search

frida / frida-java-bridge

Java runtime interop from Frida
324 stars 120 forks source link

hook openjdk 17 on linux will carsh #299

Open XhstormR opened 1 year ago

XhstormR commented 1 year ago

run Docker:

docker run -v "$PWD":/app -p 8080:8080 -it --entrypoint bash ubuntu

inside Docker:

# apt-get update \
&& apt install --yes --no-install-recommends openjdk-17-jdk python3-pip \
&& python3 -m pip install --upgrade --no-cache-dir frida-tools

# frida --version 
16.1.4

# java -jar demo-0.0.1-SNAPSHOT.jar &

# frida -l script.js -p 6635

script.js:

const traceMethod = (className, methodName) => {
    let clazz = Java.use(className)

    let targetClassMethod = className + '.' + methodName

    for (const method of clazz[methodName].overloads) {
        method.implementation = function() {
            let log = { 'method' : targetClassMethod, args : [] }

            for (const argument of arguments) {
                log.args.push(argument)
            }

            let ret = method.apply(this, arguments)
            log.ret = ret
            //loging(log, { i : false })
            printStackTrace()
            return ret
        }
    }
}

Java.perform(() => {
    traceMethod('java.lang.Runtime',  'exec');
})

console.log('------')

hs_err_pid6635.log:

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x0000000000000000, pid=6635, tid=6680
#
# JRE version: OpenJDK Runtime Environment (17.0.8.1+1) (build 17.0.8.1+1-Ubuntu-0ubuntu122.04)
# Java VM: OpenJDK 64-Bit Server VM (17.0.8.1+1-Ubuntu-0ubuntu122.04, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# j  com.xhstormr.app.UtilKt.readProcessOutput(Ljava/lang/String;)Ljava/util/List;+10
#
# No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# If you would like to submit a bug report, please visit:
#   Unknown
#

---------------  S U M M A R Y ------------

Command Line: demo-0.0.1-SNAPSHOT.jar

Host: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz, 12 cores, 7G, Ubuntu 22.04.3 LTS
Time: Mon Sep 25 09:18:40 2023 UTC elapsed time: 92.319722 seconds (0d 0h 1m 32s)

---------------  T H R E A D  ---------------

Current thread (0x00007f13f0b8be30):  JavaThread "http-nio-8080-exec-9" daemon [_thread_in_Java, id=6680, stack(0x00007f1376a00000,0x00007f1376b00000)]

Stack: [0x00007f1376a00000,0x00007f1376b00000],  sp=0x00007f1376afde98,  free space=1015k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
j  com.xhstormr.app.UtilKt.readProcessOutput(Ljava/lang/String;)Ljava/util/List;+10
j  org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;)V+146
j  org.apache.catalina.core.ApplicationFilterChain.doFilter(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;)V+99
j  org.apache.catalina.core.StandardWrapperValve.invoke(Lorg/apache/catalina/connector/Request;Lorg/apache/catalina/connector/Response;)V+514
j  org.apache.catalina.core.StandardContextValve.invoke(Lorg/apache/catalina/connector/Request;Lorg/apache/catalina/connector/Response;)V+169
j  org.apache.catalina.authenticator.AuthenticatorBase.invoke(Lorg/apache/catalina/connector/Request;Lorg/apache/catalina/connector/Response;)V+260
j  org.apache.catalina.core.StandardHostValve.invoke(Lorg/apache/catalina/connector/Request;Lorg/apache/catalina/connector/Response;)V+128
j  org.apache.catalina.valves.ErrorReportValve.invoke(Lorg/apache/catalina/connector/Request;Lorg/apache/catalina/connector/Response;)V+6
j  org.apache.catalina.core.StandardEngineValve.invoke(Lorg/apache/catalina/connector/Request;Lorg/apache/catalina/connector/Response;)V+59
j  org.apache.catalina.connector.CoyoteAdapter.service(Lorg/apache/coyote/Request;Lorg/apache/coyote/Response;)V+187
j  org.apache.coyote.http11.Http11Processor.service(Lorg/apache/tomcat/util/net/SocketWrapperBase;)Lorg/apache/tomcat/util/net/AbstractEndpoint$Handler$SocketState;+796
j  org.apache.coyote.AbstractProcessorLight.process(Lorg/apache/tomcat/util/net/SocketWrapperBase;Lorg/apache/tomcat/util/net/SocketEvent;)Lorg/apache/tomcat/util/net/AbstractEndpoint$Handler$SocketState;+170
j  org.apache.coyote.AbstractProtocol$ConnectionHandler.process(Lorg/apache/tomcat/util/net/SocketWrapperBase;Lorg/apache/tomcat/util/net/SocketEvent;)Lorg/apache/tomcat/util/net/AbstractEndpoint$Handler$SocketState;+489
j  org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun()V+249
j  org.apache.tomcat.util.net.SocketProcessorBase.run()V+32
j  org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(Lorg/apache/tomcat/util/threads/ThreadPoolExecutor$Worker;)V+92
j  org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run()V+5
j  org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run()V+4
j  java.lang.Thread.run()V+11 java.base@17.0.8.1
v  ~StubRoutines::call_stub
V  [libjvm.so+0x8350d5]  JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*)+0x325
V  [libjvm.so+0x836742]  JavaCalls::call_virtual(JavaValue*, Handle, Klass*, Symbol*, Symbol*, JavaThread*)+0x1b2
V  [libjvm.so+0x8ff797]  thread_entry(JavaThread*, JavaThread*)+0xa7
V  [libjvm.so+0xed406e]  JavaThread::thread_main_inner()+0xce
V  [libjvm.so+0xed7834]  Thread::call_run()+0xc4
V  [libjvm.so+0xc326c9]  thread_native_entry(Thread*)+0xe9

siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x0000000000000000

Register to memory mapping:

