Newest release causes Trebuchet to crash on devices running the Replicant ROM

[herbsmn]

Expected behavior

Trebuchet doesn't crash and cause very long boot times.

Actual behavior

Trebuchet crashes, causes insanely long boot times, and causes decreased functionality until Twidere's current version is uninstalled or rolled back one release.

Steps to reproduce

Update or install to Twidere's current version in F-Droid

Android version: Replicant 6.0.1 0001 and 0002 https://replicant.us

Build variant: F-Droid

Micro-blogging service: This bug happens immediately upon install of the new Twidere version. You don't even need to open the app.

[mariotaku]

Since I don't have compatible device for Replicant ROM, could you please send me full logcat message to my e-mail address? (Not here because it may contain sensitive information)

[nscomputing]

The same on my CyanogenMod version 11.0-installer XNPQ32P. Unfortunately logcat message not available.

[mariotaku]

@nscomputing @herbsmn So both of you are using Trebuchet?

[nscomputing]

Yes, I am using it. To resolve issue I
-deleted cache,
-dalvik cache.
-Installed alternative launcher,
-deleted Trebuchet cache and data.

Then uninstalled Twidere.

[mariotaku]

@nscomputing I can't reproduce on stock AOSP w/ Trebuchet or Nova launcher. Do you mind sending a full logcat to me for investigating?

[herbsmn]

@mariotaku just sent a full logcat o your email. please let me know if i did it right. this is my first experience with logcat.

[tavoton]

CyanogenMod version 12 (cm-12-20150625-SNAPSHOT-YNG4NAO09M-e980)
Twidere build variant: F-Droid
Inmediate reboot while updating Twidere.
Trebuchet crashes on boot, causes infinite reboots.
TWRP can't access encrypted partition.
Device totally knocked out...

[herbsmn]

@tavoton i waited 20 minutes with Replicant and the device finally booted and was able to do some backups. it might be the same for you since Replicant is based on CyanogenMod/LineageOS

[mariotaku]

@herbsmn Thanks. I'll find out why ASAP.

[tavoton]

@herbsmn I waited more than half an hour, only a few reboots achieved to show a warning with trebuchet crash, but it was impossible to interact with device, in a few seconds next reboot happened again.

[nscomputing]

@tavoton Exactly the same in my case. @mariotaku Unfortunately, after I recovered my system only new logs are available.

[tavoton]

@nscomputing I tried to wipe from TWRP, but version 2.6.1 can't access encrypted partition, so I coudn't do anything. Then I tried to update TWRP to version 3.1.1, but this only finished killing device.

[nscomputing]

@tavoton My installation is using the ClockworkMod Recovery. I was able to use it in combination with alternative launcher to wipe caches 2 times. After my first recovery I tried to update Twidere again and this triggered all described problems.

[PiJ82]

@nscomputing @tavoton, same here. Reproduced the error by reinstalling CM 12.1 two times using TWRP 3.1. After first time I wasn't quite sure what triggered the problem until I installed the newest twidere version. Second time first thing I did was install twidere newest version, which indeed triggered the described behavior. Device got out of the boot loop once only to get stuck in Trebuchet crash loop.

[mariotaku]

Thanks for the info everyone. Could you provide more details like Android version and device model?

[tavoton]

LG Optimus G Pro (model number E986)
Android 5.0 / CyanogenMod 12 (cm-12-20150625-SNAPSHOT-YNG4NAO09M-e980)
TWRP 2.6.1

[herbsmn]

Galaxy S3 (i9300) and Galaxy Note 2 (N7100).

[PiJ82]

Samsung Galaxy J5 (SM-J500F)
CM 12.1 (Android Version 5.1.1)
Trebuchet Version 1.0 (is there another one?)
Plz text me if u need any more information. Sorry for not providing any logs, I really had to fight with my device.

[Bretos]

Google Nexus 5 (hammerhead)
LineageOS 14.1
Trebuchet 7.1.2

[herbsmn]

@mariotaku you finding anything?

[nscomputing]

Samsung Galaxy Note 2 ( GT-N7100)
CM 11.0 (Android version 4.4.4)
Trebuchet version 1.0

[NoblePink]

Samsung Galaxy S3 (GT-I9300)
cm-13.0-20161220-SNAPSHOT-ZNH5YAO3XN-i9300
Nova Launcher 5.3

Using a newly flashed ROM I managed to replicate the crash/ bootloop with both Play Store and F-Droid versions (3.6.29). I only managed to stop the bootloop by removing Twidere from data/app and data/data, then wipe dalvik/cache (not sure if this step is necessary) and reboot.

