frida-discover crashes when attempting to instrument any Android app

[casept]

frida-discover crashes whenever I try to instrument an Android app. Phone is a Moto G8 running the latest Android 11 - based stock ROM, rooted via magisk and frida-server version 16.2.1 running via MagiskFrida.

The crash doesn't happen when instrumenting non-app native binaries, for example adbd can be traced just fine.

Invocation that causes the crash:

frida-discover -U -f lv.amberphone.pasazieruvilciens
Tracing 14 threads. Press ENTER to stop.
Process crashed: Bad access due to invalid address

***
*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'motorola/rav_reteu/rav:11/RPJS31.Q4U-47-35-17/4bff0:user/release-keys'
Revision: 'pvt1'
ABI: 'arm64'
Timestamp: 2024-04-21 15:22:13+0200
pid: 18503, tid: 18503, name: sazieruvilciens  >>> lv.amberphone.pasazieruvilciens <<<
uid: 10252
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xa8
Cause: null pointer dereference
    x0  0000000000000000  x1  00000073898d6950  x2  0000000000000020  x3  0000007fce5bc750
    x4  0000007fce5bc740  x5  00000073769fcf70  x6  000000000000003b  x7  000000000000003b
    x8  d7f563c5aafa3bc5  x9  0000000000000070  x10 000000000000077a  x11 0000000000000001
    x12 0000000000000000  x13 6461657268547974  x14 0000000000000000  x15 0000007389cb7e1c
    x16 0000000000000001  x17 0000000000000000  x18 000000761fc82000  x19 00000073898d6950
    x20 0000007fce5bcaf0  x21 000000761f5b6000  x22 0000007fce5bcc74  x23 0000000000000001
    x24 b400007459f40c10  x25 0000007fce5bcc30  x26 000000761f5b6000  x27 0000007fce5bcc74
    x28 b4000073a9f9bea0  x29 0000007fce5bc790
    lr  00000073898d6954  sp  0000007fce5bc720  pc  00000073769b0534  pst 0000000080000000
backtrace:
      #00 pc 000000000000f534  <anonymous:73769a1000>
      #01 pc 00000000001d1950  /apex/com.android.art/lib64/libart.so!libart.so (offset 0x1cf000) (art::ClassLinker::FindClass(art::Thread*, char const*, art::Handle<art::mirror::ClassLoader>)+64) (BuildId: 0a722124e1d08ab1896df95b634bc489)
      #02 pc 00000000001d1950  /apex/com.android.art/lib64/libart.so!libart.so (offset 0x1cf000) (art::ClassLinker::FindClass(art::Thread*, char const*, art::Handle<art::mirror::ClassLoader>)+64) (BuildId: 0a722124e1d08ab1896df95b634bc489)
      #03 pc 00000000004bad40  /apex/com.android.art/lib64/libart.so!libart.so (offset 0x4ba000) (art::Class_classForName(_JNIEnv*, _jclass*, _jstring*, unsigned char, _jobject*)+240) (BuildId: 0a722124e1d08ab1896df95b634bc489)
      #04 pc 0000000000088700  /apex/com.android.art/javalib/arm64/boot.oat!boot.oat (offset 0x87000) (art_jni_trampoline+208) (BuildId: 3e3ea5103a981990f48a705f4e414e59580dd247)
      #05 pc 00000000001ed550  /apex/com.android.art/javalib/arm64/boot.oat!boot.oat (offset 0x1ed000) (java.lang.Class.forName+112) (BuildId: 3e3ea5103a981990f48a705f4e414e59580dd247)
      #06 pc 000000000088cc28  /system/framework/arm64/boot-framework.oat!boot-framework.oat (offset 0x88c000) (com.android.internal.os.RuntimeInit.findStaticMain+72) (BuildId: bf49d9404e668e810dbbfb0d664f5257be974f5b)
      #07 pc 000000000088c95c  /system/framework/arm64/boot-framework.oat!boot-framework.oat (offset 0x88c000) (com.android.internal.os.RuntimeInit.applicationInit+268) (BuildId: bf49d9404e668e810dbbfb0d664f5257be974f5b)
      #08 pc 00000000008918a8  /system/framework/arm64/boot-framework.oat!boot-framework.oat (offset 0x891000) (com.android.internal.os.ZygoteConnection.handleChildProc+376) (BuildId: bf49d9404e668e810dbbfb0d664f5257be974f5b)
      #09 pc 0000000000892e70  /system/framework/arm64/boot-framework.oat!boot-framework.oat (offset 0x891000) (com.android.internal.os.ZygoteConnection.processOneCommand+2080) (BuildId: bf49d9404e668e810dbbfb0d664f5257be974f5b)
      #10 pc 0000000000898698  /system/framework/arm64/boot-framework.oat!boot-framework.oat (offset 0x893000) (com.android.internal.os.ZygoteServer.runSelectLoop+1848) (BuildId: bf49d9404e668e810dbbfb0d664f5257be974f5b)
      #11 pc 0000000000894c9c  /system/framework/arm64/boot-framework.oat!boot-framework.oat (offset 0x893000) (com.android.internal.os.ZygoteInit.main+2204) (BuildId: bf49d9404e668e810dbbfb0d664f5257be974f5b)
      #12 pc 00000000001337e8  /apex/com.android.art/lib64/libart.so!libart.so (offset 0x133000) (art_quick_invoke_static_stub+568) (BuildId: 0a722124e1d08ab1896df95b634bc489)
      #13 pc 00000000001a8a94  /apex/com.android.art/lib64/libart.so!libart.so (offset 0x1a8000) (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+228) (BuildId: 0a722124e1d08ab1896df95b634bc489)
      #14 pc 0000000000555aa4  /apex/com.android.art/lib64/libart.so!libart.so (offset 0x4cc000) (art::JValue art::InvokeWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+448) (BuildId: 0a722124e1d08ab1896df95b634bc489)
      #15 pc 0000000000555f58  /apex/com.android.art/lib64/libart.so!libart.so (offset 0x4cc000) (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+92) (BuildId: 0a722124e1d08ab1896df95b634bc489)
      #16 pc 0000000000439934  /apex/com.android.art/lib64/libart.so!libart.so (offset 0x3fd000) (art::JNI<true>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+656) (BuildId: 0a722124e1d08ab1896df95b634bc489)
      #17 pc 000000000009a424  /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+124) (BuildId: 56041543df91e200c84516886d287220)
      #18 pc 00000000000a1b98  /system/lib64/libandroid_runtime.so!libandroid_runtime.so (offset 0xa1000) (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+836) (BuildId: 56041543df91e200c84516886d287220)
      #19 pc 0000000000003580  /system/bin/app_process64 (main+1336) (BuildId: 5463caaab2d4eb36a2d74300807a7dbc)
      #20 pc 000000000004988c  /apex/com.android.runtime/lib64/bionic/libc.so!libc.so (offset 0x42000) (__libc_init+108) (BuildId: 41c660c694a41af9265f00d2b0edc316)
***
Stopping...

Complete Android tombstone: see https://gist.github.com/casept/ea245341f09142456b2088b64442d0d8