Test_move in KinematicBody2D cause game crash

[qarmin]

Godot version:
3.2 a69436a

OS/device including version:
Ubuntu 19.04

Issue description:
Probably, when godot try to do test_move from KinematicBody2D, editor crash with this backtrace

[1] /lib/x86_64-linux-gnu/libc.so.6(+0x43f60) [0x7f8013d0ff60] (??:0)
[2] CollisionObject2DSW::is_shape_set_as_disabled(int) const (/home/rafal/Pulpit/godot/servers/physics_2d/collision_object_2d_sw.h:151 (discriminator 7))
[3] Space2DSW::test_body_motion(Body2DSW*, Transform2D const&, Vector2 const&, bool, float, Physics2DServer::MotionResult*, bool) (/home/rafal/Pulpit/godot/servers/physics_2d/space_2d_sw.cpp:770)
[4] Physics2DServerSW::body_test_motion(RID, Transform2D const&, Vector2 const&, bool, float, Physics2DServer::MotionResult*, bool) (/home/rafal/Pulpit/godot/servers/physics_2d/physics_2d_server_sw.cpp:1055 (discriminator 2))
[5] Physics2DServerWrapMT::body_test_motion(RID, Transform2D const&, Vector2 const&, bool, float, Physics2DServer::MotionResult*, bool) (/home/rafal/Pulpit/godot/servers/physics_2d/physics_2d_server_wrap_mt.h:261 (discriminator 2))
[6] KinematicBody2D::test_move(Transform2D const&, Vector2 const&, bool) (/home/rafal/Pulpit/godot/scene/2d/physics_body_2d.cpp:1386 (discriminator 2))
[7] MethodBind3R<bool, Transform2D const&, Vector2 const&, bool>::call(Object*, Variant const**, int, Variant::CallError&) (/home/rafal/Pulpit/godot/./core/method_bind.gen.inc:2505 (discriminator 16))
[8] Object::call(StringName const&, Variant const**, int, Variant::CallError&) (/home/rafal/Pulpit/godot/core/object.cpp:940 (discriminator 1))
[9] Variant::call_ptr(StringName const&, Variant const**, int, Variant*, Variant::CallError&) (/home/rafal/Pulpit/godot/core/variant_call.cpp:1069 (discriminator 1))
[10] GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Variant::CallError&, GDScriptFunction::CallState*) (/home/rafal/Pulpit/godot/modules/gdscript/gdscript_function.cpp:1072)
[11] GDScriptInstance::call_multilevel(StringName const&, Variant const**, int) (/home/rafal/Pulpit/godot/modules/gdscript/gdscript.cpp:1192)
[12] Node::_notification(int) (/home/rafal/Pulpit/godot/scene/main/node.cpp:67)
[13] Node::_notificationv(int, bool) (/home/rafal/Pulpit/godot/./scene/main/node.h:46 (discriminator 14))
[14] CanvasItem::_notificationv(int, bool) (/home/rafal/Pulpit/godot/./scene/2d/canvas_item.h:166 (discriminator 3))
[15] Node2D::_notificationv(int, bool) (/home/rafal/Pulpit/godot/./scene/2d/node_2d.h:38 (discriminator 3))
[16] CollisionObject2D::_notificationv(int, bool) (/home/rafal/Pulpit/godot/./scene/2d/collision_object_2d.h:39 (discriminator 3))
[17] PhysicsBody2D::_notificationv(int, bool) (/home/rafal/Pulpit/godot/scene/2d/physics_body_2d.h:43 (discriminator 3))
[18] KinematicBody2D::_notificationv(int, bool) (/home/rafal/Pulpit/godot/scene/2d/physics_body_2d.h:290 (discriminator 3))
[19] Object::notification(int, bool) (/home/rafal/Pulpit/godot/core/object.cpp:952)
[20] SceneTree::_notify_group_pause(StringName const&, int) (/home/rafal/Pulpit/godot/scene/main/scene_tree.cpp:975)
[21] SceneTree::iteration(float) (/home/rafal/Pulpit/godot/scene/main/scene_tree.cpp:478 (discriminator 2))
[22] Main::iteration() (/home/rafal/Pulpit/godot/main/main.cpp:1896)
[23] OS_X11::run() (/home/rafal/Pulpit/godot/platform/x11/os_x11.cpp:3034)
[24] /usr/bin/godot(main+0xdc) [0x138298e] (/home/rafal/Pulpit/godot/platform/x11/godot_x11.cpp:56)
[25] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb) [0x7f8013cf2b6b] (??:0)
[26] /usr/bin/godot(_start+0x2a) [0x13827fa] (??:?)