RAX=0x00007f137715a450 is a pointer to class: 
java.lang.Runtime {0x00007f137715a450}
 - instance size:     2
 - klass size:        85
 - access:            public synchronized 
 - state:             fully_initialized
 - name:              'java/lang/Runtime'
 - super:             'java/lang/Object'
 - sub:               
 - arrays:            NULL
 - methods:           Array<T>(0x00007f137776b610)
 - method ordering:   Array<T>(0x00007f137776b818)
 - default_methods:   Array<T>(0x0000000000000000)
 - local interfaces:  Array<T>(0x00007f13775e2768)
 - trans. interfaces: Array<T>(0x00007f13775e2768)
 - constants:         constant pool [262] {0x00007f137776a4e8} for 'java/lang/Runtime' cache=0x00007f137715bf30
 - class loader data:  loader data: 0x00007f13f0114ba0 of 'bootstrap'
 - source file:       'Runtime.java'
 - class annotations:       Array<T>(0x0000000000000000)
 - class type annotations:  Array<T>(0x0000000000000000)
 - field annotations:       Array<T>(0x0000000000000000)
 - field type annotations:  Array<T>(0x0000000000000000)
 - inner classes:     Array<T>(0x00007f137776b5f0)
 - nest members:     Array<T>(0x00007f137776b880)
 - permitted subclasses:     Array<T>(0x00007f13775e26f8)
 - java mirror:       a 'java/lang/Class'{0x00000000ffe0bae8} = 'java/lang/Runtime'
 - vtable length      25  (start addr: 0x00007f137715a620)
 - itable length      2 (start addr: 0x00007f137715a6e8)
 - ---- static fields (1 words):
 - private static final 'currentRuntime' 'Ljava/lang/Runtime;' @112 
 - private static 'version' 'Ljava/lang/Runtime$Version;' @116 
 - ---- non-static fields (0 words):
 - non-static oop maps: 
RBX=0x00007f12c28b6350 points into unknown readable memory: 0x00007f1377000630 | 30 06 00 77 13 7f 00 00
RCX=0x0000000083e438c8 is an oop: java.lang.Runtime 
{0x0000000083e438c8} - klass: 'java/lang/Runtime'
 - ---- fields (total size 2 words):
RDX=0x0 is NULL
RSP=0x00007f1376afde90 is pointing into the stack for thread: 0x00007f13f0b8be30
RBP=0x00007f1376afdef0 is pointing into the stack for thread: 0x00007f13f0b8be30
RSI=0x00007f13f0a42490 points into unknown readable memory: 0x0000001e00000003 | 03 00 00 00 1e 00 00 00
RDI=0x00007f13f0b8c8d0 points into unknown readable memory: 0x00007f137701cf38 | 38 cf 01 77 13 7f 00 00
R8 =0x00007f12c28b6350 points into unknown readable memory: 0x00007f1377000630 | 30 06 00 77 13 7f 00 00
R9 =0x0000000000000004 is an unknown value
R10=0x00007f1377000000 is pointing into metadata
R11=0x00007f13f000fcd0 points into unknown readable memory: 0x0000000000000000 | 00 00 00 00 00 00 00 00
R12=0x0 is NULL
R13=0x00007f1376afde98 is pointing into the stack for thread: 0x00007f13f0b8be30
R14=0x0 is NULL
R15=0x00007f13f0b8be30 is a thread

Registers:
RAX=0x00007f137715a450, RBX=0x00007f12c28b6350, RCX=0x0000000083e438c8, RDX=0x0000000000000000
RSP=0x00007f1376afde90, RBP=0x00007f1376afdef0, RSI=0x00007f13f0a42490, RDI=0x00007f13f0b8c8d0
R8 =0x00007f12c28b6350, R9 =0x0000000000000004, R10=0x00007f1377000000, R11=0x00007f13f000fcd0
R12=0x0000000000000000, R13=0x00007f1376afde98, R14=0x0000000000000000, R15=0x00007f13f0b8be30
RIP=0x0000000000000000, EFLAGS=0x0000000000010246, CSGSFS=0x002b000000000033, ERR=0x0000000000000014
  TRAPNO=0x000000000000000e

Top of Stack: (sp=0x00007f1376afde90)
0x00007f1376afde90:   00007f13e0ae5397 0000000085a77cd0
0x00007f1376afdea0:   0000000083e438c8 00007f1376afdea8
0x00007f1376afdeb0:   00007f13be08b442 00007f1376afdf40
0x00007f1376afdec0:   00007f13be23bb80 0000000000000000 

