Menu script starting a new game crashes the engine

With following setup the engine crashes when running under the address sanitizer (1aa4ef02):

openmw.cfg:

data=/home/elsid/dev/example-suite/game_template/data
data=/home/elsid/dev/example-suite/the_hub/data
data=/home/elsid/dev/example-suite/example_animated_creature/data

content=template.omwgame
content=the_hub.omwaddon
content=landracer.omwaddon

settings.cfg:

[Models]
xbaseanim = meshes/BasicPlayer.dae
baseanim = meshes/BasicPlayer.dae
xbaseanim1st = meshes/BasicPlayer.dae
baseanimkna = meshes/BasicPlayer.dae
baseanimkna1st = meshes/BasicPlayer.dae
xbaseanimfemale = meshes/BasicPlayer.dae
baseanimfemale = meshes/BasicPlayer.dae
baseanimfemale1st = meshes/BasicPlayer.dae
xargonianswimkna = meshes/BasicPlayer.dae
xbaseanimkf = meshes/BasicPlayer.dae
xbaseanim1stkf = meshes/BasicPlayer.dae
xbaseanimfemalekf = meshes/BasicPlayer.dae
xargonianswimknakf = meshes/BasicPlayer.dae
skyatmosphere = meshes/sky_atmosphere.dae
skyclouds = meshes/sky_clouds_01.osgt
skynight01 = meshes/sky_night_01.osgt

new_game_crash.omwscripts:

MENU: menu.lua

menu.lua

local menu = require('openmw.menu')

local started = false

return {
    engineHandlers = {
        onFrame = function()
            if started then
                menu.quit()
            end
            started = true
            menu.newGame()
        end
    },
}

export ASAN_OPTIONS=halt_on_error=1:strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1
export TSAN_OPTIONS=second_deadlock_stack=1
export UBSAN_OPTIONS=print_stacktrace=1

./openmw \
    --skip-menu \
    --no-grab \
    --data /home/elsid/dev/openmw/scripts/data/new_game_crash \
    --content new_game_crash.omwscripts

ASAN report

==18318==ERROR: AddressSanitizer: heap-use-after-free on address 0x51b0000e38b8 at pc 0x5cb67c763f66 bp 0x7602ab7fde80 sp 0x7602ab7fde70
READ of size 8 at 0x51b0000e38b8 thread T19
    #0 0x5cb67c763f65 in LuaUtil::ScriptsContainer::addAutoStartedScripts() /home/elsid/dev/openmw/components/lua/scriptscontainer.cpp:77
    #1 0x5cb678ce386b in MWLua::LuaManager::update() /home/elsid/dev/openmw/apps/openmw/mwlua/luamanagerimp.cpp:175
    #2 0x5cb67a180d5e in MWLua::Worker::update(unsigned long long, unsigned int, osg::Stats&) /home/elsid/dev/openmw/apps/openmw/mwlua/worker.cpp:71
    #3 0x5cb67a1810c3 in MWLua::Worker::run() /home/elsid/dev/openmw/apps/openmw/mwlua/worker.cpp:87
    #4 0x5cb67a180105 in operator() /home/elsid/dev/openmw/apps/openmw/mwlua/worker.cpp:18
    #5 0x5cb67a183ab3 in __invoke_impl<void, MWLua::Worker::Worker(MWLua::LuaManager&)::<lambda()> > /usr/include/c++/14.2.1/bits/invoke.h:61
    #6 0x5cb67a183a76 in __invoke<MWLua::Worker::Worker(MWLua::LuaManager&)::<lambda()> > /usr/include/c++/14.2.1/bits/invoke.h:96
    #7 0x5cb67a183a23 in _M_invoke<0> /usr/include/c++/14.2.1/bits/std_thread.h:301
    #8 0x5cb67a1839f7 in operator() /usr/include/c++/14.2.1/bits/std_thread.h:308
    #9 0x5cb67a1839db in _M_run /usr/include/c++/14.2.1/bits/std_thread.h:253
    #10 0x7602fd4e1c33 in execute_native_thread_routine /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:104
    #11 0x76030625d109 in asan_thread_start /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:234
    #12 0x7602fd2a339c  (/usr/lib/libc.so.6+0x9439c) (BuildId: 98b3d8e0b8c534c769cb871c438b4f8f3a8e4bf3)
    #13 0x7602fd32849b  (/usr/lib/libc.so.6+0x11949b) (BuildId: 98b3d8e0b8c534c769cb871c438b4f8f3a8e4bf3)