Steps to reproduce:

1. Run game from minimal project with from repository
2. Wait a moment

Minimal reproduction project:
https://github.com/qarmin/The-worst-Godot-test-project
commit 8d91e274d6ad4267b6045be9a36f5c1db32f1bc5

Bug.zip

[Raphael2048]

Seems caused by multi thread operation.

[qarmin]

Still happens in master Godot 3.2 beta 4
New minimal project - 2DALL.zip

This really seems to be problem with multithreading because thread 6 tried to read memory freed by thread 0
Address Sanitizer log

==17485==ERROR: AddressSanitizer: heap-use-after-free on address 0x60800032e360 at pc 0x00000404c1e6 bp 0x7f1dd7d112e0 sp 0x7f1dd7d112d0
READ of size 8 at 0x60800032e360 thread T6
    #0 0x404c1e5 in RID::operator==(RID const&) const core/rid.h:67
    #1 0xdbd3c5f in Area2DSW::BodyKey::operator<(Area2DSW::BodyKey const&) const servers/physics_2d/area_2d_sw.h:74
    #2 0xdbe33f5 in Comparator<Area2DSW::BodyKey>::operator()(Area2DSW::BodyKey const&, Area2DSW::BodyKey const&) const core/typedefs.h:292
    #3 0xdbe33f5 in Map<Area2DSW::BodyKey, Area2DSW::BodyState, Comparator<Area2DSW::BodyKey>, DefaultAllocator>::_insert(Area2DSW::BodyKey const&, Area2DSW::BodyState const&) core/map.h:355
    #4 0xdbdc375 in Map<Area2DSW::BodyKey, Area2DSW::BodyState, Comparator<Area2DSW::BodyKey>, DefaultAllocator>::insert(Area2DSW::BodyKey const&, Area2DSW::BodyState const&) core/map.h:564
    #5 0xdbd7fe2 in Map<Area2DSW::BodyKey, Area2DSW::BodyState, Comparator<Area2DSW::BodyKey>, DefaultAllocator>::operator[](Area2DSW::BodyKey const&) core/map.h:607
    #6 0xdbd5158 in Area2DSW::remove_body_from_query(Body2DSW*, unsigned int, unsigned int) servers/physics_2d/area_2d_sw.h:182
    #7 0xdbcb81f in AreaPair2DSW::~AreaPair2DSW() servers/physics_2d/area_pair_2d_sw.cpp:90
    #8 0xd3e9773 in void memdelete<Constraint2DSW>(Constraint2DSW*) core/os/memory.h:117
    #9 0xd3d989e in Space2DSW::_broadphase_unpair(CollisionObject2DSW*, int, CollisionObject2DSW*, int, void*, void*) servers/physics_2d/space_2d_sw.cpp:1167
    #10 0xdc4d9ea in BroadPhase2DHashGrid::_check_motion(BroadPhase2DHashGrid::Element*) servers/physics_2d/broad_phase_2d_hash_grid.cpp:91
    #11 0xdc555d8 in BroadPhase2DHashGrid::move(unsigned int, Rect2 const&) servers/physics_2d/broad_phase_2d_hash_grid.cpp:357
    #12 0xdc8651c in CollisionObject2DSW::_update_shapes() servers/physics_2d/collision_object_2d_sw.cpp:202
    #13 0xdbc33f9 in CollisionObject2DSW::_set_transform(Transform2D const&, bool) servers/physics_2d/collision_object_2d_sw.h:92
    #14 0xdbb8c34 in Area2DSW::set_transform(Transform2D const&) servers/physics_2d/area_2d_sw.cpp:56
    #15 0xd21a525 in Physics2DServerSW::area_set_transform(RID, Transform2D const&) servers/physics_2d/physics_2d_server_sw.cpp:513
    #16 0xd3580fc in CommandQueueMT::Command2<Physics2DServer, void (Physics2DServer::*)(RID, Transform2D const&), RID, Transform2D>::call() core/command_queue_mt.h:301
    #17 0xd26bf5a in CommandQueueMT::flush_one(bool) core/command_queue_mt.h:426
    #18 0xd26c84e in CommandQueueMT::wait_and_flush_one() core/command_queue_mt.h:459
    #19 0xd26334f in Physics2DServerWrapMT::thread_loop() servers/physics_2d/physics_2d_server_wrap_mt.cpp:63
    #20 0xd26283c in Physics2DServerWrapMT::_thread_callback(void*) servers/physics_2d/physics_2d_server_wrap_mt.cpp:50
    #21 0x4f831d5 in ThreadPosix::thread_callback(void*) drivers/unix/thread_posix.cpp:74
    #22 0x7f1de7f84668 in start_thread /build/glibc-4WA41p/glibc-2.30/nptl/pthread_create.c:479
    #23 0x7f1de71e5322 in clone (/lib/x86_64-linux-gnu/libc.so.6+0x122322)

