UsbDeviceConnection requestWait() native crash

I'm using the 2 interrupted endpoints (IN and OUT) of the device that I want to communicate from 2 threads:

a WriteThread that queues packets through a UsbRequest initialized of the OUT endpoint (this is the communication from my app to the device)

and

a ReadThread that queues reads from the device through a UsbRequest initialized of the IN endpoint (this is the communication from the device to my app)

I'm doing this because UsbDeviceConnection.requestWait() blocks ReadThread thread and I need to be able to write and read at the same time. The problem is that when I try to write and read at the same time my app crashes. The crash seems to be happening in the requestWait() method with the below stack trace. I've noticed that if I use a Thead.sleep(100) on some phones will make the crash go away, but on other phones even if I use a bigger delay the crash will still happen, so the sleep method it's not a viable solution. I was wondering if any of you has had the same problem and how did you overcome it.

I've already seen this thread:

UsbRequest.queue crashing Android 3.1 application

but I need to use the interrupted endpoints, the device that I'm writing the app for does not have bulk endpoints, so I can not do the workaround that they talk at the link above.

Below its the stack trace of the crash.

07-03 17:55:11.991: E/dalvikvm(28658): JNI ERROR (app bug): accessed stale global reference 0x7ad003fa (index 254 in a table of size 254)
07-03 17:55:11.991: E/dalvikvm(28658): VM aborting
07-03 17:55:11.991: A/libc(28658): Fatal signal 6 (SIGABRT) at 0x00006ff2 (code=-6), thread 28784 (ReadThread)
07-03 17:55:12.101: I/DEBUG(258): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
07-03 17:55:12.101: I/DEBUG(258): Build fingerprint: 'samsung/hltexx/hlte:4.4.2/KOT49H/N9005XXUEND3:user/release-keys'
07-03 17:55:12.101: I/DEBUG(258): Revision: '8'
07-03 17:55:12.101: I/DEBUG(258): pid: 28658, tid: 28784, name: ReadThread  >>>  <<<
07-03 17:55:12.101: I/DEBUG(258): signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
07-03 17:55:12.221: I/DEBUG(258):     r0 00000000  r1 00007070  r2 00000006  r3 00000000
07-03 17:55:12.221: I/DEBUG(258):     r4 00000006  r5 00000016  r6 00007070  r7 0000010c
07-03 17:55:12.221: I/DEBUG(258):     r8 00000000  r9 42bf1850  sl 737df400  fp 42bf3cf0
07-03 17:55:12.221: I/DEBUG(258):     ip 00000001  sp 77d44880  lr 400dd1ad  pc 400ec154  cpsr 000f0010
07-03 17:55:12.221: I/DEBUG(258):     d0  0000000000000000  d1  0000000000000000
07-03 17:55:12.221: I/DEBUG(258):     d2  0000000000000000  d3  0000000000000000
07-03 17:55:12.221: I/DEBUG(258):     d4  0000000000000000  d5  0000000000000000
07-03 17:55:12.221: I/DEBUG(258):     d6  0000000000000000  d7  0000000000000000
07-03 17:55:12.231: I/DEBUG(258):     d8  0000000000000000  d9  0000000000000000
07-03 17:55:12.231: I/DEBUG(258):     d10 0000000000000000  d11 0000000000000000
07-03 17:55:12.231: I/DEBUG(258):     d12 0000000000000000  d13 0000000000000000
07-03 17:55:12.231: I/DEBUG(258):     d14 0000000000000000  d15 0000000000000000
07-03 17:55:12.231: I/DEBUG(258):     d16 61742061206e6920  d17 7320666f20656c62
07-03 17:55:12.231: I/DEBUG(258):     d18 0000000000000000  d19 0000000000000000
07-03 17:55:12.231: I/DEBUG(258):     d20 0000000000000000  d21 0000000000000000
07-03 17:55:12.231: I/DEBUG(258):     d22 0000000000000000  d23 0000000000000000
07-03 17:55:12.231: I/DEBUG(258):     d24 3fc74721cad6b0ed  d25 3fc2f112df3e5244
07-03 17:55:12.231: I/DEBUG(258):     d26 40026bb1bbb55516  d27 0000000000000000