Instructions: (pc=0x00007f13e0ae5397)
0x00007f13e0ae5297:   41 0f b7 4d 01 48 8b 5d d0 c1 e1 02 8b 5c cb 40
0x00007f13e0ae52a7:   81 e3 ff 00 00 00 48 8d 24 dc 41 0f b6 5d 03 49
0x00007f13e0ae52b7:   83 c5 03 49 ba 80 9c a2 f6 13 7f 00 00 41 ff 24
0x00007f13e0ae52c7:   da 48 8b 65 f0 48 c7 45 f0 00 00 00 00 4c 8b 6d
0x00007f13e0ae52d7:   c0 4c 8b 75 c8 41 0f b7 4d 01 48 8b 5d d0 c1 e1
0x00007f13e0ae52e7:   02 8b 5c cb 40 81 e3 ff 00 00 00 48 8d 24 dc 41
0x00007f13e0ae52f7:   0f b6 5d 03 49 83 c5 03 49 ba 80 94 a2 f6 13 7f
0x00007f13e0ae5307:   00 00 41 ff 24 da 48 8b 65 f0 48 c7 45 f0 00 00
0x00007f13e0ae5317:   00 00 4c 8b 6d c0 4c 8b 75 c8 41 0f b7 4d 01 48
0x00007f13e0ae5327:   8b 5d d0 c1 e1 02 8b 5c cb 40 81 e3 ff 00 00 00
0x00007f13e0ae5337:   48 8d 24 dc 41 0f b6 5d 03 49 83 c5 03 49 ba 80
0x00007f13e0ae5347:   8c a2 f6 13 7f 00 00 41 ff 24 da 48 8b 65 f0 48
0x00007f13e0ae5357:   c7 45 f0 00 00 00 00 4c 8b 6d c0 4c 8b 75 c8 41
0x00007f13e0ae5367:   0f b7 4d 01 48 8b 5d d0 c1 e1 02 8b 5c cb 40 81
0x00007f13e0ae5377:   e3 ff 00 00 00 48 8d 24 dc 41 0f b6 5d 03 49 83
0x00007f13e0ae5387:   c5 03 49 ba 80 84 a2 f6 13 7f 00 00 41 ff 24 da
0x00007f13e0ae5397:   48 8b 65 f0 48 c7 45 f0 00 00 00 00 4c 8b 6d c0
0x00007f13e0ae53a7:   4c 8b 75 c8 48 8b 5d d8 48 85 db 0f 84 87 00 00
0x00007f13e0ae53b7:   00 41 80 7d 00 ba 0f 84 1b 00 00 00 41 80 7d 00
0x00007f13e0ae53c7:   e9 0f 84 10 00 00 00 48 8b 4d e8 66 81 79 30 5b
0x00007f13e0ae53d7:   01 0f 85 61 00 00 00 48 8b c8 48 85 c9 75 07 48
0x00007f13e0ae53e7:   83 4b f8 01 eb 52 8b 49 08 49 ba 00 00 00 77 13
0x00007f13e0ae53f7:   7f 00 00 49 03 ca 48 33 4b f8 48 f7 c1 fc ff ff
0x00007f13e0ae5407:   ff 74 35 48 f7 c1 02 00 00 00 75 2c 48 81 7b f8
0x00007f13e0ae5417:   00 00 00 00 74 1e 48 81 7b f8 01 00 00 00 74 14
0x00007f13e0ae5427:   48 33 4b f8 48 f7 c1 fc ff ff ff 74 0b 48 83 4b
0x00007f13e0ae5437:   f8 02 eb 04 48 89 4b f8 41 0f b7 4d 01 48 8b 5d
0x00007f13e0ae5447:   d0 c1 e1 02 8b 5c cb 40 81 e3 ff 00 00 00 48 8d
0x00007f13e0ae5457:   24 dc 41 0f b6 5d 03 49 83 c5 03 49 ba 80 a4 a2
0x00007f13e0ae5467:   f6 13 7f 00 00 41 ff 24 da 48 8b 65 f0 48 c7 45
0x00007f13e0ae5477:   f0 00 00 00 00 4c 8b 6d c0 4c 8b 75 c8 41 0f b7
0x00007f13e0ae5487:   4d 01 48 8b 5d d0 c1 e1 02 8b 5c cb 40 81 e3 ff 