0x60800032e360 is located 64 bytes inside of 96-byte region [0x60800032e320,0x60800032e380)
freed by thread T0 here:
    #0 0x7f1de860e6ef in __interceptor_free (/lib/x86_64-linux-gnu/libasan.so.5+0x10d6ef)
    #1 0xea5d483 in Memory::free_static(void*, bool) core/os/memory.cpp:178
    #2 0x13fe65d in DefaultAllocator::free(void*) core/os/memory.h:66
    #3 0xdbc5146 in void memdelete_allocator<Map<Area2DSW::BodyKey, Area2DSW::BodyState, Comparator<Area2DSW::BodyKey>, DefaultAllocator>::Element, DefaultAllocator>(Map<Area2DSW::BodyKey, Area2DSW::BodyState, Comparator<Area2DSW::BodyKey>, DefaultAllocator>::Element*) core/os/memory.h:130
    #4 0xdbc4c40 in Map<Area2DSW::BodyKey, Area2DSW::BodyState, Comparator<Area2DSW::BodyKey>, DefaultAllocator>::_cleanup_tree(Map<Area2DSW::BodyKey, Area2DSW::BodyState, Comparator<Area2DSW::BodyKey>, DefaultAllocator>::Element*) core/map.h:505
    #5 0xdbc4b8d in Map<Area2DSW::BodyKey, Area2DSW::BodyState, Comparator<Area2DSW::BodyKey>, DefaultAllocator>::_cleanup_tree(Map<Area2DSW::BodyKey, Area2DSW::BodyState, Comparator<Area2DSW::BodyKey>, DefaultAllocator>::Element*) core/map.h:503
    #6 0xdbc3c9b in Map<Area2DSW::BodyKey, Area2DSW::BodyState, Comparator<Area2DSW::BodyKey>, DefaultAllocator>::clear() core/map.h:660
    #7 0xdbbf19d in Area2DSW::call_queries() servers/physics_2d/area_2d_sw.cpp:205
    #8 0xd3dade1 in Space2DSW::call_queries() servers/physics_2d/space_2d_sw.cpp:1261
    #9 0xd23b698 in Physics2DServerSW::flush_queries() servers/physics_2d/physics_2d_server_sw.cpp:1367
    #10 0xd2653f1 in Physics2DServerWrapMT::flush_queries() servers/physics_2d/physics_2d_server_wrap_mt.cpp:98
    #11 0x1588562 in Main::iteration() main/main.cpp:1985
    #12 0x1483056 in OS_X11::run() platform/x11/os_x11.cpp:3255
    #13 0x13fe299 in main platform/x11/godot_x11.cpp:56
    #14 0x7f1de70ea1e2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x271e2)

