While doing a lot of SA debugging, which included adding code that did frequent lookups of random register values in the the CodeCache, on occasion I would see the following assert triggered in CodeCache.findBlobUnsafe():

    if (Assert.ASSERTS_ENABLED) {
      // The HeapBlock that contains this blob is outside of the blob
      // but it shouldn't be an error to find a blob based on the
      // pointer to the HeapBlock.
      Assert.that(result.blobContains(start) || result.blobContains(start.addOffsetTo(8)),
                        "found wrong CodeBlob");

    }

This is asserting that the CodeBlob found really does contain the address being looked up. After dumping the contents of the CodeBlob to see why it sometimes asserts, it became apparent that the address provided is always 16 bytes before the start of the CodeBlob. The check for result.blobContains(start.addOffsetTo(8)) is there in case you are dealing with a pointer to the HeapBlock that was allocated for the CodeBlob. The HeapBlock has a header, and the CodeBlob starts after the header. For 32 bit systems the header is 8 bytes. For 64-bit it is 16 bytes. Using (2 * addressSize) seems to be the simplest fix.

https://hg.openjdk.java.net/jdk/jdk/file/87828d2e32fe/src/hotspot/share/memory/heap.hpp#l35
https://hg.openjdk.java.net/jdk/jdk/file/87828d2e32fe/src/hotspot/share/memory/heap.cpp#l283