Chasing down the root cause of JDK-8372498, I have narrowed down the root cause to the commit https://github.com/openjdk/jdk/commit/f8cf9ca69cfef286c80559bfe1d147b6303d10d2

It is caused by the behavior change from follow code:

Original:
```
  if (ShenandoahSATBBarrier) {
    T* array = dst;
    HeapWord* array_addr = reinterpret_cast<HeapWord*>(array);
    ShenandoahHeapRegion* r = _heap->heap_region_containing(array_addr);
    if (is_old_marking) {
      // Generational, old marking
      assert(_heap->mode()->is_generational(), "Invariant");
      if (r->is_old() && (array_addr < _heap->marking_context()->top_at_mark_start(r))) {
        arraycopy_work<T, false, false, true>(array, count);
      }
    } else if (_heap->mode()->is_generational()) {
      // Generational, young marking
      if (r->is_old() || (array_addr < _heap->marking_context()->top_at_mark_start(r))) {
        arraycopy_work<T, false, false, true>(array, count);
      }
    } else if (array_addr < _heap->marking_context()->top_at_mark_start(r)) {
      // Non-generational, marking
      arraycopy_work<T, false, false, true>(array, count);
    }
  }
```
New:
```
  if (ShenandoahSATBBarrier) {
    if (!_heap->marking_context()->allocated_after_mark_start(reinterpret_cast<HeapWord*>(dst))) {
      arraycopy_work<T, false, false, true>(dst, count);
    }
  }
```

With the new STAB barrier code for arraycopy_marking, if is it young GC and the array is in old region, but array is above TAMS(Old GC may not be started, TAMS of old region is not captured), arraycopy_work won't be applied anymore, so we may have missed some pointers in SATB in such case during concurrent young GC.