Creating AnimatedSprite and VisibilityEnabler2D/VisibilityEnabler(3D) crashes Godot

[qarmin]

Godot version

3.4.beta.custom_build. 26aefbb

System information

Ubuntu 21.04 - Nvidia GTX 970, Gnome shell 3.38 X11

Issue description

When executing

func _process(delta):
	var temp_variable1714 = AnimatedSprite.new()
	add_child(temp_variable1714)
	temp_variable1714.set_block_signals(true)
	temp_variable1714.queue_free()

	var temp_variable1715 = VisibilityEnabler2D.new()
	add_child(temp_variable1715)
	temp_variable1715.queue_free()

Godot crashes with backtrace

==14659==ERROR: AddressSanitizer: heap-use-after-free on address 0x618000060890 at pc 0x00000e8e813d bp 0x7ffe48417860 sp 0x7ffe48417850
READ of size 8 at 0x618000060890 thread T0
    #0 0xe8e813c in VisibilityEnabler2D::_notification(int) scene/2d/visibility_notifier_2d.cpp:262
    #1 0xe8f4e13 in VisibilityEnabler2D::_notificationv(int, bool) scene/2d/visibility_notifier_2d.h:71
    #2 0x11dd2777 in Object::notification(int, bool) core/object.cpp:927
    #3 0xc556e4b in Node::_propagate_exit_tree() scene/main/node.cpp:290
    #4 0xc5a171a in Node::_set_tree(SceneTree*) scene/main/node.cpp:2547
    #5 0xc5769bd in Node::remove_child(Node*) scene/main/node.cpp:1209
    #6 0xc54f1ee in Node::_notification(int) scene/main/node.cpp:161
    #7 0x1b490d3 in Node::_notificationv(int, bool) scene/main/node.h:45
    #8 0x1b4b9e4 in CanvasItem::_notificationv(int, bool) scene/2d/canvas_item.h:163
    #9 0xc3c01d4 in Node2D::_notificationv(int, bool) scene/2d/node_2d.h:37
    #10 0xe8f24a8 in VisibilityNotifier2D::_notificationv(int, bool) scene/2d/visibility_notifier_2d.h:38
    #11 0xe8f4f42 in VisibilityEnabler2D::_notificationv(int, bool) scene/2d/visibility_notifier_2d.h:71
    #12 0x11dd2777 in Object::notification(int, bool) core/object.cpp:927
    #13 0x11dc1817 in Object::_predelete() core/object.cpp:387
    #14 0x11dfb076 in predelete_handler(Object*) core/object.cpp:1994
    #15 0x199921e in void memdelete<Object>(Object*) core/os/memory.h:111
    #16 0xc67e4ad in SceneTree::_flush_delete_queue() scene/main/scene_tree.cpp:1090
    #17 0xc66d268 in SceneTree::idle(float) scene/main/scene_tree.cpp:545
    #18 0x198e755 in Main::iteration() main/main.cpp:2186
    #19 0x1865caa in OS_X11::run() platform/x11/os_x11.cpp:3641
    #20 0x17d0dab in main platform/x11/godot_x11.cpp:55
    #21 0x7f04c4d32564 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x28564)
    #22 0x17d09cd in _start (/usr/bin/godots+0x17d09cd)

0x618000060890 is located 16 bytes inside of 824-byte region [0x618000060880,0x618000060bb8)
freed by thread T0 here:
    #0 0x7f04c5caf8f7 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127
    #1 0x12334b78 in Memory::free_static(void*, bool) core/os/memory.cpp:168
    #2 0x19993ed in void memdelete<Object>(Object*) core/os/memory.h:118
    #3 0xc67e4ad in SceneTree::_flush_delete_queue() scene/main/scene_tree.cpp:1090
    #4 0xc66d268 in SceneTree::idle(float) scene/main/scene_tree.cpp:545
    #5 0x198e755 in Main::iteration() main/main.cpp:2186
    #6 0x1865caa in OS_X11::run() platform/x11/os_x11.cpp:3641
    #7 0x17d0dab in main platform/x11/godot_x11.cpp:55
    #8 0x7f04c4d32564 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x28564)

previously allocated by thread T0 here:
    #0 0x7f04c5cafc47 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x12333b39 in Memory::alloc_static(unsigned long, bool) core/os/memory.cpp:75
    #2 0x12333a4a in operator new(unsigned long, char const*) core/os/memory.cpp:40
    #3 0xc4b21c2 in Object* ClassDB::creator<AnimatedSprite>() core/class_db.h:140
    #4 0x11b52a7c in ClassDB::instance(StringName const&) core/class_db.cpp:520
    #5 0x1c7866e in GDScriptNativeClass::instance() modules/gdscript/gdscript.cpp:77
    #6 0x1c78056 in GDScriptNativeClass::_new() modules/gdscript/gdscript.cpp:65
    #7 0x1d5309f in MethodBind0R<Variant>::call(Object*, Variant const**, int, Variant::CallError&) core/method_bind.gen.inc:237
    #8 0x11dd22dd in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:918
    #9 0x1205bb58 in Variant::call_ptr(StringName const&, Variant const**, int, Variant*, Variant::CallError&) core/variant_call.cpp:1175
    #10 0x1e6c698 in GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Variant::CallError&, GDScriptFunction::CallState*) modules/gdscript/gdscript_function.cpp:1044
    #11 0x1c9dad4 in GDScriptInstance::call_multilevel(StringName const&, Variant const**, int) modules/gdscript/gdscript.cpp:1184
    #12 0xc5484c9 in Node::_notification(int) scene/main/node.cpp:56
    #13 0x1b490d3 in Node::_notificationv(int, bool) scene/main/node.h:45
    #14 0x1b4b548 in CanvasItem::_notificationv(int, bool) scene/2d/canvas_item.h:163
    #15 0xc3bfd22 in Node2D::_notificationv(int, bool) scene/2d/node_2d.h:37
    #16 0x11dd2777 in Object::notification(int, bool) core/object.cpp:927
    #17 0xc67b72d in SceneTree::_notify_group_pause(StringName const&, int) scene/main/scene_tree.cpp:973
    #18 0xc66bcbb in SceneTree::idle(float) scene/main/scene_tree.cpp:528
    #19 0x198e755 in Main::iteration() main/main.cpp:2186
    #20 0x1865caa in OS_X11::run() platform/x11/os_x11.cpp:3641
    #21 0x17d0dab in main platform/x11/godot_x11.cpp:55
    #22 0x7f04c4d32564 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x28564)

SUMMARY: AddressSanitizer: heap-use-after-free scene/2d/visibility_notifier_2d.cpp:262 in VisibilityEnabler2D::_notification(int)

This example was found by fuzzer, so I don't recommend trying understand in what situation such code could be used in real project, because such situation probably doesn't exists.

Steps to reproduce

Above

Minimal reproduction project

No response

[RedMser]

This issue doesn't seem to include any steps to reproduce, code snippet or MRP...

[qarmin]

Updated post