previously allocated by thread T6 here:
    #0 0x7f1de860eae8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dae8)
    #1 0xea5c575 in Memory::alloc_static(unsigned long, bool) core/os/memory.cpp:82
    #2 0x140886a in DefaultAllocator::alloc(unsigned long) core/os/memory.h:65
    #3 0xea5c497 in operator new(unsigned long, void* (*)(unsigned long)) core/os/memory.cpp:47
    #4 0xdbe2d7a in Map<Area2DSW::BodyKey, Area2DSW::BodyState, Comparator<Area2DSW::BodyKey>, DefaultAllocator>::_insert(Area2DSW::BodyKey const&, Area2DSW::BodyState const&) core/map.h:347
    #5 0xdbdc375 in Map<Area2DSW::BodyKey, Area2DSW::BodyState, Comparator<Area2DSW::BodyKey>, DefaultAllocator>::insert(Area2DSW::BodyKey const&, Area2DSW::BodyState const&) core/map.h:564
    #6 0xdbd7fe2 in Map<Area2DSW::BodyKey, Area2DSW::BodyState, Comparator<Area2DSW::BodyKey>, DefaultAllocator>::operator[](Area2DSW::BodyKey const&) core/map.h:607
    #7 0xdbd5158 in Area2DSW::remove_body_from_query(Body2DSW*, unsigned int, unsigned int) servers/physics_2d/area_2d_sw.h:182
    #8 0xdbcb81f in AreaPair2DSW::~AreaPair2DSW() servers/physics_2d/area_pair_2d_sw.cpp:90
    #9 0xd3e9773 in void memdelete<Constraint2DSW>(Constraint2DSW*) core/os/memory.h:117
    #10 0xd3d989e in Space2DSW::_broadphase_unpair(CollisionObject2DSW*, int, CollisionObject2DSW*, int, void*, void*) servers/physics_2d/space_2d_sw.cpp:1167
    #11 0xdc4d9ea in BroadPhase2DHashGrid::_check_motion(BroadPhase2DHashGrid::Element*) servers/physics_2d/broad_phase_2d_hash_grid.cpp:91
    #12 0xdc555d8 in BroadPhase2DHashGrid::move(unsigned int, Rect2 const&) servers/physics_2d/broad_phase_2d_hash_grid.cpp:357
    #13 0xdc8651c in CollisionObject2DSW::_update_shapes() servers/physics_2d/collision_object_2d_sw.cpp:202
    #14 0xdbc33f9 in CollisionObject2DSW::_set_transform(Transform2D const&, bool) servers/physics_2d/collision_object_2d_sw.h:92
    #15 0xdbb8c34 in Area2DSW::set_transform(Transform2D const&) servers/physics_2d/area_2d_sw.cpp:56
    #16 0xd21a525 in Physics2DServerSW::area_set_transform(RID, Transform2D const&) servers/physics_2d/physics_2d_server_sw.cpp:513
    #17 0xd3580fc in CommandQueueMT::Command2<Physics2DServer, void (Physics2DServer::*)(RID, Transform2D const&), RID, Transform2D>::call() core/command_queue_mt.h:301
    #18 0xd26bf5a in CommandQueueMT::flush_one(bool) core/command_queue_mt.h:426
    #19 0xd26c84e in CommandQueueMT::wait_and_flush_one() core/command_queue_mt.h:459
    #20 0xd26334f in Physics2DServerWrapMT::thread_loop() servers/physics_2d/physics_2d_server_wrap_mt.cpp:63
    #21 0xd26283c in Physics2DServerWrapMT::_thread_callback(void*) servers/physics_2d/physics_2d_server_wrap_mt.cpp:50
    #22 0x4f831d5 in ThreadPosix::thread_callback(void*) drivers/unix/thread_posix.cpp:74
    #23 0x7f1de7f84668 in start_thread /build/glibc-4WA41p/glibc-2.30/nptl/pthread_create.c:479

Thread T6 created by T0 here:
    #0 0x7f1de853b805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
    #1 0x4f836d0 in ThreadPosix::create_func_posix(void (*)(void*), void*, Thread::Settings const&) drivers/unix/thread_posix.cpp:90
    #2 0xea70927 in Thread::create(void (*)(void*), void*, Thread::Settings const&) core/os/thread.cpp:51
    #3 0xd265f62 in Physics2DServerWrapMT::init() servers/physics_2d/physics_2d_server_wrap_mt.cpp:113
    #4 0x1546d6f in initialize_physics() main/main.cpp:188
    #5 0x1571ad8 in Main::setup2(unsigned long) main/main.cpp:1348
    #6 0x15668ae in Main::setup(char const*, int, char**, bool) main/main.cpp:1136
    #7 0x13fe19b in main platform/x11/godot_x11.cpp:49
    #8 0x7f1de70ea1e2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x271e2)

[tengkuizdihar]

Seems caused by multi thread operation.

@raphael10241024 can confirm, I've changed the setting from multithread physics to single-thread-safe physics in the editor configuration menu and now the issue didn't persist.

Should be noted to any user in the future to not use multi thread physics because of this issue.

[qarmin]

Still happens with 3.2.2

[DmitriySalnikov]

Still happens with 3.2.4.beta c43b2ab