java.lang.ClassLoader.defineClass allows a null class name.
If the class name is null, a NULL handle is used in the implementation of the ClassFileLoadHook. This NULL causes the VM to crash.
There is no work-around in the agent -- the crash occurs before the event handler is called.
Since both java.lang.instrument and the hprof demo tool use the ClassFileLoadHook they are both impacted by this.
A known real-world occurrance of this is the xalan XML parser which generates classes on the fly and loads them with a null name.
The fix is trivial, simply the addition of a NULL check -- see suggested fix.