 23398) exited] [Thread 0x7ffff32ff700 (LWP 23397) exited] [Thread 0x7ffff5f5d9c0 (LWP 23393) exited] [Inferior 1 (process 23393) exited with code 01] ```

#370 Inventory ASan crash