0x51b0000e38b8 is located 56 bytes inside of 1624-byte region [0x51b0000e3880,0x51b0000e3ed8)
freed by thread T0 here:
    #0 0x7603062ff652 in operator delete(void*, unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:164
    #1 0x5cb678d55b8f in std::__new_allocator<std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> >::deallocate(std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2>*, unsigned long) /usr/include/c++/14.2.1/bits/new_allocator.h:172
    #2 0x5cb678d48179 in std::allocator<std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> >::deallocate(std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2>*, unsigned long) /usr/include/c++/14.2.1/bits/allocator.h:208
    #3 0x5cb678d48179 in std::allocator_traits<std::allocator<std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> > >::deallocate(std::allocator<std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> >&, std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2>*, unsigned long) /usr/include/c++/14.2.1/bits/alloc_traits.h:513
    #4 0x5cb678d48179 in std::__allocated_ptr<std::allocator<std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> > >::~__allocated_ptr() /usr/include/c++/14.2.1/bits/allocated_ptr.h:74
    #5 0x5cb678d6808a in std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2>::_M_destroy() /usr/include/c++/14.2.1/bits/shared_ptr_base.h:626
    #6 0x5cb677e49058 in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release() /usr/include/c++/14.2.1/bits/shared_ptr_base.h:347
    #7 0x5cb677e5e651 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::~__shared_count() /usr/include/c++/14.2.1/bits/shared_ptr_base.h:1069
    #8 0x5cb678d01579 in std::__shared_ptr<MWLua::LocalScripts, (__gnu_cxx::_Lock_policy)2>::~__shared_ptr() /usr/include/c++/14.2.1/bits/shared_ptr_base.h:1525
    #9 0x5cb678d26361 in std::__shared_ptr<MWLua::LocalScripts, (__gnu_cxx::_Lock_policy)2>::operator=(std::__shared_ptr<MWLua::LocalScripts, (__gnu_cxx::_Lock_policy)2>&&) /usr/include/c++/14.2.1/bits/shared_ptr_base.h:1621
    #10 0x5cb678d14ca5 in std::shared_ptr<MWLua::LocalScripts>::operator=(std::shared_ptr<MWLua::LocalScripts>&&) /usr/include/c++/14.2.1/bits/shared_ptr.h:439
    #11 0x5cb67b9fa10c in MWWorld::RefData::operator=(MWWorld::RefData&&) /home/elsid/dev/openmw/apps/openmw/mwworld/refdata.cpp:184
    #12 0x5cb67c20f5bc in MWWorld::LiveCellRefBase::operator=(MWWorld::LiveCellRefBase&&) /home/elsid/dev/openmw/apps/openmw/mwworld/livecellref.cpp:59
    #13 0x5cb67bb375fa in MWWorld::LiveCellRef<ESM::NPC>::operator=(MWWorld::LiveCellRef<ESM::NPC>&&) /home/elsid/dev/openmw/apps/openmw/mwworld/../mwworld/livecellref.hpp:127
    #14 0x5cb67bb331d8 in MWWorld::Player::clear() /home/elsid/dev/openmw/apps/openmw/mwworld/player.cpp:256
    #15 0x5cb67ba0697c in MWWorld::World::clear() /home/elsid/dev/openmw/apps/openmw/mwworld/worldimp.cpp:429
    #16 0x5cb67c62e3d2 in MWState::StateManager::cleanup(bool) /home/elsid/dev/openmw/apps/openmw/mwstate/statemanagerimp.cpp:61
    #17 0x5cb67c62ff49 in MWState::StateManager::newGame(bool) /home/elsid/dev/openmw/apps/openmw/mwstate/statemanagerimp.cpp:169
    #18 0x5cb67c63b3f8 in MWState::StateManager::update(float) /home/elsid/dev/openmw/apps/openmw/mwstate/statemanagerimp.cpp:760
    #19 0x5cb67c656aeb in OMW::Engine::frame(unsigned int, float) /home/elsid/dev/openmw/apps/openmw/engine.cpp:238
    #20 0x5cb67c663f1e in OMW::Engine::go() /home/elsid/dev/openmw/apps/openmw/engine.cpp:1032
    #21 0x5cb677e055fd in runApplication(int, char**) /home/elsid/dev/openmw/apps/openmw/main.cpp:228
    #22 0x5cb67d7660c6 in Debug::wrapApplication(int (*)(int, char**), int, char**, std::basic_string_view<char, std::char_traits<char> >) /home/elsid/dev/openmw/components/debug/debugging.cpp:457
    #23 0x5cb677e0582d in main /home/elsid/dev/openmw/apps/openmw/main.cpp:240
    #24 0x7602fd234e07  (/usr/lib/libc.so.6+0x25e07) (BuildId: 98b3d8e0b8c534c769cb871c438b4f8f3a8e4bf3)
    #25 0x7602fd234ecb in __libc_start_main (/usr/lib/libc.so.6+0x25ecb) (BuildId: 98b3d8e0b8c534c769cb871c438b4f8f3a8e4bf3)
    #26 0x5cb677e00d24 in _start (/home/elsid/dev/openmw/build/gcc/asan/openmw+0x56c4d24) (BuildId: 8574a955daef6fdd6559c0df32513b53e212f4a0)