07-03 17:55:12.231: I/DEBUG(258):     d28 0000000000000000  d29 0000000000000000
07-03 17:55:12.231: I/DEBUG(258):     d30 0000000000000000  d31 0000000000000000
07-03 17:55:12.231: I/DEBUG(258):     scr 20000010
07-03 17:55:12.231: I/DEBUG(258): backtrace:
07-03 17:55:12.231: I/DEBUG(258):     #00  pc 00022154  /system/lib/libc.so (tgkill+12)
07-03 17:55:12.231: I/DEBUG(258):     #01  pc 000131a9  /system/lib/libc.so (pthread_kill+48)
07-03 17:55:12.231: I/DEBUG(258):     #02  pc 000133bd  /system/lib/libc.so (raise+10)
07-03 17:55:12.231: I/DEBUG(258):     #03  pc 000120f3  /system/lib/libc.so
07-03 17:55:12.231: I/DEBUG(258):     #04  pc 00021a08  /system/lib/libc.so (abort+4)
07-03 17:55:12.231: I/DEBUG(258):     #05  pc 000493bf  /system/lib/libdvm.so (dvmAbort+78)
07-03 17:55:12.231: I/DEBUG(258):     #06  pc 0002af2c  /system/lib/libdvm.so (IndirectRefTable::get(void*) const+216)
07-03 17:55:12.231: I/DEBUG(258):     #07  pc 0004dcd3  /system/lib/libdvm.so (dvmDecodeIndirectRef(Thread*, _jobject*)+62)
07-03 17:55:12.231: I/DEBUG(258):     #08  pc 000519f1  /system/lib/libdvm.so (dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*)+600)
07-03 17:55:12.231: I/DEBUG(258):     #09  pc 00000214  /dev/ashmem/dalvik-jit-code-cache (deleted)
07-03 17:55:12.231: I/DEBUG(258): stack:
07-03 17:55:12.231: I/DEBUG(258):          77d44840  000000fe  
07-03 17:55:12.231: I/DEBUG(258):          77d44844  7757bfa8  
07-03 17:55:12.231: I/DEBUG(258):          77d44848  00000001  
07-03 17:55:12.231: I/DEBUG(258):          77d4484c  00000000  
07-03 17:55:12.231: I/DEBUG(258):          77d44850  42bf1850  /dev/ashmem/dalvik-heap (deleted)
07-03 17:55:12.231: I/DEBUG(258):          77d44854  737df400  
07-03 17:55:12.231: I/DEBUG(258):          77d44858  42bf3cf0  /dev/ashmem/dalvik-heap (deleted)
07-03 17:55:12.231: I/DEBUG(258):          77d4485c  400f0501  /system/lib/libc.so (snprintf+80)
07-03 17:55:12.231: I/DEBUG(258):          77d44860  61fcd7f8  /dev/ashmem/dalvik-bitmap-2 (deleted)
07-03 17:55:12.231: I/DEBUG(258):          77d44864  000155fe  
07-03 17:55:12.231: I/DEBUG(258):          77d44868  77d448dc  [stack:28784]
07-03 17:55:12.231: I/DEBUG(258):          77d4486c  00000000  
07-03 17:55:12.231: I/DEBUG(258):          77d44870  00000000  
07-03 17:55:12.231: I/DEBUG(258):          77d44874  40118394  
07-03 17:55:12.231: I/DEBUG(258):          77d44878  00004000  
07-03 17:55:12.231: I/DEBUG(258):          77d4487c  77d448ea  [stack:28784]
07-03 17:55:12.231: I/DEBUG(258):     #00  77d44880  00000006  
07-03 17:55:12.231: I/DEBUG(258):          77d44884  00000016  
07-03 17:55:12.231: I/DEBUG(258):          77d44888  00007070  
07-03 17:55:12.241: I/DEBUG(258):          77d4488c  00000001  
07-03 17:55:12.241: I/DEBUG(258):          77d44890  00000001  
07-03 17:55:12.241: I/DEBUG(258):          77d44894  400dd1ad  /system/lib/libc.so (pthread_kill+52)
07-03 17:55:12.241: I/DEBUG(258):     #01  77d44898  00000006  
07-03 17:55:12.241: I/DEBUG(258):          77d4489c  00000000  
07-03 17:55:12.241: I/DEBUG(258):          77d448a0  7757bfa8  
07-03 17:55:12.241: I/DEBUG(258):          77d448a4  400dd3c1  /system/lib/libc.so (raise+14)
07-03 17:55:12.241: I/DEBUG(258):     #02  77d448a8  77d448b4  [stack:28784]
07-03 17:55:12.241: I/DEBUG(258):          77d448ac  400dc0f7  /system/lib/libc.so
07-03 17:55:12.241: I/DEBUG(258): memory near r1:
