In BarrierSet::Access::atomic_cmpxchg_in_heap_at() we're calling Raw::oop_atomic_cmpxchg_at() which would attempt to treat the operation as oop or narrowOop, including (de-)compression of narrowOops. We need to call Raw::oop_atomic_cmpxchg() instead.

I suppose this hasn't blown up before because binding primitive Access API is currently disabled.