Regression: Null Pointer deref in GrapheneOs Android 12

This crash doesn't occur before 16b5520, so one of the commits since then causes this

Model: Pixel 4a sunfish
Android version: 12
Build number: SQ1A.220205.002.2022021415 (GrapheneOs)

02-15 18:44:12.011 10336 10336 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
02-15 18:44:12.011 10336 10336 F DEBUG   : Build fingerprint: 'google/sunfish/sunfish:12/SQ1A.220205.002/2022021415:user/release-keys'
02-15 18:44:12.012 10336 10336 F DEBUG   : Revision: 'MP1.0'
02-15 18:44:12.012 10336 10336 F DEBUG   : ABI: 'arm64'
02-15 18:44:12.012 10336 10336 F DEBUG   : Timestamp: 2022-02-15 18:44:11.651946157-0500
02-15 18:44:12.012 10336 10336 F DEBUG   : Process uptime: 0s
02-15 18:44:12.012 10336 10336 F DEBUG   : Cmdline: com.aliucord
02-15 18:44:12.012 10336 10336 F DEBUG   : pid: 10217, tid: 10217, name: com.aliucord  >>> com.aliucord <<<
02-15 18:44:12.012 10336 10336 F DEBUG   : uid: 10236
02-15 18:44:12.012 10336 10336 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
02-15 18:44:12.012 10336 10336 F DEBUG   : Cause: null pointer dereference
02-15 18:44:12.012 10336 10336 F DEBUG   :     x0  0000e5bc14b934f0  x1  0000d7ebb2e4864c  x2  0000000000000000  x3  0000000000000000
02-15 18:44:12.012 10336 10336 F DEBUG   :     x4  0000000000000000  x5  0000000000000000  x6  0000000000000000  x7  00000000ffffffff
02-15 18:44:12.012 10336 10336 F DEBUG   :     x8  0000000000000000  x9  0000000000000000  x10 0000e5bc14b93409  x11 0000e5bc14b934f0
02-15 18:44:12.012 10336 10336 F DEBUG   :     x12 0000e5bc14b93638  x13 0000e5bc14b9344c  x14 0000d7ebb2e188fc  x15 0000000000000000
02-15 18:44:12.012 10336 10336 F DEBUG   :     x16 0000d7ebb3413648  x17 0000d81f282915d0  x18 0000d81f3a4e2000  x19 0000000000000000
02-15 18:44:12.012 10336 10336 F DEBUG   :     x20 0000000000000000  x21 b400d8052dabe200  x22 b400d80ac7e83400  x23 0000e5bc14b93630
02-15 18:44:12.012 10336 10336 F DEBUG   :     x24 0000e5bc14b93648  x25 0000e5bc14b93664  x26 0000000000000000  x27 0000d7ebb3617000
02-15 18:44:12.012 10336 10336 F DEBUG   :     x28 0000000000000000  x29 0000e5bc14b93480
02-15 18:44:12.012 10336 10336 F DEBUG   :     lr  0000d7ebb2e24bdc  sp  0000e5bc14b932d0  pc  0000d7ebb2e487b0  pst 0000000080000000
02-15 18:44:12.012 10336 10336 F DEBUG   : backtrace:
02-15 18:44:12.012 10336 10336 F DEBUG   :       #00 pc 00000000002487b0  /apex/com.android.art/lib64/libart.so (void art::interpreter::ExecuteSwitchImplCpp<true, false>(art::interpreter::SwitchImplContext*)+356) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #01 pc 0000000000224bd8  /apex/com.android.art/lib64/libart.so (ExecuteSwitchImplAsm+8) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #02 pc 00000000003dad2c  /apex/com.android.art/lib64/libart.so (art::interpreter::ExecuteSwitch(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool)+300) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #03 pc 00000000003d32a0  /apex/com.android.art/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool)+216) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #04 pc 0000000000730d94  /apex/com.android.art/lib64/libart.so!libart.so (artQuickToInterpreterBridge+784) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #05 pc 0000000000222378  /apex/com.android.art/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #06 pc 0000000000218964  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #07 pc 0000000000284080  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+184) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #08 pc 0000000000616460  /apex/com.android.art/lib64/libart.so!libart.so (_jobject* art::InvokeMethod<(art::PointerSize)8>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+1392) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #09 pc 000000000058932c  /apex/com.android.art/lib64/libart.so!libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+52) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #10 pc 00000000000b2f74  /apex/com.android.art/javalib/arm64/boot.oat (art_jni_trampoline+132) (BuildId: 31c635edc264c8f81d13c0174b92a1bb14cd7f64)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #11 pc 000000000326d90c  /data/app/~~WZ_A4sBovS6J0CiAgvURdQ==/com.aliucord-YuRA3Zku8l6YrAkAjdZT-w==/oat/arm64/base.odex (top.canyie.pine.Pine.handleCall+1228)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #12 pc 0000000003273170  /data/app/~~WZ_A4sBovS6J0CiAgvURdQ==/com.aliucord-YuRA3Zku8l6YrAkAjdZT-w==/oat/arm64/base.odex (top.canyie.pine.entry.Arm64Entry.handleBridge+2416)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #13 pc 00000000032733e4  /data/app/~~WZ_A4sBovS6J0CiAgvURdQ==/com.aliucord-YuRA3Zku8l6YrAkAjdZT-w==/oat/arm64/base.odex (top.canyie.pine.entry.Arm64Entry.voidBridge+36)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #14 pc 0000000000218964  /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+548) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #15 pc 0000000000284080  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+184) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #16 pc 0000000000571ce8  /apex/com.android.art/lib64/libart.so!libart.so (art::Class_newInstance(_JNIEnv*, _jobject*)+716) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #17 pc 00000000000ab1cc  /apex/com.android.art/javalib/arm64/boot.oat (art_jni_trampoline+92) (BuildId: 31c635edc264c8f81d13c0174b92a1bb14cd7f64)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #18 pc 0000000000212520  /apex/com.android.art/lib64/libart.so (nterp_helper+4016) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #19 pc 0000000000015232  [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.aliucord/code_cache/Aliucord.zip] (com.aliucord.PluginManager.loadPlugin+290)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #20 pc 00000000002115a4  /apex/com.android.art/lib64/libart.so (nterp_helper+52) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #21 pc 0000000000014c2a  [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.aliucord/code_cache/Aliucord.zip] (com.aliucord.Main.loadAllPlugins+122)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #22 pc 00000000002115a4  /apex/com.android.art/lib64/libart.so (nterp_helper+52) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #23 pc 0000000000014d06  [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.aliucord/code_cache/Aliucord.zip] (com.aliucord.Main.preInit+38)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #24 pc 0000000000218be8  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #25 pc 000000000028409c  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+212) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #26 pc 0000000000616460  /apex/com.android.art/lib64/libart.so!libart.so (_jobject* art::InvokeMethod<(art::PointerSize)8>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+1392) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #27 pc 000000000058932c  /apex/com.android.art/lib64/libart.so!libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+52) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #28 pc 00000000000b2f74  /apex/com.android.art/javalib/arm64/boot.oat (art_jni_trampoline+132) (BuildId: 31c635edc264c8f81d13c0174b92a1bb14cd7f64)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #29 pc 00000000007f50f0  /data/app/~~WZ_A4sBovS6J0CiAgvURdQ==/com.aliucord-YuRA3Zku8l6YrAkAjdZT-w==/oat/arm64/base.odex (com.aliucord.injector.Injector.init+2336)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #30 pc 00000000007f3294  /data/app/~~WZ_A4sBovS6J0CiAgvURdQ==/com.aliucord-YuRA3Zku8l6YrAkAjdZT-w==/oat/arm64/base.odex (com.aliucord.injector.Injector$1.beforeCall+148)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #31 pc 000000000326d6b0  /data/app/~~WZ_A4sBovS6J0CiAgvURdQ==/com.aliucord-YuRA3Zku8l6YrAkAjdZT-w==/oat/arm64/base.odex (top.canyie.pine.Pine.handleCall+624)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #32 pc 0000000003273170  /data/app/~~WZ_A4sBovS6J0CiAgvURdQ==/com.aliucord-YuRA3Zku8l6YrAkAjdZT-w==/oat/arm64/base.odex (top.canyie.pine.entry.Arm64Entry.handleBridge+2416)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #33 pc 00000000032733e4  /data/app/~~WZ_A4sBovS6J0CiAgvURdQ==/com.aliucord-YuRA3Zku8l6YrAkAjdZT-w==/oat/arm64/base.odex (top.canyie.pine.entry.Arm64Entry.voidBridge+36)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #34 pc 00000000004875f4  /system/framework/arm64/boot-framework.oat (android.app.Activity.performCreate+692) (BuildId: 91abc28b732b3458e43ddf501f3ef7c4c65bdb35)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #35 pc 00000000001e4e44  /system/framework/arm64/boot-framework.oat (android.app.Instrumentation.callActivityOnCreate+84) (BuildId: 91abc28b732b3458e43ddf501f3ef7c4c65bdb35)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #36 pc 00000000002d1cd0  /system/framework/arm64/boot-framework.oat (android.app.ActivityThread.performLaunchActivity+2880) (BuildId: 91abc28b732b3458e43ddf501f3ef7c4c65bdb35)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #37 pc 00000000002d7c50  /system/framework/arm64/boot-framework.oat (android.app.ActivityThread.handleLaunchActivity+544) (BuildId: 91abc28b732b3458e43ddf501f3ef7c4c65bdb35)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #38 pc 0000000000493368  /system/framework/arm64/boot-framework.oat (android.app.servertransaction.LaunchActivityItem.execute+136) (BuildId: 91abc28b732b3458e43ddf501f3ef7c4c65bdb35)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #39 pc 000000000020e958  /system/framework/arm64/boot-framework.oat (android.app.servertransaction.TransactionExecutor.executeCallbacks+1944) (BuildId: 91abc28b732b3458e43ddf501f3ef7c4c65bdb35)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #40 pc 000000000020e108  /system/framework/arm64/boot-framework.oat (android.app.servertransaction.TransactionExecutor.execute+984) (BuildId: 91abc28b732b3458e43ddf501f3ef7c4c65bdb35)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #41 pc 00000000002bc27c  /system/framework/arm64/boot-framework.oat (android.app.ActivityThread$H.handleMessage+1388) (BuildId: 91abc28b732b3458e43ddf501f3ef7c4c65bdb35)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #42 pc 00000000004f1e0c  /system/framework/arm64/boot-framework.oat (android.os.Handler.dispatchMessage+188) (BuildId: 91abc28b732b3458e43ddf501f3ef7c4c65bdb35)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #43 pc 00000000004f4cbc  /system/framework/arm64/boot-framework.oat (android.os.Looper.loopOnce+1036) (BuildId: 91abc28b732b3458e43ddf501f3ef7c4c65bdb35)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #44 