SkeletonIK crashes when selecting node in hierarchy

[ScribbleFen]

Godot version:
3.2.3

OS/device including version:
Linux (5.4) Manjaro Nibia 20.2.1
Linux (5.9) Manjaro Nibia 20.2.1
(tried on two different machines)

Issue description:
I'm exporting to gltf2 (*.glb) from Blender (2.91.0), a simple mesh and armature, just trying to test IK and get it working. It works in the viewport for me but not when actually playing the scene. And then trying to fix that I ran into this crashing issue. It doesn't seem to happen totally consistently, but I managed to figure out probably the bare minimum steps to produce this, and following these steps I was able to get it to crash pretty consistently on the 3rd or 4th time.

I tested the IK demo on the asset library and that seemed to work okay so I think it might be something with what I'm doing, but I tried exporting from Blender to both .dae as well as .escn and IK was broken with those, too. Not sure what else to try...

Steps to reproduce:

1. Open test.tscn

2. Click on SkeletonIK in the hierarchy in the Scene tab
   

3. Play Scene (F6)

4. Close the play scene window
   

5. Close the scene
   

6. Repeat 1-3 times and it should crash on step 2

Minimal reproduction project:
SkeletonIKTest.zip

[Calinou]

Can you try to reproduce this bug in 3.2.4rc1? This should be fixed according to #35652.

[ScribbleFen]

Just downloaded and tried rc1, too, same issue. Tried a couple times, and it actually seems to be happening even more consistently now--just closing and reopening the scene one time triggers the issue rather than it taking multiple times like before.

[snougo]

Can you try to reproduce this bug in 3.2.4rc1? This should be fixed according to #35652.

crash is still happening in 3.2.4 rc1

[qarmin]

Address sanitizer log

=================================================================
==146974==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000089310 at pc 0x00000a80f4f6 bp 0x7ffe5c46c7e0 sp 0x7ffe5c46c7d0
READ of size 8 at 0x617000089310 thread T0
    #0 0xa80f4f5 in SkeletonIKEditorPlugin::_play() editor/plugins/skeleton_ik_editor_plugin.cpp:40
    #1 0xa8105b2 in SkeletonIKEditorPlugin::edit(Object*) editor/plugins/skeleton_ik_editor_plugin.cpp:56
    #2 0x8a562d0 in EditorPluginList::edit(Object*) editor/editor_node.cpp:7155
    #3 0x88d6952 in EditorNode::_set_editing_top_editors(Object*) editor/editor_node.cpp:1941
    #4 0x88e1ae2 in EditorNode::_edit_current() editor/editor_node.cpp:2141
    #5 0x88d52c6 in EditorNode::push_item(Object*, String const&, bool) editor/editor_node.cpp:1911
    #6 0x94b98be in SceneTreeDock::_node_selected() editor/scene_tree_dock.cpp:1345
    #7 0x1b03797 in MethodBind0::call(Object*, Variant const**, int, Variant::CallError&) core/method_bind.gen.inc:59
    #8 0x11557789 in Object::call(StringName const&, Variant const**, int, Variant::CallError&) core/object.cpp:919
    #9 0x11527354 in MessageQueue::_call_function(Object*, StringName const&, Variant const*, int, bool) core/message_queue.cpp:250
    #10 0x115281f6 in MessageQueue::flush() core/message_queue.cpp:297
    #11 0xc1728ac in SceneTree::idle(float) scene/main/scene_tree.cpp:524
    #12 0x18ddb88 in Main::iteration() main/main.cpp:2123
    #13 0x17c1bd2 in OS_X11::run() platform/x11/os_x11.cpp:3641
    #14 0x172defb in main platform/x11/godot_x11.cpp:56
    #15 0x7fcd63a2f0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #16 0x172db1d in _start (/usr/bin/godots+0x172db1d)

0x617000089310 is located 16 bytes inside of 752-byte region [0x617000089300,0x6170000895f0)
freed by thread T0 here:
    #0 0x7fcd64ba88d0 in __interceptor_realloc (/lib/x86_64-linux-gnu/libasan.so.6+0xb08d0)
    #1 0x7fcd586abc7a  (/lib/x86_64-linux-gnu/libnvidia-glcore.so.460.56+0xd72c7a)

previously allocated by thread T0 here:
    #0 0x7fcd64ba88d0 in __interceptor_realloc (/lib/x86_64-linux-gnu/libasan.so.6+0xb08d0)
    #1 0x7fcd586abc7a  (/lib/x86_64-linux-gnu/libnvidia-glcore.so.460.56+0xd72c7a)

SUMMARY: AddressSanitizer: heap-use-after-free editor/plugins/skeleton_ik_editor_plugin.cpp:40 in SkeletonIKEditorPlugin::_play()

[noiamhippyman]

This is still happening in 3.4.3

I tested with an empty project and just saved a scene with a single spatial object.

Open the scene.
Click the spatial object in scene hierarchy.
Close the scene.

I repeated those steps over and over and never crashed.

The very first time I put a skeletonIK node in the scene hierarchy and ran through the steps above but clicked on skeletonIK instead of Spatial and the editor crashed immediately on clicking skeletonIK.

I'd like to point out that I never even had to run the game. Just doing this in the editor results in a crash every time.

[EzraT]

I can confirm this still happens in 3.5-stable.