Stack slot to memory mapping:
stack at sp + 0 slots: 0x0000000085a77cd0 is an oop: java.lang.String 
{0x0000000085a77cd0} - klass: 'java/lang/String'
 - string: "id"
stack at sp + 1 slots: 0x0000000083e438c8 is an oop: java.lang.Runtime 
{0x0000000083e438c8} - klass: 'java/lang/Runtime'
 - ---- fields (total size 2 words):
stack at sp + 2 slots: 0x00007f1376afdea8 is pointing into the stack for thread: 0x00007f13f0b8be30
stack at sp + 3 slots: 0x00007f13be08b442 is pointing into metadata
stack at sp + 4 slots: 0x00007f1376afdf40 is pointing into the stack for thread: 0x00007f13f0b8be30
stack at sp + 5 slots: 0x00007f13be23bb80 is pointing into metadata
stack at sp + 6 slots: 0x0 is NULL
stack at sp + 7 slots: 0x0000000085b2cb38 is an oop: java.lang.Class 
{0x0000000085b2cb38} - klass: 'java/lang/Class'
 - ---- fields (total size 14 words):
 - private volatile transient 'classRedefinedCount' 'I' @12  0
 - private volatile transient 'cachedConstructor' 'Ljava/lang/reflect/Constructor;' @40  NULL (0)
 - private transient 'name' 'Ljava/lang/String;' @44  "com.xhstormr.app.UtilKt"{0x0000000085b2cbb8} (85b2cbb8)
 - private transient 'module' 'Ljava/lang/Module;' @48  a 'java/lang/Module'{0x00000000ffe58180} (ffe58180)
 - private final 'classLoader' 'Ljava/lang/ClassLoader;' @52  a 'jdk/internal/loader/ClassLoaders$AppClassLoader'{0x00000000ffe579f8} (ffe579f8)
 - private transient 'classData' 'Ljava/lang/Object;' @56  NULL (0)
 - private transient 'packageName' 'Ljava/lang/String;' @60  "com.xhstormr.app"{0x0000000087ede6d8} (87ede6d8)
 - private final 'componentType' 'Ljava/lang/Class;' @64  NULL (0)
 - private volatile transient 'reflectionData' 'Ljava/lang/ref/SoftReference;' @68  NULL (0)
 - private volatile transient 'genericInfo' 'Lsun/reflect/generics/repository/ClassRepository;' @72  NULL (0)
 - private volatile transient 'enumConstants' '[Ljava/lang/Object;' @76  NULL (0)
 - private volatile transient 'enumConstantDirectory' 'Ljava/util/Map;' @80  NULL (0)
 - private volatile transient 'annotationData' 'Ljava/lang/Class$AnnotationData;' @84  NULL (0)
 - private volatile transient 'annotationType' 'Lsun/reflect/annotation/AnnotationType;' @88  NULL (0)
 - transient 'classValueMap' 'Ljava/lang/ClassValue$ClassValueMap;' @92  NULL (0)
 - signature: Lcom/xhstormr/app/UtilKt;
 - fake entry for mirror: 'com/xhstormr/app/UtilKt'
 - fake entry for array: NULL
 - fake entry for oop_size: 14
 - fake entry for static_oop_field_count: 0

---------------  P R O C E S S  ---------------

Threads class SMR info:
_java_thread_list=0x00007f12bc001610, length=28, elements={
0x00007f13f0132290, 0x00007f13f0133680, 0x00007f13f0137e40, 0x00007f13f0139200,
0x00007f13f013a620, 0x00007f13f013bfe0, 0x00007f13f013d520, 0x00007f13f0146990,
0x00007f13f014e880, 0x00007f13f01514c0, 0x00007f13f0846610, 0x00007f1308003380,
0x00007f13f03335c0, 0x00007f13f04fb560, 0x00007f13f0d56e30, 0x00007f13f0d57cf0,
0x00007f13f0a5a5d0, 0x00007f13f0ba0e50, 0x00007f13f0ba22c0, 0x00007f13f0a44540,
0x00007f13f0a41100, 0x00007f13f0b8be30, 0x00007f13f0b8d2c0, 0x00007f13f06148e0,
0x00007f13f05fd560, 0x00007f13f0013650, 0x00007f1360000ea0, 0x00007f12bc000ce0
}

