JDK-8154580 introduced the storage of mirror in the interpreted frame. This needs to be reflected in SA. Without this, the offsets from which to read the various attributes like locals, bci , etc, in SA, became incorrect. 

From frame_x86.hpp, we have: 
...
71     interpreter_frame_last_sp_offset                 = interpreter_frame_sender_sp_offset - 1,
72     interpreter_frame_method_offset                  = interpreter_frame_last_sp_offset - 1,
73     interpreter_frame_mirror_offset                  = interpreter_frame_method_offset - 1,
74     interpreter_frame_mdp_offset                     = interpreter_frame_mirror_offset - 1,
75     interpreter_frame_cache_offset                   = interpreter_frame_mdp_offset - 1,
76     interpreter_frame_locals_offset                  = interpreter_frame_cache_offset - 1,
77     interpreter_frame_bcp_offset                     = interpreter_frame_locals_offset - 1,
...

This does not match with what we have in share/classes/sun/jvm/hotspot/runtime/x86/X86Frame.java. 

77     INTERPRETER_FRAME_MDX_OFFSET                  = INTERPRETER_FRAME_METHOD_OFFSET - 1;
78     INTERPRETER_FRAME_CACHE_OFFSET                = INTERPRETER_FRAME_MDX_OFFSET - 1;
79     INTERPRETER_FRAME_LOCALS_OFFSET               = INTERPRETER_FRAME_CACHE_OFFSET - 1;
80     INTERPRETER_FRAME_BCX_OFFSET                  = INTERPRETER_FRAME_LOCALS_OFFSET - 1;

The issue gets manifested like this (From Yasumasa's mail):
(http://mail.openjdk.java.net/pipermail/serviceability-dev/2016-August/020077.html)

1. AssertionFailure: illegal bci
    I saw error stack as below with JDK 9 EA b129 Linux x64:
-------------------
0x00007fe06bd270c2      * java.lang.Object.wait(long) bci:-520544688 (Interpreted frame)
0x00007fe06bd1a443      sun.jvm.hotspot.utilities.AssertionFailure: illegal bci
         at sun.jvm.hotspot.utilities.Assert.that(jdk.hotspot.agent@9-ea/Assert.java:32)
         at sun.jvm.hotspot.oops.ConstMethod.getLineNumberFromBCI(jdk.hotspot.agent@9-ea/ConstMethod.java:297)
         at sun.jvm.hotspot.oops.Method.getLineNumberFromBCI(jdk.hotspot.agent@9-ea/Method.java:282)
         at sun.jvm.hotspot.tools.PStack.getJavaNames(jdk.hotspot.agent@9-ea/PStack.java:239)
         at sun.jvm.hotspot.tools.PStack.run(jdk.hotspot.agent@9-ea/PStack.java:112)
-------------------
==========================================
The following change from Yasumasa fixes this for x86.

diff -r 5acd2b561936 src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/runtime/x86/X86Frame.java
--- a/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/runtime/x86/X86Frame.java     Tue Aug 02 20:55:27 2016 -0700
+++ b/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/runtime/x86/X86Frame.java     Wed Aug 03 23:42:36 2016 +0900
@@ -48,7 +48,7 @@
    private static final int SENDER_SP_OFFSET           =  2;

    // Interpreter frames
-  private static final int INTERPRETER_FRAME_MIRROR_OFFSET    =  2; // for native calls only
+  private static int INTERPRETER_FRAME_MIRROR_OFFSET;
    private static final int INTERPRETER_FRAME_SENDER_SP_OFFSET = -1;
    private static final int INTERPRETER_FRAME_LAST_SP_OFFSET   = INTERPRETER_FRAME_SENDER_SP_OFFSET - 1;
    private static final int INTERPRETER_FRAME_METHOD_OFFSET    = INTERPRETER_FRAME_LAST_SP_OFFSET - 1;
@@ -74,7 +74,8 @@
    }

    private static synchronized void initialize(TypeDataBase db) {
-    INTERPRETER_FRAME_MDX_OFFSET                  = INTERPRETER_FRAME_METHOD_OFFSET - 1;
+    INTERPRETER_FRAME_MIRROR_OFFSET               = INTERPRETER_FRAME_METHOD_OFFSET - 1;
+    INTERPRETER_FRAME_MDX_OFFSET                  = INTERPRETER_FRAME_MIRROR_OFFSET - 1;
      INTERPRETER_FRAME_CACHE_OFFSET                = INTERPRETER_FRAME_MDX_OFFSET - 1;
      INTERPRETER_FRAME_LOCALS_OFFSET               = INTERPRETER_FRAME_CACHE_OFFSET - 1;
      INTERPRETER_FRAME_BCX_OFFSET                  = INTERPRETER_FRAME_LOCALS_OFFSET - 1;
-----------------