07-03 17:55:12.241: I/DEBUG(258):     00007050 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007060 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007070 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007080 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007090 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     000070a0 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     000070b0 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     000070c0 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     000070d0 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     000070e0 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     000070f0 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007100 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007110 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007120 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007130 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007140 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258): memory near r6:
07-03 17:55:12.241: I/DEBUG(258):     00007050 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007060 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007070 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007080 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007090 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     000070a0 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     000070b0 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     000070c0 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     000070d0 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     000070e0 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     000070f0 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007100 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007110 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007120 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007130 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.241: I/DEBUG(258):     00007140 ffffffff ffffffff ffffffff ffffffff  
07-03 17:55:12.251: I/DEBUG(258): memory near r9:
07-03 17:55:12.251: I/DEBUG(258):     42bf1830 00000000 00000000 00000000 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf1840 00000000 00000000 000000f8 0000001a  
07-03 17:55:12.251: I/DEBUG(258):     42bf1850 417eb538 00000000 42befd38 77562210  
07-03 17:55:12.251: I/DEBUG(258):     42bf1860 00000000 000000d9 42bef820 429ef108  
07-03 17:55:12.251: I/DEBUG(258):     42bf1870 53b56e9f 00000000 00001000 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf1880 00000000 00000000 53b56e9d 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf1890 0000000b 00000000 00000000 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf18a0 0016d0ea 00000000 0000bd02 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf18b0 53b56e9f 00000000 00000001 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf18c0 000021b0 000003fa 000003e8 0000001b  
07-03 17:55:12.251: I/DEBUG(258):     42bf18d0 41779800 00000000 00000004 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf18e0 0b0a0908 0000005b 41779800 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf18f0 00000041 00000000 00000801 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf1900 00000000 00000000 00000000 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf1910 00000000 00000000 00000000 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf1920 00000000 00000000 00000000 00000000  
07-03 17:55:12.251: I/DEBUG(258): memory near sl:
07-03 17:55:12.251: I/DEBUG(258):     737df3e0 0b1afd31 00000b0a 00000000 0000045b  
07-03 17:55:12.251: I/DEBUG(258):     737df3f0 6e6ffb4a 7757bfa8 6d6fc0a8 6f3ea000  
07-03 17:55:12.251: I/DEBUG(258):     737df400 7ad003fa 77562210 77d44c40 00000000  
