Testing showed the following assert:

# Internal Error (/home/rkennke/src/openjdk/jdk/src/hotspot/share/oops/compressedOops.inline.hpp:54), pid=711923, tid=712264
# assert(!is_null(v)) failed: narrow oop value can never be zero

V [libjvm.so+0x1629c84] bool ShenandoahReferenceProcessor::should_discover<narrowOop>(oop, ReferenceType) const+0x404
V [libjvm.so+0x162a01b] bool ShenandoahReferenceProcessor::discover<narrowOop>(oop, ReferenceType, unsigned int)+0x4b
V [libjvm.so+0x16239e8] ShenandoahReferenceProcessor::discover_reference(oop, ReferenceType)+0x138
V [libjvm.so+0x15b7a26] bool InstanceRefKlass::try_discover<narrowOop, ShenandoahMarkRefsMetadataClosure>(oop, ReferenceType, ShenandoahMarkRefsMetadataClosure*)+0x96
V [libjvm.so+0x15b7b3d] void InstanceRefKlass::oop_oop_iterate_discovery<narrowOop, ShenandoahMarkRefsMetadataClosure, AlwaysContains>(oop, ReferenceType, ShenandoahMarkRefsMetadataClosure*, AlwaysContains&) [clone .constprop.696]+0x3d
V [libjvm.so+0x15b7ce1] void InstanceRefKlass::oop_oop_iterate_ref_processing<narrowOop, ShenandoahMarkRefsMetadataClosure, AlwaysContains>(oop, ShenandoahMarkRefsMetadataClosure*, AlwaysContains&)+0x81
V [libjvm.so+0x15b835e] void OopOopIterateDispatch<ShenandoahMarkRefsMetadataClosure>::Table::oop_oop_iterate<InstanceRefKlass, narrowOop>(ShenandoahMarkRefsMetadataClosure*, oop, Klass*)+0x1ee
V [libjvm.so+0x15a905e] void ShenandoahConcurrentMark::do_task<ShenandoahMarkRefsMetadataClosure>(Padded<BufferedOverflowTaskQueue<ShenandoahMarkTask, (MEMFLAGS)5, 131072u>, 128ul>*, ShenandoahMarkRefsMetadataClosure*, unsigned short*, ShenandoahMarkTask*)+0x7be
V [libjvm.so+0x15ab81e] void ShenandoahConcurrentMark::mark_loop_work<ShenandoahMarkRefsMetadataClosure, true>(ShenandoahMarkRefsMetadataClosure*, unsigned short*, unsigned int, TaskTerminator*)+0x3ce

We have this code in ShRefProc::should_discover():
  oop referent = CompressedOops::decode_not_null(heap_oop);

However, the referent can legally be NULL. We even treat NULL specially in is_inactive().