This problem does not occur in LineageOS 14.1.

My CM13 installation also had similar bootloop problem when installing the lastest Nova Launcher update (5.4.1). And yes it is not present in LOS 14.1.

[mariotaku]

@NoblePink I installed cm-13.0-20161221-SNAPSHOT-ZNH5YAO3Y6-shamu on Nexus 6 but still not able to reproduce. Do you have theme/gapps installed? Could you provide logcat since boot for investigation?

[herbsmn]

I didn't have gapps or a theme installed. Please let me know if you'd like me to provide more logs.

[NoblePink]

@mariotaku The problem occurs with and without gapps from what I tested (I used open_gapps-arm-6.0-pico-20170907), no custom theme applied.

I'll try to find some time to reflash my device to provide a more reliable log since I just reconfigured it fully with themes and custom kernel. Also I'm not familiar with logcat so can you tell me when's the time to save the logs? From boot you mean before installing Twidere right? (Since I can't interact with device at all during the bootloops)

[herbsmn]

@NoblePink any chance you could use adb logcat? https://forum.xda-developers.com/showthread.php?t=1726238 I was able to use 'adb logcat -v long > name of problem.txt' during the bootloops. I just kept restarting it after it shut down. One of the loops finally resulted in a boot.

[koko-ng]

Phone: Huawei G760 L01
ROM: CM 12.1
Twidere version: I think it was 3.6.29, started to bootloop after last update.
Google play service: microG Service Core version 0.2.4-105-gf289a13
Launcher: Trebuchet

I have had the same problem, solved it by booting into recovery and deleting the app, by issuing

adb shell
rm -r /data/app/org.mariotaku.twidere-*
rm -r /data/data/org.mariotaku.twidere

then wiping Dalvik cache, rebooting and it was (finally) fixed.
Note that I'm using microG Service Core version 0.2.4-105-gf289a13, according to other people in this thread it's the lack of the google api that cause the bugs. Maybe the implementation status of google play service by microG can help (https://github.com/microg/android_packages_apps_GmsCore/wiki/Implementation-Status).

Beginning of the log, contact me if you need more:

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'Huawei/G760-L01/hwG760-L01:5.1.1/HuaweiG760-L01/C464B340:user/release-keys'
Revision: '0'
ABI: 'arm'
pid: 7115, tid: 8184, name: Binder_8  >>> system_server <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xdeadbaad
Abort message: 'invalid address or address of corrupt block 0x7a0062 passed to dlfree'
    r0 00000000  r1 b6e8ddec  r2 deadbaad  r3 00000000
    r4 007a0062  r5 b6e8f0d8  r6 9cbb7000  r7 007a006a
    r8 9b4a645c  r9 9b4a651c  sl b6d54272  fp b6d5427b
    ip 00008000  sp 9b4a6408  lr b6e5ee57  pc b6e5ee58  cpsr 60000030
    d0  0000000000000000  d1  0000000000000000
    d2  0000000000000000  d3  0000000000000000
    d4  0000000000000000  d5  0000000000000000
    d6  0000000000000000  d7  0000000000000000
    d8  000000003f800000  d9  0000000000000000
    d10 0000000000000000  d11 0000000000000000
    d12 0000000000000000  d13 0000000000000000
    d14 0000000000000000  d15 0000000000000000
    d16 0000000000000000  d17 0000008cffffffff
    d18 bfa87a4b00000000  d19 0000000000000001
    d20 00a51eb800000000  d21 0000000000a51eb8
    d22 0000000000a51eb8  d23 3f626e5e00000000
    d24 0000000000000001  d25 bf66c11c34a12eec
    d26 0000000000000001  d27 0000000000a51eb8
    d28 be63c064abf00000  d29 bf5224a5191957e0
    d30 3c4baf4e00000000  d31 0000000000000000
    scr 60000010