07-03 17:55:12.251: I/DEBUG(258):     737df410 77d44c94 0000000c 00000000 416a9d40  
07-03 17:55:12.251: I/DEBUG(258):     737df420 00000000 00000000 6c9f4170 77578300  
07-03 17:55:12.251: I/DEBUG(258):     737df430 00000000 00000000 00000001 00004000  
07-03 17:55:12.251: I/DEBUG(258):     737df440 00000000 77766e70 416a9d40 416aec80  
07-03 17:55:12.251: I/DEBUG(258):     737df450 00000000 416b2d7c 416b2df0 416b2ca0  
07-03 17:55:12.251: I/DEBUG(258):     737df460 416b2cc0 416b2d1c 00000000 00000000  
07-03 17:55:12.251: I/DEBUG(258):     737df470 779e9fc8 00000028 00000000 00000000  
07-03 17:55:12.251: I/DEBUG(258):     737df480 00000000 00000000 00000152 417554ec  
07-03 17:55:12.251: I/DEBUG(258):     737df490 4177c830 6d63fcc0 00000001 777679a8  
07-03 17:55:12.251: I/DEBUG(258):     737df4a0 00000001 00000040 00000200 00000000  
07-03 17:55:12.251: I/DEBUG(258):     737df4b0 00000001 6e6ffb4a 6e6ffb4a 00000002  
07-03 17:55:12.251: I/DEBUG(258):     737df4c0 6e6ffb5a 6d640e28 00000000 00000000  
07-03 17:55:12.251: I/DEBUG(258):     737df4d0 00000000 00000000 00000000 00000000  
07-03 17:55:12.251: I/DEBUG(258): memory near fp:
07-03 17:55:12.251: I/DEBUG(258):     42bf3cd0 00000005 00000004 6da39a98 ffc03c00  
07-03 17:55:12.251: I/DEBUG(258):     42bf3ce0 77414f61 00000000 00000000 0000006b  
07-03 17:55:12.251: I/DEBUG(258):     42bf3cf0 42bf3c48 00000000 429ffbf0 42bf5510  
07-03 17:55:12.251: I/DEBUG(258):     42bf3d00 41787da0 00000000 00000000 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf3d10 42bf3d58 00000000 42bf4fe8 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf3d20 00006dd3 00000000 00000000 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf3d30 00000005 00000001 00000001 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf3d40 42bf1850 42bf5500 42bf3a30 42bf3f00  
07-03 17:55:12.251: I/DEBUG(258):     42bf3d50 00000001 0000001b 41787aa8 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf3d60 00000000 41787560 00000000 00000043  
07-03 17:55:12.251: I/DEBUG(258):     42bf3d70 41823bc0 00000000 00000000 00000000  
07-03 17:55:12.251: I/DEBUG(258):     42bf3d80 00000000 00000000 00001000 00001000  
07-03 17:55:12.251: I/DEBUG(258):     42bf3d90 ffffffff 00000000 41825cc0 42a7aea8  
07-03 17:55:12.251: I/DEBUG(258):     42bf3da0 00000000 00000000 00310038 00000011  
07-03 17:55:12.251: I/DEBUG(258):     42bf3db0 42b5bb10 42bf14c8 00000010 0000002a  
07-03 17:55:12.251: I/DEBUG(258):     42bf3dc0 41823110 00000000 42bf3de8 0000001f  
07-03 17:55:12.251: I/DEBUG(258): memory near sp:
07-03 17:55:12.251: I/DEBUG(258):     77d44860 61fcd7f8 000155fe 77d448dc 00000000  
07-03 17:55:12.251: I/DEBUG(258):     77d44870 00000000 40118394 00004000 77d448ea  
07-03 17:55:12.251: I/DEBUG(258):     77d44880 00000006 00000016 00007070 00000001  
07-03 17:55:12.251: I/DEBUG(258):     77d44890 00000001 400dd1ad 00000006 00000000  
07-03 17:55:12.251: I/DEBUG(258):     77d448a0 7757bfa8 400dd3c1 77d448b4 400dc0f7  
07-03 17:55:12.251: I/DEBUG(258):     77d448b0 00000000 ffffffdf 401142c4 4011422c  
07-03 17:55:12.251: I/DEBUG(258):     77d448c0 00000000 400decb7 41754db0 41754db0  
07-03 17:55:12.261: I/DEBUG(258):     77d448d0 000000fe 400eba0c 00000000 416d23c3  
07-03 17:55:12.261: I/DEBUG(258):     77d448e0 00000000 6c756e28 0000296c 00000000  
07-03 17:55:12.261: I/DEBUG(258):     77d448f0 00000000 00000000 00000000 00000000  
07-03 17:55:12.261: I/DEBUG(258):     77d44900 00000000 00000000 00000000 00000000  
07-03 17:55:12.261: I/DEBUG(258):     77d44910 00000000 00000000 00000000 00000000  
