SafeZone m_RemoveEntityPhantomTaskList HashSet corruption due to race condition

Viktor Ferenczi shared this bug 4 months ago
Reported – Awaiting fix

Game version: 1.200.032

Reproducible: Rarely, but then it freezes the entire game / server. It also has the potential to cause a crash.

How to reproduce

  • Location: Pertam (likely not relevant)
  • Safe zone on the surface
  • Automatic missile turret shooting from the safe zone to an enemy outside
  • The race condition eventually happens and corrupts the HashSet instance in the MySafeZone object's m_RemoveEntityPhantomTaskList member variable.
  • In my case it caused an infinite loop in the Contains() call due to m_slots being damaged inside the HashSet instance. The infinite loop happens because both index and this.m_slots[index].next are zero.

Please see the attached screenshots when I stopped the infinite loop in the debugger. It was on the Main thread.

It is a race condition, therefore hard to reproduce. But it is there and I got reports about it from others as well.

Most likely root cause is lack of synchronization of the collection (HashSet) used inside MySafeZone.RemoveEntityPhantom.

I suggest adding synchronization around all access to that HashSet.

Replies (2)

photo
2

Fixed in Performance Improvements 1.7.3

Look for the class: MySafeZonePatch

The patch adds locking to the Contains, Add and Remove calls mentioned above.

I've seen potential concurrent access to other data structures inside RemoveEntityPhantom and that long lambda function (Action) invoked, so please check everything there.

Based on the full traceback it is invoked from Havok callback, which may explain the concurrent execution.

photo
1

Hello, Viktor,

thanks for letting us know. Issue was reported internally.

Kind Regards

Keen Software House: QA Department

Leave a Comment
 
Attach a file