previously allocated by thread T0 here:
    #0 0x7603062fe4f2 in operator new(unsigned long) /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_new_delete.cpp:95
    #1 0x5cb678d55b5e in std::__new_allocator<std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> >::allocate(unsigned long, void const*) /usr/include/c++/14.2.1/bits/new_allocator.h:151
    #2 0x5cb678d48033 in std::allocator<std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> >::allocate(unsigned long) /usr/include/c++/14.2.1/bits/allocator.h:196
    #3 0x5cb678d48033 in std::allocator_traits<std::allocator<std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> > >::allocate(std::allocator<std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> >&, unsigned long) /usr/include/c++/14.2.1/bits/alloc_traits.h:478
    #4 0x5cb678d48033 in std::__allocated_ptr<std::allocator<std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> > > std::__allocate_guarded<std::allocator<std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> > >(std::allocator<std::_Sp_counted_ptr_inplace<MWLua::PlayerScripts, std::allocator<void>, (__gnu_cxx::_Lock_policy)2> >&) /usr/include/c++/14.2.1/bits/allocated_ptr.h:98
    #5 0x5cb678d424f5 in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::__shared_count<MWLua::PlayerScripts, std::allocator<void>, LuaUtil::LuaState*, MWLua::LObject>(MWLua::PlayerScripts*&, std::_Sp_alloc_shared_tag<std::allocator<void> >, LuaUtil::LuaState*&&, MWLua::LObject&&) /usr/include/c++/14.2.1/bits/shared_ptr_base.h:967
    #6 0x5cb678d36693 in std::__shared_ptr<MWLua::PlayerScripts, (__gnu_cxx::_Lock_policy)2>::__shared_ptr<std::allocator<void>, LuaUtil::LuaState*, MWLua::LObject>(std::_Sp_alloc_shared_tag<std::allocator<void> >, LuaUtil::LuaState*&&, MWLua::LObject&&) /usr/include/c++/14.2.1/bits/shared_ptr_base.h:1713
    #7 0x5cb678d25f40 in std::shared_ptr<MWLua::PlayerScripts>::shared_ptr<std::allocator<void>, LuaUtil::LuaState*, MWLua::LObject>(std::_Sp_alloc_shared_tag<std::allocator<void> >, LuaUtil::LuaState*&&, MWLua::LObject&&) /usr/include/c++/14.2.1/bits/shared_ptr.h:463
    #8 0x5cb678d14a65 in std::shared_ptr<MWLua::PlayerScripts> std::make_shared<MWLua::PlayerScripts, LuaUtil::LuaState*, MWLua::LObject>(LuaUtil::LuaState*&&, MWLua::LObject&&) /usr/include/c++/14.2.1/bits/shared_ptr.h:1008
    #9 0x5cb678ce9d15 in MWLua::LuaManager::createLocalScripts(MWWorld::Ptr const&, std::optional<std::map<int, std::basic_string_view<char, std::char_traits<char> >, std::less<int>, std::allocator<std::pair<int const, std::basic_string_view<char, std::char_traits<char> > > > > >) /home/elsid/dev/openmw/apps/openmw/mwlua/luamanagerimp.cpp:557
    #10 0x5cb678ce6338 in MWLua::LuaManager::setupPlayer(MWWorld::Ptr const&) /home/elsid/dev/openmw/apps/openmw/mwlua/luamanagerimp.cpp:362
    #11 0x5cb67ba23398 in MWWorld::World::setupPlayer() /home/elsid/dev/openmw/apps/openmw/mwworld/worldimp.cpp:2306
    #12 0x5cb67ba058e8 in MWWorld::World::startNewGame(bool) /home/elsid/dev/openmw/apps/openmw/mwworld/worldimp.cpp:337
    #13 0x5cb67c6301ff in MWState::StateManager::newGame(bool) /home/elsid/dev/openmw/apps/openmw/mwstate/statemanagerimp.cpp:178
    #14 0x5cb67c663b53 in OMW::Engine::go() /home/elsid/dev/openmw/apps/openmw/engine.cpp:1009
    #15 0x5cb677e055fd in runApplication(int, char**) /home/elsid/dev/openmw/apps/openmw/main.cpp:228
    #16 0x5cb67d7660c6 in Debug::wrapApplication(int (*)(int, char**), int, char**, std::basic_string_view<char, std::char_traits<char> >) /home/elsid/dev/openmw/components/debug/debugging.cpp:457
    #17 0x5cb677e0582d in main /home/elsid/dev/openmw/apps/openmw/main.cpp:240
    #18 0x7602fd234e07  (/usr/lib/libc.so.6+0x25e07) (BuildId: 98b3d8e0b8c534c769cb871c438b4f8f3a8e4bf3)
    #19 0x7602fd234ecb in __libc_start_main (/usr/lib/libc.so.6+0x25ecb) (BuildId: 98b3d8e0b8c534c769cb871c438b4f8f3a8e4bf3)
    #20 0x5cb677e00d24 in _start (/home/elsid/dev/openmw/build/gcc/asan/openmw+0x56c4d24) (BuildId: 8574a955daef6fdd6559c0df32513b53e212f4a0)