07-03 17:55:12.261: I/DEBUG(258):     77d44920 00000000 00000000 00000000 00000000  
07-03 17:55:12.261: I/DEBUG(258):     77d44930 00000000 00000000 00000000 00000000  
07-03 17:55:12.261: I/DEBUG(258):     77d44940 00000000 00000000 00000000 00000000  
07-03 17:55:12.261: I/DEBUG(258):     77d44950 00000000 00000000 00000000 00000000  
07-03 17:55:12.261: I/DEBUG(258): code around pc:
07-03 17:55:12.261: I/DEBUG(258):     400ec134 e8bd00f0 e3700a01 912fff1e e2600000  
07-03 17:55:12.261: I/DEBUG(258):     400ec144 ea006e4f e92d50f0 e3a07f43 ef000000  
07-03 17:55:12.261: I/DEBUG(258):     400ec154 e8bd50f0 e3700a01 912fff1e e2600000  
07-03 17:55:12.261: I/DEBUG(258):     400ec164 ea006e47 e92d50f0 e3a070ee ef000000  
07-03 17:55:12.261: I/DEBUG(258):     400ec174 e8bd50f0 e3700a01 912fff1e e2600000  
07-03 17:55:12.261: I/DEBUG(258):     400ec184 ea006e3f f200429a bf0080b9 f040f891  
07-03 17:55:12.261: I/DEBUG(258):     400ec194 4001e92d f2c02a04 2a1080a5 8093f2c0  
07-03 17:55:12.261: I/DEBUG(258):     400ec1a4 f2c02a20 2a408088 ea4fdb7f f1bc1c92  
07-03 17:55:12.261: I/DEBUG(258):     400ec1b4 dd6c0f0a 0600e92d 0f40f1bc f500dd4a  
07-03 17:55:12.261: I/DEBUG(258):     400ec1c4 f5016e80 ebae7920 ea4f0e09 ea4f5e4e  
07-03 17:55:12.261: I/DEBUG(258):     400ec1d4 f50e5e5e ebbc7e20 dd3b1f9e f04fbfc4  
07-03 17:55:12.261: I/DEBUG(258):     400ec1e4 ebd9090a dd35199e 0a0eeb01 0a3ff02a  
07-03 17:55:12.261: I/DEBUG(258):     400ec1f4 1c9eebac bfd245e1 0c09ebac f04f46e1  
07-03 17:55:12.261: I/DEBUG(258):     400ec204 f8910c00 f891f240 f921f280 f921028d  
07-03 17:55:12.261: I/DEBUG(258):     400ec214 f8da428d f1b93000 f9000901 f900028d  
07-03 17:55:12.261: I/DEBUG(258):     400ec224 f10a428d d1ee0a40 0f00f1bc f5bcd02b  
07-03 17:55:12.261: I/DEBUG(258): code around lr:
07-03 17:55:12.261: I/DEBUG(258):     400dd18c 447b4b13 42b3e010 6a1ed10e 44784811  
07-03 17:55:12.261: I/DEBUG(258):     400dd19c ec84f7fb ea0cf00d 46224631 efcef00e  
07-03 17:55:12.261: I/DEBUG(258):     400dd1ac d00a3001 e00b2400 2b00681b 480ad1eb  
07-03 17:55:12.261: I/DEBUG(258):     400dd1bc 44782403 ec72f7fb f001e002 6804fa23  
07-03 17:55:12.261: I/DEBUG(258):     400dd1cc fa20f001 46206005 bf00bd70 0003b226  
07-03 17:55:12.261: I/DEBUG(258):     400dd1dc 0003b21a 0003b212 0003b1ee bf7ef7ff  
07-03 17:55:12.261: I/DEBUG(258):     400dd1ec 4a3e4b3d e92d447b b08b43f0 4606589c  
07-03 17:55:12.261: I/DEBUG(258):     400dd1fc 6823460d 930946a1 fa04f001 8000f8d0  
07-03 17:55:12.261: I/DEBUG(258):     400dd20c d0482d00 f0104628 280ff889 d8444604  
07-03 17:55:12.261: I/DEBUG(258):     400dd21c ffe4f7ff d1064286 4629200f e8d6f00d  
07-03 17:55:12.261: I/DEBUG(258):     400dd22c d03c2800 482ee02e f7fb4478 482debb6  
07-03 17:55:12.261: I/DEBUG(258):     400dd23c e0154478 d11342b0 482b6a06 f7fb4478  
07-03 17:55:12.261: I/DEBUG(258):     400dd24c 4a2aec2e 46332120 a801447a f92af013  
07-03 17:55:12.261: I/DEBUG(258):     400dd25c a8012101 fc48f01a 46061c42 e011d104  
07-03 17:55:12.261: I/DEBUG(258):     400dd26c 28006800 e02cd1e6 46294630 f00d4622  
07-03 17:55:12.261: I/DEBUG(258):     400dd27c 1c43e912 d11e4607 f9c4f001 29046801  
07-03 17:55:12.421: I/DEBUG(258): !@dumpstate -k -t -z -d -o /data/log/dumpstate_app_native -m 28658
07-03 17:55:12.421: I/BootReceiver(840): Copying /data/tombstones/tombstone_01 to DropBox (SYSTEM_TOMBSTONE)
07-03 17:55:12.431: W/ApplicationPackageManager(840): getCSCPackageItemText()
07-03 17:55:12.441: I/dumpstate(28888): begin
07-03 17:55:12.441: I/dumpstate(28891): begin
07-03 17:55:12.441: I/dumpstate(28891): dumpstate is still running

