UE4 Crashes: MallocBinned Class Dangling Pointer(Seemingly) Problem

UPDATE

I added a crash report this time. It has a Slate mention in it, so i am not sure if this is related to Slate even though my project doesnt use it.

LoginId:bc57457c4349ebcdb234e79ab332b2c0
EpicAccountId:

Access violation - code c0000005 (first/second chance not available)

ChessGame_Win32_Shipping!FMallocBinned2::Malloc() [c:\users\ceset\desktop\unreal_release_git\engine\source\runtime\core\public\hal\mallocbinned2.h:398]
ChessGame_Win32_Shipping!FMemory::Malloc() [c:\users\ceset\desktop\unreal_release_git\engine\source\runtime\core\public\hal\fmemory.inl:32]
ChessGame_Win32_Shipping!HarfBuzzMalloc() [c:\users\ceset\desktop\unreal_release_git\engine\source\runtime\slatecore\private\fonts\fontcacheharfbuzz.cpp:43]
ChessGame_Win32_Shipping!FD3D11DynamicRHI::RHICreateVertexBuffer() [c:\users\ceset\desktop\unreal_release_git\engine\source\runtime\windows\d3d11rhi\private\d3d11vertexbuffer.cpp:90]
ChessGame_Win32_Shipping!FDynamicRHI::CreateVertexBuffer_RenderThread() [c:\users\ceset\desktop\unreal_release_git\engine\source\runtime\rhi\private\rhicommandlist.cpp:1722]
ChessGame_Win32_Shipping!FRWBuffer::Initialize() [c:\users\ceset\desktop\unreal_release_git\engine\source\runtime\rhi\public\rhiutilities.h:70]
ChessGame_Win32_Shipping!FDeferredShadingSceneRenderer::ComputeLightGrid() [c:\users\ceset\desktop\unreal_release_git\engine\source\runtime\renderer\private\lightgridinjection.cpp:618]
ChessGame_Win32_Shipping!FDeferredShadingSceneRenderer::Render() [c:\users\ceset\desktop\unreal_release_git\engine\source\runtime\renderer\private\deferredshadingrenderer.cpp:832]
ChessGame_Win32_Shipping!GRHICommandList()
ChessGame_Win32_Shipping!FNamedTaskThread::ProcessTasksUntilQuit() [c:\users\ceset\desktop\unreal_release_git\engine\source\runtime\core\private\async\taskgraph.cpp:559]
ChessGame_Win32_Shipping!FTaskGraphImplementation::ProcessThreadUntilRequestReturn() [c:\users\ceset\desktop\unreal_release_git\engine\source\runtime\core\private\async\taskgraph.cpp:1276]
ChessGame_Win32_Shipping!RenderingThreadMain() [c:\users\ceset\desktop\unreal_release_git\engine\source\runtime\rendercore\private\renderingthread.cpp:325]
ChessGame_Win32_Shipping!FRenderingThread::Run() [c:\users\ceset\desktop\unreal_release_git\engine\source\runtime\rendercore\private\renderingthread.cpp:458]
ChessGame_Win32_Shipping!FRunnableThreadWin::Run() [c:\users\ceset\desktop\unreal_release_git\engine\source\runtime\core\private\windows\windowsrunnablethread.cpp:76]

Hi Everyone;

The Problem:
Recently i have been experiencing an interesting crash issue. At first glance it makes you think, this is a dangling pointer problem. But it looks like it is more than that.

It is a bit weird since the supposedly dangling pointer is used just a few lines above and no problem occurs? It makes me think it is caused by a multithread access to a pointer and the accessing code seemingly deletes the pointer.

You can look at the screenshots down below. As a note, realize that;

  • In line 462, Bundle is checked inside while condition
  • In line 464, Bundle is used to get the NextBundle
  • In line 469, code tries to access NextNodeInCurrentBundle through Node, which is Bundle itself as it is assigned at line 466, and crash happens

It seems like a dangling pointer problem, but in fact it just accessed the pointer, so i guess it means that some other thread deletes it in between?

As a note, I am not sure what this problem may mean and i dont have an idea of where to look at. Any pointer is appreciated and no pun intended.

Anyways, here are the screenshots;

Screenshot Group 1: (I am going to upload other screenshots under this post as a comment)

Screenshot group 2:

Screenshot group 3:

I think i dont know enough about how memory allocation for non-uobjects inside unreal works. Also there is not enough doc about this topic. There is one that Rama wrote, but it is on a surface level.

Maybe someone who knows about it, can give us an explanation a bit deeper than surface level?

NOTE: One important detail is that this crash never happens if it runs inside the editor. But when you run the game standalone this happens

I am receiving this error code constantly:

Exception thrown: read access violation.
**BasePtrOfNode** was 0xFFFFFFFFFFFFFFFF.

It is always at MallocBinned2.cpp line 469.

What could this mean? A problem from my side because i am failing with some pointer? Callstack also shows this everytime.

I checked here and there about what the issue could be. Then decided to do a clean up on every class regarding uproperty check and if they follow unreal GC rules. After i finished it, this happened.

The error:

Assertion failed: bIsValid [File:C:\Users\Ceset\Desktop\Unreal_Release_Git\Engine\Source\Runtime\Core\Public\Misc/InlineValue.h] [Line: 149] 
It is an error to call GetValue() on an invalid TInlineValue. Please either check IsValid() or use Get(DefaultValue) instead.
ChessGame-Win64-DebugGame.exe has triggered a breakpoint.

And here is the callstack:
https://pastebin.com/itWfZFZX

Allright, it seems there are two bugs here. One originates from unreal and happens when a widget animation is stopped and played while the widgets visibility is changed constantly a lot of times. But i will leave that for some other time.

Now, back to this bug;

 Exception thrown: read access violation.
 **BasePtrOfNode** was 0xFFFFFFFFFFFFFFFF.

It seems to me like a bug caused from my wrong usage of unreal garbage collector. So i will ask some questions:

Which one is correct;

TSharedPtr<FInteractiveProcess> CEProcess; ///< This one, as far as i know

    UPROPERTY()
TSharedPtr<FInteractiveProcess> CEProcess;

Which one is correct;

TWeakObjectPtr<SomeClass> Something; ///< This one, as far as i know

UPROPERTY()
TWeakObjectPtr<SomeClass> Something;

Do we need to make FStrings UPROPERTY() for GC to work properly?
Do we need to make a TArray<> UPROPERTY() for GC to work properly?

After reading some more articles, i found out that my knowledge regarding Reflection and Garbage Collection was a bit lacking but it wasnt the reason causing the bug i am experiencing.

Anyways, since this post is too clogged up, i will create a new post where i post only necessery information regarding this bug.