Question double free error

This is no core file, i'm run tbamud via gdb.

And restarting mud.

I'm waiting next crash...

Hello, i'm Prool, the bug hunter

I'm reveived next crash.

Debug info here:

SYSERR: Write to socket: Connection reset by peer
free(): invalid pointer

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: Нет такого файла или каталога.

(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff7dae859 in __GI_abort () at abort.c:79
#2 0x00007ffff7e1929e in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7f43298 "%s\n")
at ../sysdeps/posix/libc_fatal.c:155
#3 0x00007ffff7e2132c in malloc_printerr (str=str@entry=0x7ffff7f414c1 "free(): invalid pointer") at malloc.c:5347
#4 0x00007ffff7e22b5c in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:4173
#5 0x00005555555b9a91 in close_socket (d=0x555556c23be0) at comm.c:2111
#6 0x00005555555bb398 in game_loop (local_mother_desc=3) at comm.c:917
#7 0x0000555555566319 in init_game (local_port=<optimized out>) at comm.c:544
#8 main (argc=2, argv=<optimized out>) at comm.c:355


up 5 times

(gdb) print d->history
$1 = (char **) 0x555556be77d0

(gdb) info local
cnt = <optimized out>
temp = <optimized out>

(gdb) print *d
$2 = {descriptor = 6, host = "183.136.225.43", '\000' <repeats 26 times>, bad_pws = 0 '\000', idle_tics = 0 '\000', connected = 32,
desc_num = 21, login_time = 1685193942, showstr_head = 0x0, showstr_vector = 0x0, showstr_count = 0, showstr_page = 0, str = 0x0,
backstr = 0x0, max_str = 0, mail_to = 0, has_prompt = 0,
inbuf = "\000ET / HTTP/1.1\r\nHost: 195.123.245.173:8888\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0\r\nAccept: */*\r\nConnection: keep-alive\r\n\r\n", '\000' <repeats 12108 times>,
last_input = "Connection: keep-alive\000 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0", '\000' <repeats 417 times>,
small_outbuf = "Attempting to Detect Client, Please Wait...\r\n\377\375\030Collecting Protocol Information... Please Wait.\r\n", '\000' <repeats 926 times>,
output = 0x555556c26e5c "Attempting to Detect Client, Please Wait...\r\n\377\375\030Collecting Protocol Information... Please Wait.\r\n", history = 0x555556be77d0, history_pos = 0, bufptr = 97, bufspace = 926, large_outbuf = 0x0, input = {head = 0x0, tail = 0x555556b4c6c0},
character = 0x0, original = 0x0, snooping = 0x0, snoop_by = 0x0, next = 0x0, olc = 0x0, pProtocol = 0x555556c002c0,
events = 0x555556af3bc0}

(gdb) print *(d->history)
$3 = 0x555556af4d60 ""

With best regards,

Serge "Prool" Pustovoitoff