这是一个耗时一个多月才解决的native crash （1）

一、背景

8.54.0.0版本上线后，出现了大量的socket clientsdk.so库的闪退：

bugly.qq.com/v2/crash-re…

主要分为两种：

1、后台闪退：用户无感知：

bugly.qq.com/v2/crash-re…

2、前台闪退：用户有感知，主要体现为 启动app后立刻就闪退，然后重启后正常；

bugly.qq.com/v2/crash-re…

二、定位问题

1、通过用户反馈，并让用户安装测试包，可以真实的证明，确实是socket so库导致的crash：

2、由于堆栈并没有指明是so库的哪个地方闪退，所以，无法进行直接修复，开始进行推论：

2.1、 8.54.0.0版本并没有升级socket so库，并且通过反编译对比两个线上版本，并不存在lib_c++ shared的库被升级，因此可以排除是因为升级其他sdk导致的socket 闪退；

2.2、8.54.0.0版本升级了bugly sdk，由于bugly sdk进行了优化，导致之前过滤socket so库后台闪退的记录失效，因此出现大量上报，可以理解，但不应该出现前台闪退；

2.3、通过和多个用户沟通，发现用户并不能稳定复现，只是有时候会出现，但是明显8.54.0.0版本的频率比以前高很多，通过让测试多次安装测试包的方法并没有复现，应该是8.54.0.0版本有什么东西引发了socket so库的闪退；

2.4、从日志里找线索，具体日志如下：

#00 pc 000000000005205c /apex/com.android.runtime/lib64/bionic/libc.so (abort+164) [arm64-v8a::82e5b2ff86b193c94139353a92c4af29]
2
#01 pc 00000000000667d0 /apex/com.android.runtime/lib64/bionic/libc.so (__stack_chk_fail+20) [arm64-v8a::82e5b2ff86b193c94139353a92c4af29]
3
#02 pc 0000000000067d5c /data/app/~~jnhT7CUNDeCebak8i1CqNw==/com.xx.seeyou-oFoQho_36LUWZWiebvJIkg==/lib/arm64/libclientsdk.so [arm64-v8a::de63b5e1d2007ebbad9c3e7b9001d192]
4
#03 pc 0000000000067e4c /data/app/~~jnhT7CUNDeCebak8i1CqNw==/com.xx.seeyou-oFoQho_36LUWZWiebvJIkg==/lib/arm64/libclientsdk.so [arm64-v8a::de63b5e1d2007ebbad9c3e7b9001d192]
5
#04 pc 000000000006cb78 /data/app/~~jnhT7CUNDeCebak8i1CqNw==/com.xx.seeyou-oFoQho_36LUWZWiebvJIkg==/lib/arm64/libclientsdk.so [arm64-v8a::de63b5e1d2007ebbad9c3e7b9001d192]
6
#05 pc 00000000000732d8 /data/app/~~jnhT7CUNDeCebak8i1CqNw==/com.xx.seeyou-oFoQho_36LUWZWiebvJIkg==/lib/arm64/libclientsdk.so [arm64-v8a::de63b5e1d2007ebbad9c3e7b9001d192]
7
#06 pc 00000000000742b0 /data/app/~~jnhT7CUNDeCebak8i1CqNw==/com.xx.seeyou-oFoQho_36LUWZWiebvJIkg==/lib/arm64/libclientsdk.so [arm64-v8a::de63b5e1d2007ebbad9c3e7b9001d192]
8
#07 pc 00000000000748bc /data/app/~~jnhT7CUNDeCebak8i1CqNw==/com.xx.seeyou-oFoQho_36LUWZWiebvJIkg==/lib/arm64/libclientsdk.so [arm64-v8a::de63b5e1d2007ebbad9c3e7b9001d192]
9
#08 pc 00000000000b3ea0 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+264) [arm64-v8a::82e5b2ff86b193c94139353a92c4af29]
10
#09 pc 0000000000053880 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) [arm64-v8a::82e5b2ff86b193c94139353a92c4af29]

         从以上日志可以发现两个关键点：

         - 1、bionic/libc.so (__stack_chk_fail+20)

                   -  此日志说明一般是因为内存操作导致，也就是说内存相关引发的；

         -2、bionic/libc.so (__start_thread+64) [arm64-v8a::82e5b2ff86b193c94139353a92c4af29] 

                   - 此日志说明是在开启线程的时候挂掉的

                   - 通过分析bugly的跟踪日志我们发现了另外一段系统日志：

04-07 10:51:32.253 8833 8894 E clientsdk: [clientsdk][lvl:1] [KVS] init. version: 0, key count: 0 /data/docker/im-group/im-sdk/jniwks/MeetYou/jni/android/com_rtc_RTCClient.cpp:879204-07

10:51:32.315 8833 11111 E clientsdk: [clientsdk][lvl:1] workThreadProcess start, thread id is 498356722864 /data/docker/im-group/im-sdk/jniwks/MeetYou/jni/client_sdk/client_core.cpp:1589304-07 10:51:32.433 8833 8833

