FStaticMeshInstanceData::~FStaticMeshInstanceData Crash

Community Community & Industry Discussion
, , ,
1

Hi All,
We have an uncommon but recurring crash with the FStaticMeshInstanceData destructor. It appears to likely be double-deleting, or deleting a garbage pointer.

Call-stack is here:

[Inline Function] FStaticMeshInstanceData::~FStaticMeshInstanceData() Line 1070 + 0xc bytes	C++
[Inline Function] FStaticMeshInstanceData::~FStaticMeshInstanceData() Line 1069	C++
[Inline Function] DestructItem<FStaticMeshInstanceData>(FStaticMeshInstanceData* Element=???) Line 75	C++
SharedPointerInternals::TIntrusiveReferenceController<FStaticMeshInstanceData>::DestroyObject() Line 145	C++
[Inline Function] SharedPointerInternals::FReferenceControllerOps<(ESPMode)1>::ReleaseSharedReference(SharedPointerInternals::FReferenceControllerBase* ReferenceController=0x000000106bf1c450, SharedPointerInternals::FReferenceControllerBase* __formal0=???) Line 286	C++
[Inline Function] SharedPointerInternals::FSharedReferencer<(ESPMode)1>::~FSharedReferencer() Line 445	C++
[Inline Function] TSharedPtr<FStaticMeshInstanceData,(ESPMode)1>::operator=(const TSharedPtr<FStaticMeshInstanceData,(ESPMode)1>& InSharedPtr={ Object=0x000000106bf1f750 { InstanceOriginData=0x0000001037000f10 {...} InstanceOriginDataPtr=0x0000001061b2bd10 <Bad Ptr> ... } ... }, const TSharedPtr<FStaticMeshInstanceData,(ESPMode)1>& __formal0=???) Line 758	C++
[Inline Function] FPerInstanceRenderData::UpdateFromPreallocatedData::__unnamed_type_1::operator()(FRHICommandListImmediate& RHICmdList=???, FRHICommandListImmediate& __formal0=???) Line 733	C++
[Inline Function] TEnqueueUniqueRenderCommandType<FPerInstanceRenderData::UpdateFromPreallocatedData::FInstanceBuffer_UpdateFromPreallocatedDataName,(anon_class)>::DoTask(enum ENamedThreads::Type CurrentThread=???, const FGraphEventRef& MyCompletionGraphEvent=???, enum ENamedThreads::Type __formal0=???, const FGraphEventRef& __formal1=???) Line 190	C++
TGraphTask<TEnqueueUniqueRenderCommandType<FPerInstanceRenderData::UpdateFromPreallocatedData::FInstanceBuffer_UpdateFromPreallocatedDataName,(anon_class)>>::ExecuteTask(TArray<FBaseGraphTask*,TSizedDefaultAllocator<32>>& NewTasks=???, enum ENamedThreads::Type CurrentThread=???) Line 847	C++
[Inline Function] FBaseGraphTask::Execute(TArray<FBaseGraphTask*,TSizedDefaultAllocator<32>>& NewTasks=???, enum ENamedThreads::Type CurrentThread=???, TArray<FBaseGraphTask*,TSizedDefaultAllocator<32>>& __formal0=???, enum ENamedThreads::Type __formal1=???) Line 514 + 0x3 bytes	C++
[Inline Function] FNamedTaskThread::ProcessTasksNamedThread(int32 QueueIndex=???, bool bAllowStall=???, int32 __formal0=???, bool __formal1=???) Line 686	C++
FNamedTaskThread::ProcessTasksUntilQuit(int32 QueueIndex=???) Line 582	C++
[Inline Function] RenderingThreadMain(FEvent* TaskGraphBoundSyncEvent=0x0000001005658060) Line 340	C++
FRenderingThread::Run() Line 488	C++
FRunnableThreadPThread::Run() Line 27	C++

I attempted to add a bit zero-ing out the pointers after delete, however it did not fix the issue:

	~FStaticMeshInstanceData()
	{
		delete InstanceOriginData;
		delete InstanceLightmapData;
		delete InstanceTransformData;

// ILLFONIC CHANGE BEGIN - chance.lyon - 05/27/20 - Clean up our pointers after delete, fixing possible double-delete crash
		InstanceOriginData = nullptr;
		InstanceOriginDataPtr = nullptr;

		InstanceTransformData = nullptr;
		InstanceTransformDataPtr = nullptr;

		InstanceLightmapData = nullptr;
		InstanceLightmapDataPtr = nullptr;
// ILLFONIC CHANGE END
	}

The FStaticMeshInstanceData has gone to some odd invalid values:

-		(FStaticMeshInstanceData*)rdi	0x000000105b62fc00 { InstanceOriginData=0x3f0000003f000000 {...} InstanceOriginDataPtr=0x000000003f800000 "/libexec/ld-elf.so.1" ... }	FStaticMeshInstanceData*
+		InstanceOriginData	0x3f0000003f000000 {...}	FStaticMeshVertexDataInterface*
+		InstanceOriginDataPtr	0x000000003f800000 "/libexec/ld-elf.so.1"	uint8*
+		InstanceTransformData	0x0000000045a62098 {...}	FStaticMeshVertexDataInterface*
+		InstanceTransformDataPtr	0x0000000045a0a3a8 <Bad Ptr>	uint8*
+		InstanceLightmapData	0x0000000000000000 {...}	FStaticMeshVertexDataInterface*
+		InstanceLightmapDataPtr	0x0000000000000000 <Bad Ptr>	uint8*
		NumInstances	1164902912	int32
		bUseHalfFloat	false	bool

Hopefully someone has ran into this before, but given it’s location on the rendering thread it’s very difficult to get much more information or devise a fix.

Thanks,

  • Chance