问题
I have suffered from this bug for days. Help me, if you know anything that may help.
I use the camera framework to get my hardware work. Most of the time, it works properly. Howerver, sometimes the binder kill my server's main thread because that condition "bwr.write_consumed < mOut.dataSize()" meets as below.
This happens when client call the server and server do something,then returned because user input is needed to finish the task. Then after all work is done, server will send a msg to client to inform him of the result.
Q1:Does "bwr.write_consumed < mOut.dataSize()" mean that binder does not get all the data I send to it?
Q2:How can this be possible? Does it means that my client is down?
Any ideas may be helpful.
Thanks
IPCThreadState.cpp::talkWithDriver()
if (err >= NO_ERROR) {
if (bwr.write_consumed > 0) {
if (bwr.write_consumed < mOut.dataSize())
mOut.remove(0, bwr.write_consumed);
else
mOut.setDataSize(0);
}
the calling stack
signal 5 (SIGTRAP), code 1 (TRAP_BRKPT), fault addr 0x3e80000082e
Stack frame #00 pc 000000000000d270 /system/lib64/libcutils.so (__android_log_assert+236)
Stack frame #01 pc 000000000002de34 /system/lib64/libbinder.so (android::Parcel::remove(unsigned long, unsigned long)+28)
Stack frame #02 pc 0000000000029a34 /system/lib64/libbinder.so (android::IPCThreadState::talkWithDriver(bool)+412)
Stack frame #03 pc 000000000002a394 /system/lib64/libbinder.so (android::IPCThreadState::waitForResponse(android::Parcel*, int*)+116)
Stack frame #04 pc 000000000002a628 /system/lib64/libbinder.so (android::IPCThreadState::transact(int, unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+216)
Stack frame #05 pc 0000000000022348 /system/lib64/libbinder.so (android::BpBinder::transact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+64)
回答1:
I finally get the root case. It is because I use fasync to forward message( Which will go through binder). The fasync will pending the unfinished task if new task is scheduled. The problem may occur in specific timing.
来源:https://stackoverflow.com/questions/33670430/android-native-binder-crash-while-server-send-msg-to-client