--- old/src/hotspot/share/runtime/sharedRuntime.cpp	2019-12-11 14:52:21.000000000 -0500
+++ new/src/hotspot/share/runtime/sharedRuntime.cpp	2019-12-11 14:52:21.000000000 -0500
@@ -63,8 +63,10 @@
 #include "runtime/interfaceSupport.inline.hpp"
 #include "runtime/java.hpp"
 #include "runtime/javaCalls.hpp"
+#include "runtime/objectMonitor.hpp"
 #include "runtime/sharedRuntime.hpp"
 #include "runtime/stubRoutines.hpp"
+#include "runtime/synchronizer.hpp"
 #include "runtime/vframe.inline.hpp"
 #include "runtime/vframeArray.hpp"
 #include "utilities/copy.hpp"
@@ -3111,9 +3113,13 @@
        kptr2 = fr.next_monitor_in_interpreter_frame(kptr2) ) {
     if (kptr2->obj() != NULL) {         // Avoid 'holes' in the monitor array
       BasicLock *lock = kptr2->lock();
+      // Disallow async deflation of the inflated monitor so the
+      // displaced header stays stable until we've copied it.
+      ObjectMonitorHandle omh;
       // Inflate so the displaced header becomes position-independent
-      if (lock->displaced_header().is_unlocked())
-        ObjectSynchronizer::inflate_helper(kptr2->obj());
+      if (lock->displaced_header().is_unlocked()) {
+        ObjectSynchronizer::inflate_helper(&omh, kptr2->obj());
+      }
       // Now the displaced header is free to move
       buf[i++] = (intptr_t)lock->displaced_header().value();
       buf[i++] = cast_from_oop<intptr_t>(kptr2->obj());