safe mode right after installing the tweak

[joyas11]

installed the latest release 1.2.1

i dmed you on discord regarding this, maybe we can try fixing it

[joyas11]

Incident Identifier: B20389C3-6B4B-4671-BCE4-EB371F65D7EA
CrashReporter Key: e0738ab5d047ea0cc899efb8f9cb9f343e82a97c
Hardware Model: iPhone14,2
Process: SpringBoard [2273]
Path: /System/Library/CoreServices/SpringBoard.app/SpringBoard
Identifier: com.apple.springboard
Version: 1.0 (50)
Code Type: ARM-64 (Native)
Role: Foreground
Parent Process: launchd [1]
Coalition: com.apple.springboard [1067]

Date/Time: 2024-03-03 07:40:26.1236 +0530
Launch Time: 2024-03-03 07:40:25.7297 +0530
OS Version: iPhone OS 16.0 (20A362)
Release Type: User
Baseband Version: 2.09.01
Report Version: 104

Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0xdd0db80104850000 -> 0x0000000104850000 (possible pointer authentication failure)
Exception Codes: 0x0000000000000001, 0xdd0db80104850000
VM Region Info: 0x104850000 is in 0x10484c000-0x104854000; bytes after start: 16384 bytes before end: 16383
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
MALLOC_LARGE 104834000-10484c000 [ 96K] rw-/rwx SM=PRV
---> __TEXT 10484c000-104854000 [ 32K] r-x/rwx SM=COW ...rollPad.dylib
__DATA_CONST 104854000-104858000 [ 16K] r--/rw- SM=COW ...rollPad.dylib
Triggered by Thread: 0

Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 ??? 0xffffff8104850000 ???
1 UIKitCore 0x1b630484c __63-[_UIApplicationConfigurationLoader _loadInitializationContext]_block_invoke_2 + 204
2 UIKitCore 0x1b63f08dc UIAPPLICATION_IS_LOADING_INITIALIZATION_INFO_FROM_THE_SYSTEM + 28
3 UIKitCore 0x1b646a4a8 __63-[_UIApplicationConfigurationLoader _loadInitializationContext]_block_invoke + 100
4 libdispatch.dylib 0x1bb259fdc _dispatch_client_callout + 20
5 libdispatch.dylib 0x1bb25b828 _dispatch_once_callout + 32
6 UIKitCore 0x1b60dafec -[_UIApplicationConfigurationLoader _loadInitializationContext] + 152
7 UIKitCore 0x1b6304e60 -[_UIApplicationConfigurationLoader startPreloadInitializationContext] + 40
8 UIKitCore 0x1b6304dd4 -[_UIScreenInitialDisplayConfigurationLoader _startPreloadInitialDisplayContext] + 48
9 UIKitCore 0x1b6170b0c -[UIScreenInitialDisplayConfigurationLoader initialDisplayContext] + 44
10 UIKitCore 0x1b61709e8 +[UIScreen initialize] + 116
11 libobjc.A.dylib 0x1ad1a0fe0 CALLING_SOME+initialize_METHOD + 24
12 libobjc.A.dylib 0x1ad196230 initializeNonMetaClass + 608
13 libobjc.A.dylib 0x1ad1b0450 initializeAndMaybeRelock(objc_class*, objc_object*, locker_mixin<lockdebug::lock_mixin<objc_lock_base_t> >&, bool) + 184
14 libobjc.A.dylib 0x1ad193c78 lookUpImpOrForward + 872
15 libobjc.A.dylib 0x1ad18e0c4 _objc_msgSend_uncached + 68
16 UIKitCore 0x1b68f0aa0 -[_UIDisplayObserver displayMonitor:didConnectIdentity:withConfiguration:] + 72
17 FrontBoardServices 0x1c97a89d8 -[FBSDisplayMonitor _postInitialBookendObserverConnections] + 440
18 FrontBoard 0x1d01c5004 FBSystemShellInitialize + 924
19 SpringBoard 0x1f38a8ecc SBSystemAppMain + 5036
20 dyld 0x104899948 start + 2504