This is a bug in the Android Platform and has given me headaches for the past 2 weeks. In the end the only solution for my project to work was to create a patch.

First the root of the problem: in class UsbRequest.java : http://androidxref.com/4.4.4_r1/xref/frameworks/base/core/java/android/hardware/usb/UsbRequest.java

in line 136 they are determining the direction of the endpoint:

boolean out = (mEndpoint.getDirection() == UsbConstants.USB_DIR_OUT);

and the out boolean is send as a parameter to the native functions in lines 139 and 141. if we follow the native_queue_direct method in the native counterpart UsbRequest.cpp : http://androidxref.com/4.4.4_r1/xref/frameworks/base/core/jni/android_hardware_UsbRequest.cpp

we can see that the out boolean once received by the function is not used !

The out boolean must be used because only the read (IN) endpoint (the one that we will do requestWait() on it) should allocate memory - request->client_data = (void *)env->NewGlobalRef(thiz); - that will be returned by the requestWait() method. By not using it the out boolean when we queue data on the OUT (write) endpoint it will also allocate memory and replace the memory allocated by the IN endpoint. Then when requestWait() returnes it will try to return the memory block allocated by the IN endpoint which is now different and it crashes with : JNI ERROR (app bug): accessed stale global reference 0x7ad003fa (index 254 in a table of size 254).

The fix:

android.hardware.usb.UsbDeviceConnection udc = usbManager.openDevice(device);
com.fixed.usb.UsbDeviceConnection usbDeviceConnection = new com.fixed.usb.UsbDeviceConnection(device, udc.getFileDescriptor());

After we open the device, we use the returned UsbDeviceConnection to get the device's file descriptor and we'll construct a new (fixed) UsbDeviceConnection. Then we use this as the regular UsbDeviceConnection.

You can download the patch from the issue's page.

This issue can happen when you try to open device and connection again (when everything of that was already done)

来源：https://stackoverflow.com/questions/24735960/usbdeviceconnection-requestwait-native-crash

标签

android

multithreading

usb

endpoint

libusb