pc 00000000004f4814  /system/framework/arm64/boot-framework.oat (android.os.Looper.loop+516) (BuildId: 91abc28b732b3458e43ddf501f3ef7c4c65bdb35)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #45 pc 00000000002d05dc  /system/framework/arm64/boot-framework.oat (android.app.ActivityThread.main+732) (BuildId: 91abc28b732b3458e43ddf501f3ef7c4c65bdb35)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #46 pc 0000000000218be8  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #47 pc 000000000028409c  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+212) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #48 pc 0000000000616460  /apex/com.android.art/lib64/libart.so!libart.so (_jobject* art::InvokeMethod<(art::PointerSize)8>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+1392) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #49 pc 000000000058932c  /apex/com.android.art/lib64/libart.so!libart.so (art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*)+52) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #50 pc 00000000000b2f74  /apex/com.android.art/javalib/arm64/boot.oat (art_jni_trampoline+132) (BuildId: 31c635edc264c8f81d13c0174b92a1bb14cd7f64)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #51 pc 000000000081db2c  /system/framework/arm64/boot-framework.oat (com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+140) (BuildId: 91abc28b732b3458e43ddf501f3ef7c4c65bdb35)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #52 pc 0000000000213344  /apex/com.android.art/lib64/libart.so (nterp_helper+7636) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #53 pc 000000000023ec58  /system/framework/framework.jar (com.android.internal.os.ExecInit.main+88)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #54 pc 0000000000218be8  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #55 pc 000000000028409c  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+212) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #56 pc 0000000000616bb4  /apex/com.android.art/lib64/libart.so!libart.so (art::JValue art::InvokeWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+448) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #57 pc 0000000000617080  /apex/com.android.art/lib64/libart.so!libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+92) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #58 pc 00000000004943e4  /apex/com.android.art/lib64/libart.so!libart.so (art::JNI<false>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+608) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #59 pc 00000000000aead0  /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+120) (BuildId: bce1bef7a68eee8d6249316ee1d950e8)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #60 pc 00000000000b6590  /system/lib64/libandroid_runtime.so (android::AndroidRuntime::callMain(android::String8 const&, _jclass*, android::Vector<android::String8> const&)+336) (BuildId: bce1bef7a68eee8d6249316ee1d950e8)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #61 pc 0000000000002970  /system/bin/app_process64 (android::AppRuntime::onStarted()+68) (BuildId: c310efd88e423b9def9ef49470415443)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #62 pc 000000000018dba8  /system/framework/arm64/boot-framework.oat (art_jni_trampoline+88) (BuildId: 91abc28b732b3458e43ddf501f3ef7c4c65bdb35)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #63 pc 0000000000211608  /apex/com.android.art/lib64/libart.so (nterp_helper+152) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #64 pc 000000000024be70  /system/framework/framework.jar (com.android.internal.os.RuntimeInit.main+48)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #65 pc 0000000000218be8  /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+568) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #66 pc 000000000028409c  /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+212) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #67 pc 0000000000616bb4  /apex/com.android.art/lib64/libart.so!libart.so (art::JValue art::InvokeWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+448) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #68 pc 0000000000617080  /apex/com.android.art/lib64/libart.so!libart.so (art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+92) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #69 pc 00000000004943e4  /apex/com.android.art/lib64/libart.so!libart.so (art::JNI<false>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+608) (BuildId: a27082b324a4ccea3b51ca05f5518733)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #70 pc 00000000000aead0  /system/lib64/libandroid_runtime.so (_JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+120) (BuildId: bce1bef7a68eee8d6249316ee1d950e8)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #71 pc 00000000000ba004  /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+828) (BuildId: bce1bef7a68eee8d6249316ee1d950e8)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #72 pc 000000000000257c  /system/bin/app_process64 (main+1320) (BuildId: c310efd88e423b9def9ef49470415443)
02-15 18:44:12.012 10336 10336 F DEBUG   :       #73 pc 00000000000447f0  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+96) (BuildId: b396b06c4dfca6e23e4e768ddd53c782)