Java Threads: ( => current thread )
  0x00007f13f0132290 JavaThread "Reference Handler" daemon [_thread_blocked, id=6643, stack(0x00007f13c5dfe000,0x00007f13c5efe000)]
  0x00007f13f0133680 JavaThread "Finalizer" daemon [_thread_blocked, id=6644, stack(0x00007f13c5cfe000,0x00007f13c5dfe000)]
  0x00007f13f0137e40 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=6645, stack(0x00007f13c5bfe000,0x00007f13c5cfe000)]
  0x00007f13f0139200 JavaThread "Service Thread" daemon [_thread_blocked, id=6646, stack(0x00007f13c5afe000,0x00007f13c5bfe000)]
  0x00007f13f013a620 JavaThread "Monitor Deflation Thread" daemon [_thread_blocked, id=6647, stack(0x00007f13c59fe000,0x00007f13c5afe000)]
  0x00007f13f013bfe0 JavaThread "C2 CompilerThread0" daemon [_thread_blocked, id=6648, stack(0x00007f13c58fe000,0x00007f13c59fe000)]
  0x00007f13f013d520 JavaThread "C1 CompilerThread0" daemon [_thread_blocked, id=6649, stack(0x00007f13c57fe000,0x00007f13c58fe000)]
  0x00007f13f0146990 JavaThread "Sweeper thread" daemon [_thread_blocked, id=6650, stack(0x00007f13c56fe000,0x00007f13c57fe000)]
  0x00007f13f014e880 JavaThread "Notification Thread" daemon [_thread_blocked, id=6651, stack(0x00007f13c55fe000,0x00007f13c56fe000)]
  0x00007f13f01514c0 JavaThread "Common-Cleaner" daemon [_thread_blocked, id=6653, stack(0x00007f13c53fc000,0x00007f13c54fc000)]
  0x00007f13f0846610 JavaThread "Catalina-utility-1" [_thread_blocked, id=6669, stack(0x00007f13c4df6000,0x00007f13c4ef6000)]
  0x00007f1308003380 JavaThread "Catalina-utility-2" [_thread_blocked, id=6670, stack(0x00007f13c4af2000,0x00007f13c4bf2000)]
  0x00007f13f03335c0 JavaThread "container-0" [_thread_blocked, id=6671, stack(0x00007f13c43e6000,0x00007f13c44e6000)]
  0x00007f13f04fb560 JavaThread "http-nio-8080-exec-1" daemon [_thread_blocked, id=6672, stack(0x00007f13c42e6000,0x00007f13c43e6000)]
  0x00007f13f0d56e30 JavaThread "http-nio-8080-exec-2" daemon [_thread_blocked, id=6673, stack(0x00007f13c41e6000,0x00007f13c42e6000)]
  0x00007f13f0d57cf0 JavaThread "http-nio-8080-exec-3" daemon [_thread_blocked, id=6674, stack(0x00007f13c40e6000,0x00007f13c41e6000)]
  0x00007f13f0a5a5d0 JavaThread "http-nio-8080-exec-4" daemon [_thread_blocked, id=6675, stack(0x00007f1376f00000,0x00007f1377000000)]
  0x00007f13f0ba0e50 JavaThread "http-nio-8080-exec-5" daemon [_thread_blocked, id=6676, stack(0x00007f1376e00000,0x00007f1376f00000)]
  0x00007f13f0ba22c0 JavaThread "http-nio-8080-exec-6" daemon [_thread_blocked, id=6677, stack(0x00007f1376d00000,0x00007f1376e00000)]
  0x00007f13f0a44540 JavaThread "http-nio-8080-exec-7" daemon [_thread_blocked, id=6678, stack(0x00007f1376c00000,0x00007f1376d00000)]
  0x00007f13f0a41100 JavaThread "http-nio-8080-exec-8" daemon [_thread_blocked, id=6679, stack(0x00007f1376b00000,0x00007f1376c00000)]
=>0x00007f13f0b8be30 JavaThread "http-nio-8080-exec-9" daemon [_thread_in_Java, id=6680, stack(0x00007f1376a00000,0x00007f1376b00000)]
  0x00007f13f0b8d2c0 JavaThread "http-nio-8080-exec-10" daemon [_thread_blocked, id=6681, stack(0x00007f1376900000,0x00007f1376a00000)]
  0x00007f13f06148e0 JavaThread "http-nio-8080-Poller" daemon [_thread_in_native, id=6682, stack(0x00007f1376800000,0x00007f1376900000)]
  0x00007f13f05fd560 JavaThread "http-nio-8080-Acceptor" daemon [_thread_in_native, id=6683, stack(0x00007f1376700000,0x00007f1376800000)]
  0x00007f13f0013650 JavaThread "DestroyJavaVM" [_thread_blocked, id=6636, stack(0x00007f13f5265000,0x00007f13f5365000)]
  0x00007f1360000ea0 JavaThread "Attach Listener" daemon [_thread_blocked, id=6732, stack(0x00007f13c52fc000,0x00007f13c53fc000)]
  0x00007f12bc000ce0 JavaThread "Thread-6" [_thread_in_native, id=6706, stack(0x00007f12d57fd000,0x00007f12d5ffc000)]

Other Threads:
  0x00007f13f012e300 VMThread "VM Thread" [stack: 0x00007f13c5f00000,0x00007f13c6000000] [id=6642]
  0x00007f13f01501d0 WatcherThread [stack: 0x00007f13c54fe000,0x00007f13c55fe000] [id=6652]
  0x00007f13f006ed30 GCTaskThread "GC Thread#0" [stack: 0x00007f13f40de000,0x00007f13f41de000] [id=6637]
  0x00007f13700065e0 GCTaskThread "GC Thread#1" [stack: 0x00007f13c50fc000,0x00007f13c51fc000] [id=6656]
  0x00007f1370007010 GCTaskThread "GC Thread#2" [stack: 0x00007f13c4ffa000,0x00007f13c50fa000] [id=6657]
  0x00007f137000a310 GCTaskThread "GC Thread#3" [stack: 0x00007f13c4ef8000,0x00007f13c4ff8000] [id=6658]
  0x00007f137000eab0 GCTaskThread "GC Thread#4" [stack: 0x00007f13c4cf6000,0x00007f13c4df6000] [id=6660]
  0x00007f137000f350 GCTaskThread "GC Thread#5" [stack: 0x00007f13c4bf4000,0x00007f13c4cf4000] [id=6661]
  0x00007f137000e6c0 GCTaskThread "GC Thread#6" [stack: 0x00007f13c49f2000,0x00007f13c4af2000] [id=6663]
  0x00007f1370010540 GCTaskThread "GC Thread#7" [stack: 0x00007f13c48f0000,0x00007f13c49f0000] [id=6664]
  0x00007f1370010010 GCTaskThread "GC Thread#8" [stack: 0x00007f13c47ee000,0x00007f13c48ee000] [id=6665]
  0x00007f137000d620 GCTaskThread "GC Thread#9" [stack: 0x00007f13c44e8000,0x00007f13c45e8000] [id=6668]
  0x00007f13f007fb80 ConcurrentGCThread "G1 Main Marker" [stack: 0x00007f13d4ed3000,0x00007f13d4fd3000] [id=6638]
  0x00007f13f0080af0 ConcurrentGCThread "G1 Conc#0" [stack: 0x00007f13d4dd1000,0x00007f13d4ed1000] [id=6639]
  0x00007f13c8000ea0 ConcurrentGCThread "G1 Conc#1" [stack: 0x00007f13c46ec000,0x00007f13c47ec000] [id=6666]
  0x00007f13c8001cd0 ConcurrentGCThread "G1 Conc#2" [stack: 0x00007f13c45ea000,0x00007f13c46ea000] [id=6667]
  0x00007f13f0100310 ConcurrentGCThread "G1 Refine#0" [stack: 0x00007f13d42c5000,0x00007f13d43c5000] [id=6640]
  0x00007f13f0101200 ConcurrentGCThread "G1 Service" [stack: 0x00007f13d41c3000,0x00007f13d42c3000] [id=6641]