backtrace:
    #00 pc 00028e58  /system/lib/libc.so (dlfree+1239)
    #01 pc 0000f3a3  /system/lib/libc.so (free+10)
    #02 pc 00012b15  /system/lib/libandroidfw.so (android::ResStringPool::uninit()+38)
    #03 pc 0001384f  /system/lib/libandroidfw.so (android::ResXMLTree::uninit()+12)
    #04 pc 0001386d  /system/lib/libandroidfw.so (android::ResXMLTree::~ResXMLTree()+4)
    #05 pc 0001053b  /system/lib/libandroidfw.so (android::AssetManager::getPkgName(char const*)+258)
    #06 pc 0001059d  /system/lib/libandroidfw.so (android::AssetManager::getBasePackageName(unsigned int)+68)
    #07 pc 000822cf  /system/lib/libandroid_runtime.so
    #08 pc 0028ec2b  /data/dalvik-cache/arm/system@framework@boot.oat

stack:
         9b4a63c8  000e5000  
         9b4a63cc  a5ba9b49  
         9b4a63d0  b7ea3706  [heap]
         9b4a63d4  007a0062  
         9b4a63d8  b6e8f0d8  
         9b4a63dc  9cbb7000  /system/app/LatinIME/LatinIME.apk
         9b4a63e0  007a006a  
         9b4a63e4  b6e482cd  /system/lib/libc.so (__libc_fatal_no_abort+16)
         9b4a63e8  b6e7fee5  /system/lib/libc.so
         9b4a63ec  9b4a63fc  [stack:8184]
         9b4a63f0  b6e8371e  /system/lib/libc.so
         9b4a63f4  b6e5ee57  /system/lib/libc.so (dlfree+1238)
         9b4a63f8  b6e7fee5  /system/lib/libc.so
         9b4a63fc  007a0062  
         9b4a6400  b6e8371e  /system/lib/libc.so
         9b4a6404  00000000  
    #00  9b4a6408  9b4a64ac  [stack:8184]
         9b4a640c  00000102  
         9b4a6410  00000000  
         9b4a6414  9b4a6464  [stack:8184]
         9b4a6418  9b4a645c  [stack:8184]
         9b4a641c  b6e453a5  /system/lib/libc.so (free+12)
    #01  9b4a6420  b6e8f240  
         9b4a6424  b6d48b19  /system/lib/libandroidfw.so (android::ResStringPool::uninit()+42)
    #02  9b4a6428  9b4a6484  [stack:8184]
         9b4a642c  b7ea10b0  [heap]
         9b4a6430  9b4a6468  [stack:8184]
         9b4a6434  b6d49853  /system/lib/libandroidfw.so (android::ResXMLTree::uninit()+16)
    #03  9b4a6438  9b4a6484  [stack:8184]
         9b4a643c  b6d49871  /system/lib/libandroidfw.so (android::ResXMLTree::~ResXMLTree()+8)
    #04  9b4a6440  9b4a6484  [stack:8184]
         9b4a6444  b6d4653f  /system/lib/libandroidfw.so (android::AssetManager::getPkgName(char const*)+262)
    #05  9b4a6448  00000001  
         9b4a644c  b7e9ea98  [heap]
         9b4a6450  997ed960  /data/app/org.mariotaku.twidere-1/base.apk
         9b4a6454  9b4a6458  [stack:8184]
         9b4a6458  00000008  
         9b4a645c  b7c92d10  [heap]
         9b4a6460  00000015  
         9b4a6464  b7ea1060  [heap]
         9b4a6468  b7ea0fc8  [heap]
         9b4a646c  00000002  
         9b4a6470  b7a18698  [heap]
         9b4a6474  b7a18698  [heap]
         9b4a6478  b7a18698  [heap]
         9b4a647c  b7a18698  [heap]
         9b4a6480  00000000  
         9b4a6484  9b4a6484  [stack:8184]
         ........  ........
    #06  9b4a6518  9b4a653c  [stack:8184]
         9b4a651c  b7ea1060  [heap]
         9b4a6520  00000002  
         9b4a6524  9b4a653c  [stack:8184]
         9b4a6528  b7e1e448  [heap]
         9b4a652c  00000000  
         9b4a6530  00000000  
         9b4a6534  b6f452d3  /system/lib/libandroid_runtime.so
    #07  9b4a6538  b7e1e448  [heap]
         9b4a653c  9b4a655c  [stack:8184]
         9b4a6540  0000005c  
         9b4a6544  703513d0  /data/dalvik-cache/arm/system@framework@boot.art
         9b4a6548  00000002  
         9b4a654c  728e4c2d  /data/dalvik-cache/arm/system@framework@boot.oat
    #08  9b4a6550  70a3b660  /data/dalvik-cache/arm/system@framework@boot.art
         9b4a6554  9b4a67d4  [stack:8184]
         9b4a6558  00000001  
         9b4a655c  15494fb0  /dev/ashmem/dalvik-main space (deleted)
         9b4a6560  0000000b  
         9b4a6564  00000003  
         9b4a6568  00000000  
         9b4a656c  72f35cdd  /data/dalvik-cache/arm/system@framework@boot.oat
         9b4a6570  73db6530  /dev/ashmem/dalvik-zygote space (deleted)
         9b4a6574  703513d0  /data/dalvik-cache/arm/system@framework@boot.art
         9b4a6578  00000002  
         9b4a657c  00000000  
         9b4a6580  00000000  
         9b4a6584  15494fb0  /dev/ashmem/dalvik-main space (deleted)
         9b4a6588  15494fb0  /dev/ashmem/dalvik-main space (deleted)
         9b4a658c  72d96d3f  /data/dalvik-cache/arm/system@framework@boot.oat