Thread 1:
0 libsystem_pthread.dylib 0x2006fcb90 start_wqthread + 0

Thread 2:
0 libsystem_pthread.dylib 0x2006fcb90 start_wqthread + 0

Thread 3:
0 libsystem_pthread.dylib 0x2006fcb90 start_wqthread + 0

Thread 4 name: Dispatch queue: com.apple.root.user-interactive-qos
Thread 4:
0 libsystem_kernel.dylib 0x1f04bfadc semaphore_timedwait_trap + 8
1 libdispatch.dylib 0x1bb25a5f4 _dispatch_sema4_timedwait + 64
2 libdispatch.dylib 0x1bb25abf4 _dispatch_semaphore_wait_slow + 76
3 UIKitServices 0x1c0e476d8 __37-[UISApplicationSupportService start]_block_invoke + 180
4 libdispatch.dylib 0x1bb2584b4 _dispatch_call_block_and_release + 32
5 libdispatch.dylib 0x1bb259fdc _dispatch_client_callout + 20
6 libdispatch.dylib 0x1bb26bb8c _dispatch_root_queue_drain + 684
7 libdispatch.dylib 0x1bb26c284 _dispatch_worker_thread2 + 164
8 libsystem_pthread.dylib 0x2006fcdbc _pthread_wqthread + 228
9 libsystem_pthread.dylib 0x2006fcb98 start_wqthread + 8

Thread 5:
0 libsystem_pthread.dylib 0x2006fcb90 start_wqthread + 0

Thread 6:
0 libsystem_pthread.dylib 0x2006fcb90 start_wqthread + 0

Thread 7:
0 libsystem_pthread.dylib 0x2006fcb90 start_wqthread + 0

Thread 8:
0 libsystem_pthread.dylib 0x2006fcb90 start_wqthread + 0

Thread 9:
0 libsystem_pthread.dylib 0x2006fcb90 start_wqthread + 0

Thread 10:
0 libsystem_pthread.dylib 0x2006fcb90 start_wqthread + 0

Thread 11:
0 libsystem_pthread.dylib 0x2006fcb90 start_wqthread + 0

Thread 12 name: Dispatch queue: com.apple.frontboard.profileManager.taskQueue
Thread 12:
0 libsystem_kernel.dylib 0x1f04bfb48 mach_msg2_trap + 8
1 libsystem_kernel.dylib 0x1f04d2008 mach_msg2_internal + 80
2 libsystem_kernel.dylib 0x1f04d2248 mach_msg_overwrite + 388
3 libsystem_kernel.dylib 0x1f04c008c mach_msg + 24
4 libdispatch.dylib 0x1bb275364 _dispatch_mach_send_and_wait_for_reply + 540
5 libdispatch.dylib 0x1bb2756ec dispatch_mach_send_with_result_and_wait_for_reply + 60
6 libxpc.dylib 0x20074f8b0 xpc_connection_send_message_with_reply_sync + 240
7 libmis.dylib 0x200b637b0 0x200b5e000 + 22448
8 libmis.dylib 0x200b63680 0x200b5e000 + 22144
9 libxpc.dylib 0x200748c78 xpc_array_apply + 96
10 libmis.dylib 0x200b5f64c MISEnumerateInstalledProvisioningProfiles + 444
11 FrontBoardServices 0x1c97a5e5c soft_MISEnumerateInstalledProvisioningProfiles + 52
12 FrontBoardServices 0x1c978eb14 -[FBSProfileManager _workQueue_reloadProfiles] + 256
13 FrontBoardServices 0x1c978e4d8 __33-[FBSProfileManager startService]_block_invoke + 36
14 libdispatch.dylib 0x1bb2584b4 _dispatch_call_block_and_release + 32
15 libdispatch.dylib 0x1bb259fdc _dispatch_client_callout + 20
16 libdispatch.dylib 0x1bb261694 _dispatch_lane_serial_drain + 672
17 libdispatch.dylib 0x1bb262214 _dispatch_lane_invoke + 436
18 libdispatch.dylib 0x1bb26ce10 _dispatch_workloop_worker_thread + 652
19 libsystem_pthread.dylib 0x2006fcdf8 _pthread_wqthread + 288
20 libsystem_pthread.dylib 0x2006fcb98 start_wqthread + 8

Thread 13:
0 libsystem_pthread.dylib 0x2006fcb90 start_wqthread + 0

Thread 0 crashed with ARM Thread State (64-bit):
x0: 0x0000000282b3c000 x1: 0x00000001f38dca94 x2: 0x0000000209ff5758 x3: 0x0b234d81c1fdba84
x4: 0x000000000000000c x5: 0x0000000000000000 x6: 0x000000010000000c x7: 0x0000000000000000
x8: 0x0000000104850000 x9: 0x0000000000000004 x10: 0x00000000000000de x11: 0x00000000000007fb
x12: 0x00000000000007fd x13: 0x00000000a36558df x14: 0x00000000a3856000 x15: 0x0000000000056000
x16: 0x00000001ad1bf2c0 x17: 0x0000000000000002 x18: 0x0000000000000000 x19: 0x0000000282b3c000
x20: 0x000000020b38bcd8 x21: 0x000000020a71bcf8 x22: 0x0000000000000003 x23: 0x0000000283c74340
x24: 0x000000000000000b x25: 0x0000000209fae63c x26: 0x0000000104915ee0 x27: 0x0000000282b6cfc0
x28: 0x00000002078fa000 fp: 0x000000016b6d6bd0 lr: 0x00000001f38dcaac
sp: 0x000000016b6d6ba0 pc: 0xffffff8104850000 cpsr: 0x60001000
far: 0xdd0db80104850000 esr: 0x56000080 Address size fault