E SysUtils: [variable fonts] error to areFontsVariable:java.lang.ClassNotFoundException: com.huawei.android.graphics.fonts.SystemFontsEx94--------- beginning of crash9504-07 10:51:32.584 8833 11111 F libc : stack corruption detected (-fstack-protector)9604-07 10:51:32.662 8833 11227 E Oms-SDK.WearableApiManager: Service missing when getting application info9804-07 10:51:32.990 8833 8833 E HwResourcesImpl: handleAddIconBackground resId = 0 return: android.graphics.drawable.ColorDrawable@a2e5c3f12304-07 10:51:33.388 8833 8870 E summer : not found implements method com.xx.seeyou.protocol.GaStubImpladdGaOtherParams"!!!!!!!!!!!!!!12404−0710:51:33.4741122611226E[libcrashpadhandlertrampoline.huawei.so](http://libcrashpadhandlertrampoline.huawei.so):openfileerror12504−0710:51:33.7921122611226Ehwbrenginecrashpad:../../thirdparty/crashpad/crashpad/util/process/[processmemoryrange.cc](http://processmemoryrange.cc):75:readoutofrange12604−0710:51:33.7931122611226Ehwbrenginecrashpad:../../thirdparty/crashpad/crashpad/util/process/[processmemoryrange.cc](http://processmemoryrange.cc):75:readoutofrange12704−0710:51:33.81088338870Esummer:notfoundimplementsmethodcom.xx.seeyou.protocol.GaStubImpladdGaOtherParams" !!!!!!!!!!!!!!12404-07 10:51:33.474 11226 11226 E [libcrashpad_handler_trampoline.huawei.so](http://libcrashpad_handler_trampoline.huawei.so): open file error12504-07 10:51:33.792 11226 11226 E hwbr_engine_crashpad: ../../third_party/crashpad/crashpad/util/process/[process_memory_range.cc](http://process_memory_range.cc):75: read out of range12604-07 10:51:33.793 11226 11226 E hwbr_engine_crashpad: ../../third_party/crashpad/crashpad/util/process/[process_memory_range.cc](http://process_memory_range.cc):75: read out of range12704-07 10:51:33.810 8833 8870 E summer : not found implements method com.xx.seeyou.protocol.GaStubImpladdGaOtherParams"!!!!!!!!!!!!!!12404−0710:51:33.4741122611226E[libcrashpadh​andlert​rampoline.huawei.so](http://libcrashpadh​andlert​rampoline.huawei.so):openfileerror12504−0710:51:33.7921122611226Ehwbre​nginec​rashpad:../../thirdp​arty/crashpad/crashpad/util/process/[processm​emoryr​ange.cc](http://processm​emoryr​ange.cc):75:readoutofrange12604−0710:51:33.7931122611226Ehwbre​nginec​rashpad:../../thirdp​arty/crashpad/crashpad/util/process/[processm​emoryr​ange.cc](http://processm​emoryr​ange.cc):75:readoutofrange12704−0710:51:33.81088338870Esummer:notfoundimplementsmethodcom.xx.seeyou.protocol.GaStubImpladdGaOtherParams" !!!!!!!!!!!!!!12804-07 10:51:33.876 8833 11111 E eup : get abort message after Q12904-07 10:51:33.897 8833 8833 E lgr : getToolHistoryList, babyId: 53695904, commonId: 22064617613004-07 10:51:33.897 8833 10392 E lgr : GetToolHistoryWorker, babyId: 53695904, commonId: 22064617613104-07 10:51:33.898 8833 10392 E lgr : shouldUpdate: false13204-07 10:51:33.914 8833 8833 E lgr : getToolHistoryList, size: 

                     我们大胆的猜测：socket 进行了初始化，并创建了线程，并且线程体开始执行，然后因为内存问题出现了意想不到的情况，然后就蹦了；

2.5、验证猜想：

• 最常见的C++空指针，于是我们模拟了一下C++空指针，信息如下,和实际线上日志不符，因此排除空指针的情况,此项不成立 

  Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x9c in tid 30316 (example.meetyou), pid 30272 (example.meetyou)
  2023-04-07 15:16:59.288 30320-30320 DEBUG                   crash_dump64                         A  Softversion: PD2020C_A_7.10.11
  2023-04-07 15:16:59.288 30320-30320 DEBUG                   crash_dump64                         A  Time: 2023-04-07 15:16:59
  2023-04-07 15:16:59.288 30320-30320 DEBUG                   crash_dump64                         A  *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
  2023-04-07 15:16:59.288 30320-30320 DEBUG                   crash_dump64                         A  Build fingerprint: 'vivo/PD2020/PD2020:10/QP1A.190711.020/compiler02071532:user/release-keys'
  2023-04-07 15:16:59.288 30320-30320 DEBUG                   crash_dump64                         A  Revision: '0'
  2023-04-07 15:16:59.288 30320-30320 DEBUG                   crash_dump64                         A  ABI: 'arm64'
  2023-04-07 15:16:59.288 30320-30320 DEBUG                   crash_dump64                         A  Timestamp: 2023-04-07 15:16:59+0800
  2023-04-07 15:16:59.288 30320-30320 DEBUG                   crash_dump64                         A  pid: 30272, tid: 30316, name: example.meetyou  >>> com.example.meetyou > com.example.meetyou