Does this crash always happen? I guess the break commit is b33057e

pine/core/src/main/cpp/art/art_method.cpp

Lines 244 to 245 in b33057e

    
           bool clear_jit_info_ref = Android::version >= Android::kN && !Android::MoveJitInfo(source, this) 
        
                   && !is_inline_hook && !is_native_or_proxy && art_quick_to_interpreter_bridge;

Previously we won't clear method jit info references on Android S, commit b33057e changed this.

Maybe comment out this line will help?

pine/core/src/main/cpp/art/art_method.cpp

Line 253 in b33057e

entry_point_from_jni_.Set(this, nullptr);

Oh, the data_ member now refers CodeItem instead of ProfilingInfo in Android 12 so we cannot clear it.
https://cs.android.com/android/platform/superproject/+/master:art/runtime/art_method.h;l=824;bpv=1;bpt=1?q=art_method.h&ss=android%2Fplatform%2Fsuperproject
https://cs.android.com/android/platform/superproject/+/master:art/runtime/art_method-inl.h;drc=master;l=251

However this branch will only be reached if we cannot move jit info, which will be an issue. May you upload full log?

hi, I'm the user who has been crashing. here is the full log:

adb_logs.txt

We can confirm the latest commit fixes it, thanks a lot!

Checked logs and source code of GrapheneOs, but can't find why MoveObsoleteMethod() does not work. Maybe that ROM does not use JIT compilation so there is no JitCodeCache. Anyway, the problem causing crashes has been fixed, so I think this issue can be closed now.

	bool clear_jit_info_ref = Android::version >= Android::kN && !Android::MoveJitInfo(source, this)
	&& !is_inline_hook && !is_native_or_proxy && art_quick_to_interpreter_bridge;