Binary Images:
0x0 - 0xffffffffffffffff ??? unknown-arch <00000000000000000000000000000000> ???
0x1b5f62000 - 0x1b7728fff UIKitCore arm64e <7b942fa4cb7633759972f58c14492fb4> /System/Library/PrivateFrameworks/UIKitCore.framework/UIKitCore
0x1bb256000 - 0x1bb29cfff libdispatch.dylib arm64e /usr/lib/system/libdispatch.dylib
0x1ad18c000 - 0x1ad1cfc3f libobjc.A.dylib arm64e /usr/lib/libobjc.A.dylib
0x1c9747000 - 0x1c97ecfff FrontBoardServices arm64e <8e15b35ea6143142b34d2c3cbbc13a8b> /System/Library/PrivateFrameworks/FrontBoardServices.framework/FrontBoardServices
0x1d0162000 - 0x1d0203fff FrontBoard arm64e <99be8483519c38e4b474420354cec989> /System/Library/PrivateFrameworks/FrontBoard.framework/FrontBoard
0x1f3803000 - 0x1f42e1fff SpringBoard arm64e <12e42ae7ca313231a7e0cdc10cdbf2c7> /System/Library/PrivateFrameworks/SpringBoard.framework/SpringBoard
0x104884000 - 0x104907fff dyld arm64e <444f50414d494e45444f50414d494e45> /usr/lib/dyld
0x2006fc000 - 0x200707fff libsystem_pthread.dylib arm64e /usr/lib/system/libsystem_pthread.dylib
0x1f04bf000 - 0x1f04f5ffb libsystem_kernel.dylib arm64e /usr/lib/system/libsystem_kernel.dylib
0x1c0e30000 - 0x1c0e5afff UIKitServices arm64e /System/Library/PrivateFrameworks/UIKitServices.framework/UIKitServices
0x200740000 - 0x20077ffff libxpc.dylib arm64e /usr/lib/system/libxpc.dylib
0x200b5e000 - 0x200b71fff libmis.dylib arm64e <0df9034648e23bb0b07c14585e893055> /usr/lib/libmis.dylib
0x10484c000 - 0x104853fff TrollPad.dylib arm64e <8ccb147b6a5332c1b6e9452e1332b27f> /private/preboot/70E3248407569D3871DCAF18D451D7F8EFE272D778687ED779730C23F1078F74F14722BBC41E71EF693485EAFFB36211/dopamine-tHomxs/procursus/usr/lib/TweakInject/TrollPad.dylib

Error Formulating Crash Report:
dyld_process_snapshot_create_for_process failed with 5

EOF

this is the springboard crash, sorry i provided the wrong crash log earlier

[jrapf32]

Crashes for me on iPhone XS iOS 16.0.3 with a similar log at the same function.

[jrapf32]

relates to this:
line 231:

    // clang forgets to PAC this function, so we need this ugly line
    int hack = 0; if (hack) { abort(); }
    return 1;
}

line 255:

%ctor {
    // Unlock external display support for MDC versions
    void *sbFoundationHandle = dlopen("/System/Library/PrivateFrameworks/SpringBoardFoundation.framework/SpringBoardFoundation", RTLD_GLOBAL);
    // iOS 16.0
    void *extDisplayEnabledFunc = dlsym(sbFoundationHandle, "SBChamoisExternalDisplayControllerIsEnabled");
    if (!extDisplayEnabledFunc) {
        // iOS 16.1.x
        extDisplayEnabledFunc = dlsym(sbFoundationHandle, "SBFIsChamoisExternalDisplayControllerAvailable");
    }
    if (extDisplayEnabledFunc) {
        MSHookFunction((void *)extDisplayEnabledFunc, (void *)hookedExtDisplayEnabledFunc, NULL);
    }

    pref = [TPPrefsObserver new];
}

[khanhduytran0]

@jrapf32 did you try latest build?

[jrapf32]

@jrapf32 did you try latest build?

Yes @khanhduytran0

[jrapf32]

I updated to the most recent commit and it still crashes