Threads with active compile tasks:

VM state: not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap address: 0x0000000083e00000, size: 1986 MB, Compressed Oops mode: 32-bit

CDS archive(s) mapped at: [0x00007f1377000000-0x00007f1377beb000-0x00007f1377beb000), size 12496896, SharedBaseAddress: 0x00007f1377000000, ArchiveRelocationMode: 1.
Compressed class space mapped at: 0x00007f1378000000-0x00007f13b8000000, reserved size: 1073741824
Narrow klass base: 0x00007f1377000000, Narrow klass shift: 0, Narrow klass range: 0x100000000

GC Precious Log:
 CPUs: 12 total, 12 available
 Memory: 7941M
 Large Page Support: Disabled
 NUMA Support: Disabled
 Compressed Oops: Enabled (32-bit)
 Heap Region Size: 1M
 Heap Min Capacity: 8M
 Heap Initial Capacity: 126M
 Heap Max Capacity: 1986M
 Pre-touch: Disabled
 Parallel Workers: 10
 Concurrent Workers: 3
 Concurrent Refinement Workers: 10
 Periodic GC: Disabled

Heap:
 garbage-first heap   total 61440K, used 46841K [0x0000000083e00000, 0x0000000100000000)
  region size 1024K, 30 young (30720K), 3 survivors (3072K)
 Metaspace       used 40979K, committed 41344K, reserved 1114112K
  class space    used 5370K, committed 5568K, reserved 1048576K