[herbsmn]

@mariotaku any news on this?

[mariotaku]

@herbsmn I still can't reproduce. does new version works?

[koko-ng]

I think it's related to a common dependency that these three projects have, I'm guessing that the newest build tools could cause a problem.
It seems that the part of the android framework that causes a segfault is specific to cyanogenmod and has never been part of AOSP. LineageOS 14 has the same AssetManager code as in AOSP. If it is a problem with newer android Sdk, unfortunately it sounds to me like the definitive end of cyanogenmod and the update to a newer ROM will be mandatory...

[pihug12]

Just find out the related bug report: https://issuetracker.google.com/issues/64434571

Workaround:

If you need to build with 3.0 but are running into this bug you can disable aapt2 using -Pandroid.enableAapt2=false on the command line when doing your build.

Explanation:

CyanogenMod has this function getPkgName (https://github.com/CyanogenMod/android_frameworks_base/blob/cm-13.0/libs/androidfw/AssetManager.cpp). It creates a ResXMLTree on the stack and points it at a buffer from an asset without making a copy. Then it closes the asset before the ResXMLTree is destroyed.

For apps built by aapt, this is benign. However, aapt2 produces UTF-8 string pools, which cause the ResXMLTree's ResStringPool(mStrings)'s mCache to become non-null in ResStringPool::stringAt (https://github.com/CyanogenMod/android_frameworks_base/blob/cm-13.0/libs/androidfw/ResourceTypes.cpp). Then ResStringPool::uninit dereferences mHeader (which is now dangling), and a crash ensues.

This crash shows up in different ways. On one Cyanogen OS device, the launcher crashes when an app built with aapt2 has been installed, but only if the manifest is large (probably due to how deallocation happens for small vs large blobs). On another device, system_server crashes at boot if an aapt2-built app is installed.

[rogers1106]

Is there a download with this fix available for testing? v3.7.1 still crashes my devices with CM13 or LOS13.
BTW: It's even enough to place the apk in Download-folder without installing it. Total Commander will crash while opening this folder. The same happens with the Nova Launcher apk. Strange thing.

[mariotaku]

@rogers1106 3.7.1 switched back to aapt. I'll make sure it switched successfully. However if this still not working, there'll be nothing we can do at this moment.

[koko-ng]

@rogers1106 Actually that can be explained, I think that Total Commander tries to read the app's manifest with the android built-in functions which, as explained earlier, raises an error.

@mariotaku Unfortunately, it's isn't working on my side too.

[rogers1106]

@mariotaku Nova Launcher had the same problem. It's fixed in the latest beta but I do not know what was done.

[mknopp]

@mariotaku With 3.7.1 the problem is fixed for me (Google Nexus 10, LineageOS 13.0-20171014-nightly-manta)

[rogers1106]

Today I installed 3.7.1 without problems. Maybe LineageOS changed something for 13.0. However, thanks for your time.

[PiJ82]

I upgraded from CM 12.1 to Lineage OS 14.1 and installed the latest version 3.5.1 of Twidere from fdroid repos. Works like a charm.

[mirabilos]

Thanks for the many links in this thread. I had the same problem, and found both supposed fixes, and found that one does not just work but is also easily applied by a one-byte(!) binary patch to the ROM:

https://forum.xda-developers.com/showpost.php?p=75958727&postcount=184

[mariotaku]

Close due to long time inactivity.