Thread T19 created by T0 here:
    #0 0x7603062f468b in pthread_create /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_interceptors.cpp:245
    #1 0x7602fd4e1d31 in __gthread_create /usr/src/debug/gcc/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:676
    #2 0x7602fd4e1d31 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/thread.cc:172
    #3 0x5cb67a1813e8 in thread<MWLua::Worker::Worker(MWLua::LuaManager&)::<lambda()> > /usr/include/c++/14.2.1/bits/std_thread.h:173
    #4 0x5cb67a180313 in MWLua::Worker::Worker(MWLua::LuaManager&) /home/elsid/dev/openmw/apps/openmw/mwlua/worker.cpp:18
    #5 0x5cb67c680aa9 in std::__detail::_MakeUniq<MWLua::Worker>::__single_object std::make_unique<MWLua::Worker, MWLua::LuaManager&>(MWLua::LuaManager&) /usr/include/c++/14.2.1/bits/unique_ptr.h:1076
    #6 0x5cb67c661d1b in OMW::Engine::prepareEngine() /home/elsid/dev/openmw/apps/openmw/engine.cpp:920
    #7 0x5cb67c66318b in OMW::Engine::go() /home/elsid/dev/openmw/apps/openmw/engine.cpp:952
    #8 0x5cb677e055fd in runApplication(int, char**) /home/elsid/dev/openmw/apps/openmw/main.cpp:228
    #9 0x5cb67d7660c6 in Debug::wrapApplication(int (*)(int, char**), int, char**, std::basic_string_view<char, std::char_traits<char> >) /home/elsid/dev/openmw/components/debug/debugging.cpp:457
    #10 0x5cb677e0582d in main /home/elsid/dev/openmw/apps/openmw/main.cpp:240
    #11 0x7602fd234e07  (/usr/lib/libc.so.6+0x25e07) (BuildId: 98b3d8e0b8c534c769cb871c438b4f8f3a8e4bf3)
    #12 0x7602fd234ecb in __libc_start_main (/usr/lib/libc.so.6+0x25ecb) (BuildId: 98b3d8e0b8c534c769cb871c438b4f8f3a8e4bf3)
    #13 0x5cb677e00d24 in _start (/home/elsid/dev/openmw/build/gcc/asan/openmw+0x56c4d24) (BuildId: 8574a955daef6fdd6559c0df32513b53e212f4a0)

SUMMARY: AddressSanitizer: heap-use-after-free /home/elsid/dev/openmw/components/lua/scriptscontainer.cpp:77 in LuaUtil::ScriptsContainer::addAutoStartedScripts()
Shadow bytes around the buggy address:
  0x51b0000e3600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x51b0000e3680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x51b0000e3700: 00 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fa
  0x51b0000e3780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x51b0000e3800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x51b0000e3880: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd
  0x51b0000e3900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x51b0000e3980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x51b0000e3a00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x51b0000e3a80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x51b0000e3b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==18318==ABORTING