Heap Regions: E=young(eden), S=young(survivor), O=old, HS=humongous(starts), HC=humongous(continues), CS=collection set, F=free, OA=open archive, CA=closed archive, TAMS=top-at-mark-start (previous, next)
|   0|0x0000000083e00000, 0x0000000083f00000, 0x0000000083f00000|100%| O|  |TAMS 0x0000000083f00000, 0x0000000083e00000| Untracked 
|   1|0x0000000083f00000, 0x0000000084000000, 0x0000000084000000|100%| O|  |TAMS 0x0000000084000000, 0x0000000083f00000| Untracked 
|   2|0x0000000084000000, 0x0000000084100000, 0x0000000084100000|100%| O|  |TAMS 0x0000000084100000, 0x0000000084000000| Untracked 
|   3|0x0000000084100000, 0x0000000084200000, 0x0000000084200000|100%| O|  |TAMS 0x0000000084200000, 0x0000000084100000| Untracked 
|   4|0x0000000084200000, 0x0000000084300000, 0x0000000084300000|100%| O|  |TAMS 0x000000008423f400, 0x0000000084200000| Untracked 
|   5|0x0000000084300000, 0x0000000084400000, 0x0000000084400000|100%| O|  |TAMS 0x0000000084300000, 0x0000000084300000| Untracked 
|   6|0x0000000084400000, 0x000000008441be00, 0x0000000084500000| 10%| O|  |TAMS 0x0000000084400000, 0x0000000084400000| Untracked 
|   7|0x0000000084500000, 0x0000000084500000, 0x0000000084600000|  0%| F|  |TAMS 0x0000000084500000, 0x0000000084500000| Untracked 
|   8|0x0000000084600000, 0x0000000084600000, 0x0000000084700000|  0%| F|  |TAMS 0x0000000084600000, 0x0000000084600000| Untracked 
|   9|0x0000000084700000, 0x0000000084800000, 0x0000000084800000|100%| O|  |TAMS 0x0000000084800000, 0x0000000084700000| Untracked 
|  10|0x0000000084800000, 0x0000000084900000, 0x0000000084900000|100%| O|  |TAMS 0x0000000084900000, 0x0000000084800000| Untracked 
|  11|0x0000000084900000, 0x0000000084a00000, 0x0000000084a00000|100%| O|  |TAMS 0x0000000084a00000, 0x0000000084900000| Untracked 
|  12|0x0000000084a00000, 0x0000000084b00000, 0x0000000084b00000|100%| O|  |TAMS 0x0000000084b00000, 0x0000000084a00000| Untracked 
|  13|0x0000000084b00000, 0x0000000084c00000, 0x0000000084c00000|100%| O|  |TAMS 0x0000000084c00000, 0x0000000084b00000| Untracked 
|  14|0x0000000084c00000, 0x0000000084d00000, 0x0000000084d00000|100%|HS|  |TAMS 0x0000000084c00000, 0x0000000084c00000| Complete 
|  15|0x0000000084d00000, 0x0000000084e00000, 0x0000000084e00000|100%|HC|  |TAMS 0x0000000084d00000, 0x0000000084d00000| Complete 
|  16|0x0000000084e00000, 0x0000000084f00000, 0x0000000084f00000|100%|HC|  |TAMS 0x0000000084e00000, 0x0000000084e00000| Complete 
|  17|0x0000000084f00000, 0x0000000085000000, 0x0000000085000000|100%|HC|  |TAMS 0x0000000084f00000, 0x0000000084f00000| Complete 
|  18|0x0000000085000000, 0x0000000085100000, 0x0000000085100000|100%|HC|  |TAMS 0x0000000085000000, 0x0000000085000000| Complete 
|  19|0x0000000085100000, 0x0000000085200000, 0x0000000085200000|100%|HC|  |TAMS 0x0000000085100000, 0x0000000085100000| Complete 
|  20|0x0000000085200000, 0x0000000085200000, 0x0000000085300000|  0%| F|  |TAMS 0x0000000085200000, 0x0000000085200000| Untracked 
|  21|0x0000000085300000, 0x0000000085300000, 0x0000000085400000|  0%| F|  |TAMS 0x0000000085300000, 0x0000000085300000| Untracked 
|  22|0x0000000085400000, 0x0000000085400000, 0x0000000085500000|  0%| F|  |TAMS 0x0000000085400000, 0x0000000085400000| Untracked 
|  23|0x0000000085500000, 0x0000000085500000, 0x0000000085600000|  0%| F|  |TAMS 0x0000000085500000, 0x0000000085500000| Untracked 
|  24|0x0000000085600000, 0x0000000085600000, 0x0000000085700000|  0%| F|  |TAMS 0x0000000085600000, 0x0000000085600000| Untracked 
|  25|0x0000000085700000, 0x0000000085700000, 0x0000000085800000|  0%| F|  |TAMS 0x0000000085700000, 0x0000000085700000| Untracked 
|  26|0x0000000085800000, 0x0000000085800000, 0x0000000085900000|  0%| F|  |TAMS 0x0000000085800000, 0x0000000085800000| Untracked 
|  27|0x0000000085900000, 0x0000000085900000, 0x0000000085a00000|  0%| F|  |TAMS 0x0000000085900000, 0x0000000085900000| Untracked 
|  28|0x0000000085a00000, 0x0000000085a9a538, 0x0000000085b00000| 60%| E|  |TAMS 0x0000000085a00000, 0x0000000085a00000| Complete 
|  29|0x0000000085b00000, 0x0000000085c00000, 0x0000000085c00000|100%| E|CS|TAMS 0x0000000085b00000, 0x0000000085b00000| Complete 
|  30|0x0000000085c00000, 0x0000000085d00000, 0x0000000085d00000|100%| E|CS|TAMS 0x0000000085c00000, 0x0000000085c00000| Complete 
|  31|0x0000000085d00000, 0x0000000085e00000, 0x0000000085e00000|100%| E|CS|TAMS 0x0000000085d00000, 0x0000000085d00000| Complete 
|  32|0x0000000085e00000, 0x0000000085f00000, 0x0000000085f00000|100%| E|CS|TAMS 0x0000000085e00000, 0x0000000085e00000| Complete 
|  33|0x0000000085f00000, 0x0000000086000000, 0x0000000086000000|100%| E|  |TAMS 0x0000000085f00000, 0x0000000085f00000| Complete 
|  34|0x0000000086000000, 0x0000000086100000, 0x0000000086100000|100%| E|CS|TAMS 0x0000000086000000, 0x0000000086000000| Complete 
|  35|0x0000000086100000, 0x0000000086200000, 0x0000000086200000|100%| E|CS|TAMS 0x0000000086100000, 0x0000000086100000| Complete 
|  36|0x0000000086200000, 0x0000000086300000, 0x0000000086300000|100%| E|CS|TAMS 0x0000000086200000, 0x0000000086200000| Complete 
|  37|0x0000000086300000, 0x0000000086400000, 0x0000000086400000|100%| E|CS|TAMS 0x0000000086300000, 0x0000000086300000| Complete 
|  38|0x0000000086400000, 0x0000000086500000, 0x0000000086500000|100%| E|CS|TAMS 0x0000000086400000, 0x0000000086400000| Complete 
|  39|0x0000000086500000, 0x0000000086600000, 0x0000000086600000|100%| E|CS|TAMS 0x0000000086500000, 0x0000000086500000| Complete 
|  40|0x0000000086600000, 0x0000000086700000, 0x0000000086700000|100%| E|CS|TAMS 0x0000000086600000, 0x0000000086600000| Complete 
|  41|0x0000000086700000, 0x0000000086800000, 0x0000000086800000|100%| E|CS|TAMS 0x0000000086700000, 0x0000000086700000| Complete 
|  42|0x0000000086800000, 0x0000000086900000, 0x0000000086900000|100%| E|CS|TAMS 0x0000000086800000, 0x0000000086800000| Complete 
|  43|0x0000000086900000, 0x0000000086a00000, 0x0000000086a00000|100%| E|CS|TAMS 0x0000000086900000, 0x0000000086900000| Complete 
|  44|0x0000000086a00000, 0x0000000086b00000, 0x0000000086b00000|100%| E|CS|TAMS 0x0000000086a00000, 0x0000000086a00000| Complete 
|  45|0x0000000086b00000, 0x0000000086c00000, 0x0000000086c00000|100%| E|CS|TAMS 0x0000000086b00000, 0x0000000086b00000| Complete 
|  46|0x0000000086c00000, 0x0000000086d00000, 0x0000000086d00000|100%| E|CS|TAMS 0x0000000086c00000, 0x0000000086c00000| Complete 
|  47|0x0000000086d00000, 0x0000000086e00000, 0x0000000086e00000|100%| E|CS|TAMS 0x0000000086d00000, 0x0000000086d00000| Complete 
|  48|0x0000000086e00000, 0x0000000086f00000, 0x0000000086f00000|100%| E|CS|TAMS 0x0000000086e00000, 0x0000000086e00000| Complete 
|  49|0x0000000086f00000, 0x0000000087000000, 0x0000000087000000|100%| E|CS|TAMS 0x0000000086f00000, 0x0000000086f00000| Complete 
|  50|0x0000000087000000, 0x0000000087100000, 0x0000000087100000|100%| E|CS|TAMS 0x0000000087000000, 0x0000000087000000| Complete 
|  51|0x0000000087100000, 0x0000000087200000, 0x0000000087200000|100%| E|CS|TAMS 0x0000000087100000, 0x0000000087100000| Complete 
|  52|0x0000000087200000, 0x0000000087300000, 0x0000000087300000|100%| E|CS|TAMS 0x0000000087200000, 0x0000000087200000| Complete 
|  53|0x0000000087300000, 0x0000000087400000, 0x0000000087400000|100%| E|CS|TAMS 0x0000000087300000, 0x0000000087300000| Complete 
|  62|0x0000000087c00000, 0x0000000087ca7870, 0x0000000087d00000| 65%| S|CS|TAMS 0x0000000087c00000, 0x0000000087c00000| Complete 
|  63|0x0000000087d00000, 0x0000000087e00000, 0x0000000087e00000|100%| S|CS|TAMS 0x0000000087d00000, 0x0000000087d00000| Complete 
|  64|0x0000000087e00000, 0x0000000087f00000, 0x0000000087f00000|100%| S|CS|TAMS 0x0000000087e00000, 0x0000000087e00000| Complete 
| 125|0x000000008bb00000, 0x000000008bc00000, 0x000000008bc00000|100%| E|CS|TAMS 0x000000008bb00000, 0x000000008bb00000| Complete 
|1984|0x00000000ffe00000, 0x00000000ffe77000, 0x00000000fff00000| 46%|OA|  |TAMS 0x00000000ffe77000, 0x00000000ffe00000| Untracked 
|1985|0x00000000fff00000, 0x00000000fff84000, 0x0000000100000000| 51%|CA|  |TAMS 0x00000000fff84000, 0x00000000fff00000| Untracked 

