Native NE /system/bin/audioserver
Exception Class: Native (NE)
Exception Type: SIGABRT
Current Executing Process:
pid: 32235, tid: 32271
/system/bin/audioserver
Backtrace:
#00 pc 0001cca6 /system/lib/libc.so (abort+58)
#01 pc 00006ccd /system/lib/liblog.so (__android_log_assert+156)
#02 pc 0000e2ef /system/lib/libmedia_helper.so (android::TimeCheck::TimeCheckThread::threadLoop()+270)
#03 pc 0000c08b /system/lib/libutils.so (android::Thread::_threadLoop(void*)+166)
#04 pc 00063305 /system/lib/libc.so (__pthread_start(void*)+22)
#05 pc 0001de69 /system/lib/libc.so (__start_thread+24)
$** *** *** *** *** *** *** *** Exception *** *** *** *** *** *** *** **$
ABI: 'arm'
pid: 23403, tid: 23465, name: TimeCheckThread >>> /system/bin/audioserver <<<
signal 6 (SIGABRT), code --------, fault addr --------
r0 00000000 r1 00005ba9 r2 00000006 r3 00000008
r4 00005b6b r5 00005ba9 r6 a95404a4 r7 0000010c
r8 aac9d943 r9 aa69e2e8 sl 3b9aca00 fp 000fe000
ip ffffb6dc sp a9540490 lr aafece59 pc aafe4ca6 cpsr 200e0030
TimeCheck机制是audioserver里面用于binder in调用超时检测机制,对于audioserver binder in的call不能超过5s
另外一份log中的core-dump
#0 nanosleep () at bionic/libc/arch-arm/syscalls/nanosleep.S:9
No locals.
#1 0xab001244 in sleep (seconds=1) at bionic/libc/upstream-freebsd/lib/libc/gen/sleep.c:58
time_to_sleep =
{tv_sec = 1, tv_nsec = 0}
time_remaining =
{tv_sec = 0, tv_nsec = 847461}
#2 0xaa90d9e2 in android::checkPermission (permission=..., pid=1548, uid=1000) at frameworks/native/libs/binder/IServiceManager.cpp:121
binder =
{m_ptr = 0x0}
startTime =
#3 0xaa9199d0 in android::PermissionCache::checkPermission (permission=..., pid=1548, uid=1000) at frameworks/native/libs/binder/PermissionCache.cpp:102
t =
granted = false
pc = @0xaa699e70: {> = {static sLock = {mMutex = {__private = {0}}}, static sInstance = 0xaa699e70}, mLock = {mMutex = {__private = {0}}},
mPermissionNamesPool = { = { = {_vptr$VectorImpl = 0xaa9371f0 +8>, mStorage = 0x0, mCount = 0, mFlags = 0,
mItemSize = 4}, }, }, mCache = { = { = { _vptr$VectorImpl = 0xaa93721c +8>, mStorage = 0x0, mCount = 0, mFlags = 0, mItemSize = 12}, }, }}
#4 0xaa976904 in android::AudioFlinger::dump (this=0xaa6be000, fd=17, args=...) at frameworks/av/services/audioflinger/AudioFlinger.cpp:486
No locals.
#5 0xaa976d00 in non-virtual thunk to android::AudioFlinger::dump(int, android::Vector const&) () at system/core/libutils/include/utils/Vector.h:251
android::kClientLockedString = "Client lock is taken\n"
android::sMediaLogServiceAsBinder = {m_ptr = 0x0}
android::kHardwareLockedString = "Hardware lock is taken\n"
android::audio_interfaces =
{0xaa9a91c1 "primary", 0xaa9a91c9 "a2dp", 0xaa9a91ce "usb"}
android::sMediaLogService =
{m_ptr = 0x0}
android::kNoEffectsFactory = "Effects Factory is absent\n"
_log_level = 1
android::kDeadlockedString = "AudioFlinger may be deadlocked\n"
FX_IID_AEC_ =
{timeLow = 2068386912, timeMid = 36173, timeHiAndVersion = 4576, clockSeq = 48481, node = "\000\002\245\325\305\033"}
FX_IID_NS_ =
{timeLow = 1488237152, timeMid = 36358, timeHiAndVersion = 4576, clockSeq = 43662, node = "\000\002\245\325\305\033"}
SL_IID_VISUALIZATION_ =
{timeLow = 3832227488, timeMid = 56797, timeHiAndVersion = 4571, clockSeq = 35581, node = "\000\002\245\325\305\033"}
android::sMediaLogOnce = 0
android::AudioFlinger::mScreenState = 0
android::AudioFlinger::mStandbyTimeInNsecs = 3000000000
android::gLock = {mMutex = {__private =
{0}
}}
android::gAudioFlinger =
{m_ptr = 0xaa6be000, m_refs = 0xaa698220}
#6 0xaa9043d8 in android::BBinder::onTransact (this=0xaa6be004, code=, data=..., reply=) at frameworks/native/libs/binder/Binder.cpp:226
fd =
argc =
args = { = {_vptr$VectorImpl = 0x8e623c08 +8>, mStorage = 0x0, mCount = 0, mFlags = 0, mItemSize = 4}, }
#7 0xaac893d6 in android::BnAudioFlinger::onTransact (this=, code=, data=..., reply=0xa9d06808, flags=) at frameworks/av/media/libaudioclient/IAudioFlinger.cpp:1473
check =
{static kDefaultTimeOutMs = 5000, mEndTimeNs = 18723149499422}
#8 0xaa9040fa in android::BBinder::transact (this=0xaa6be004, code=1598311760, data=..., reply=, flags=) at frameworks/native/libs/binder/Binder.cpp:129 IAudioFlinger checktime超时 NE:
查看SYS_ANDROID_LOG发现system_server发生NE:
03-08 19:55:14.580 920 938 D AES : ExceptionLog: notify aed, process:system_server pid:920 cause:system_server_crash
查看audioserver的NE:
03-08 19:55:47.535 23538 23538 D AEE_AED : i, Cls, count, last_time, module
03-08 19:55:47.535 23538 23538 D AEE_AED : ====================================================================
03-08 19:55:47.535 23538 23538 D AEE_AED : 0, 11, 2, 1520501970, system_server
03-08 19:55:47.536 23538 23538 D AEE_AED : 7, 3, 1, 1520519147, /system/bin/audioserver
结论:IAudioFlinger对象TimeCheck超时引起audioserver NE,根因是system server NE导致“permission” service dead后AudioFlinger dump代码时在5s之内找不到“permission” service引起代码逻辑出现死循环导致超时。
解决方案:“permission” service dead后,在dump之前check service在不再,若不存在,就返回不去dump,避免在dumpAllowed()函数调用出现无限循环sleep导致超时。此方案来规避audioserver的NE。
frameworks/av/services/audioflinger/AudioFlinger.cpp
status_t AudioFlinger::dump(int fd, const Vector& args){
//add
sp binder = defaultServiceManager()->checkService(String16("permission"));
bool isPermissionServiceExist = binder != NULL ? true : false;
if(!isPermissionServiceExist){
ALOGI("checkService binder == NULL , permission Service not exist ");
return UNEXPECTED_NULL;
}
//add
if (!dumpAllowed()) {
dumpPermissionDenial(fd, args);
} else {
// get state of hardware lock
bool hardwareLocked = dumpTryLock(mHardwareLock);
if (!hardwareLocked) {
String8 result(kHardwareLockedString);
write(fd, result.string(), result.size());
.....
.....
}
}