Card table byte_map: [0x00007f13d91c4000,0x00007f13d95a5000] _byte_map_base: 0x00007f13d8da5000

Marking Bits (Prev, Next): (CMBitMap*) 0x00007f13f006f7b0, (CMBitMap*) 0x00007f13f006f7f0
 Prev Bits: [0x00007f13d6edb000, 0x00007f13d8de3000)
 Next Bits: [0x00007f13d4fd3000, 0x00007f13d6edb000)

Polling page: 0x00007f13f6c94000

Metaspace:

Usage:
  Non-class:     34.77 MB used.
      Class:      5.24 MB used.
       Both:     40.02 MB used.

Virtual space:
  Non-class space:       64.00 MB reserved,      34.94 MB ( 55%) committed,  1 nodes.
      Class space:        1.00 GB reserved,       5.44 MB ( <1%) committed,  1 nodes.
             Both:        1.06 GB reserved,      40.38 MB (  4%) committed. 

Chunk freelists:
   Non-Class:  12.58 MB
       Class:  10.61 MB
        Both:  23.19 MB

MaxMetaspaceSize: unlimited
CompressedClassSpaceSize: 1.00 GB
Initial GC threshold: 21.00 MB
Current GC threshold: 58.69 MB
CDS: on
MetaspaceReclaimPolicy: balanced
 - commit_granule_bytes: 65536.
 - commit_granule_words: 8192.
 - virtual_space_node_default_size: 8388608.
 - enlarge_chunks_in_place: 1.
 - new_chunks_are_fully_committed: 0.
 - uncommit_free_chunks: 1.
 - use_allocation_guard: 0.
 - handle_deallocations: 1.

Internal statistics:

num_allocs_failed_limit: 6.
num_arena_births: 310.
num_arena_deaths: 0.
num_vsnodes_births: 2.
num_vsnodes_deaths: 0.
num_space_committed: 646.
num_space_uncommitted: 0.
num_chunks_returned_to_freelist: 6.
num_chunks_taken_from_freelist: 1748.
num_chunk_merges: 6.
num_chunk_splits: 1276.
num_chunks_enlarged: 1033.
num_inconsistent_stats: 0.
XhstormR commented 1 year ago

carsh log: hs_err_pid6635.log hs_err_pid6540.log hs_err_pid6290.log

SchneiderSec commented 6 months ago

I had this issue as well, I switched to jdk-16.0.2+7 and while it's still buggy, am able to hook functions. If the application freezes just do %unload %load again until it works.