<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/117476>117476</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [LSAN] macOS: Leak sanitizer hangs or crashes when using with AppKit
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          madsmtm
      </td>
    </tr>
</table>

<pre>
    Building and running the following program under LeakSanitizer on macOS crashes with "bad pointer" on both Aarch64 and x86_64 Rosetta.

```objective-c
// foo.m
#import <AppKit/AppKit.h>

int main() {
    [NSApplication sharedApplication];
    return 0;
}
```

I tested this in a virtual machine as well, this problem is present in at least macOS 13.7.1, macOS 14.7.1 and macOS 15.1.1.

<details><summary>Full backtrace on macOS 15.1.1 (build 24B91)</summary>
<p>

```console
$ echo """
#import <AppKit/AppKit.h>

int main() {
    [NSApplication sharedApplication];
    return 0;
}
""" > foo.m
$ /opt/homebrew/opt/llvm/bin/clang -framework AppKit -fsanitize=leak foo.m
$ lldb ./a.out
(lldb) target create "./a.out"
Current executable set to './a.out' (arm64).
(lldb) r
Process 3758 launched: './a.out' (arm64)
a.out(3758,0x1f37a7840) malloc: nano zone abandoned due to inability to reserve vm space.
LeakSanitizer: bad pointer 0x9ce7e5f09a407d7c
LeakSanitizer: CHECK failed: sanitizer_allocator_secondary.h:177 "((IsAligned(reinterpret_cast<uptr>(p), page_size_))) != (0)" (0x0, 0x0) (tid=19136)
Process 3758 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
 frame #0: 0x000000018e65a600 libsystem_kernel.dylib`__pthread_kill + 8
libsystem_kernel.dylib`__pthread_kill:
->  0x18e65a600 <+8>:  b.lo 0x18e65a620    ; <+40>
    0x18e65a604 <+12>: pacibsp 
    0x18e65a608 <+16>: stp    x29, x30, [sp, #-0x10]!
    0x18e65a60c <+20>: mov    x29, sp
Target 0: (a.out) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
  * frame #0: 0x000000018e65a600 libsystem_kernel.dylib`__pthread_kill + 8
    frame #1: 0x000000018e692f70 libsystem_pthread.dylib`pthread_kill + 288
    frame #2: 0x000000018e59f908 libsystem_c.dylib`abort + 128
    frame #3: 0x0000000100199a0c libclang_rt.lsan_osx_dynamic.dylib`__sanitizer::Abort() + 80
    frame #4: 0x000000010019904c libclang_rt.lsan_osx_dynamic.dylib`__sanitizer::Die() + 104
    frame #5: 0x0000000100199160 libclang_rt.lsan_osx_dynamic.dylib`__sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) + 152
    frame #6: 0x00000001001a7e10 libclang_rt.lsan_osx_dynamic.dylib`__sanitizer::CombinedAllocator<__sanitizer::SizeClassAllocator64<__lsan::AP64<__sanitizer::LocalAddressSpaceView>>, __sanitizer::LargeMmapAllocatorPtrArrayDynamic>::GetMetaData(void const*) + 348
    frame #7: 0x00000001001a7298 libclang_rt.lsan_osx_dynamic.dylib`__lsan::lsan_mz_size(void const*) + 28
 frame #8: 0x000000018e4a29c8 libsystem_malloc.dylib`malloc_size + 124
 frame #9: 0x000000018e81d734 CoreFoundation`____CFBinaryPlistCreateObjectFiltered_block_invoke + 192
 frame #10: 0x000000018e730820 CoreFoundation`__CFBinaryPlistCreateObjectFiltered + 996
    frame #11: 0x000000018e81e020 CoreFoundation`__CFPropertyListCreateFilteredDictionary + 1896
    frame #12: 0x000000018e73183c CoreFoundation`__CFBinaryPlistCreateObjectFiltered + 5120
    frame #13: 0x000000018e7b7f0c CoreFoundation`_CFPropertyListCreateFiltered + 268
 frame #14: 0x000000018e8b4eec CoreFoundation`__CFBundleCreateStringsFromPlistData + 116
    frame #15: 0x000000018e8b4ba4 CoreFoundation`_loadStringsFromData + 348
    frame #16: 0x000000018e8b43ac CoreFoundation`_loadStringsInOrder + 176
    frame #17: 0x000000018e8b28c0 CoreFoundation`_copyStringTable + 848
    frame #18: 0x000000018e8b20f0 CoreFoundation`_CFBundleCopyLocalizedStringForLocalizationTableURLAndMarkdownOption + 204
    frame #19: 0x000000018e761718 CoreFoundation`_CFCopyLocalizedVersionKey + 196
    frame #20: 0x000000018e761420 CoreFoundation`_CFCopyVersionDictionary + 196
    frame #21: 0x000000018e76133c CoreFoundation`___CFCopySystemVersionDictionary_block_invoke + 48
 frame #22: 0x000000018e4e0658 libdispatch.dylib`_dispatch_client_callout + 20
    frame #23: 0x000000018e4e1ea0 libdispatch.dylib`_dispatch_once_callout + 32
    frame #24: 0x000000018e761308 CoreFoundation`_CFCopySystemVersionDictionary + 92
 frame #25: 0x0000000194173fc0 libMobileGestalt.dylib`___lldb_unnamed_symbol1339 + 52
    frame #26: 0x000000019417f2e0 libMobileGestalt.dylib`___lldb_unnamed_symbol1784 + 28
 frame #27: 0x000000019418a394 libMobileGestalt.dylib`___lldb_unnamed_symbol2288 + 20
    frame #28: 0x00000001941777a0 libMobileGestalt.dylib`___lldb_unnamed_symbol1405 + 516
    frame #29: 0x000000019417376c libMobileGestalt.dylib`MGGetBoolAnswer + 36
    frame #30: 0x0000000194198360 libMobileGestalt.dylib`___lldb_unnamed_symbol2587 + 64
 frame #31: 0x0000000194190190 libMobileGestalt.dylib`___lldb_unnamed_symbol2472 + 120
    frame #32: 0x0000000194182b88 libMobileGestalt.dylib`___lldb_unnamed_symbol1943 + 128
    frame #33: 0x00000001941776a0 libMobileGestalt.dylib`___lldb_unnamed_symbol1405 + 260
    frame #34: 0x000000019297c86c AppKit`__NSUserAccentColorGetHardwareAccentColorName_block_invoke + 196
 frame #35: 0x000000018e4e0658 libdispatch.dylib`_dispatch_client_callout + 20
    frame #36: 0x000000018e4e1ea0 libdispatch.dylib`_dispatch_once_callout + 32
    frame #37: 0x000000019297c9dc AppKit`__NSUserAccentHasHardwareColor_block_invoke + 96
    frame #38: 0x000000018e4e0658 libdispatch.dylib`_dispatch_client_callout + 20
    frame #39: 0x000000018e4e1ea0 libdispatch.dylib`_dispatch_once_callout + 32
    frame #40: 0x000000019227330c AppKit`NSColorGetUserAccentColor + 364
    frame #41: 0x0000000192293044 AppKit`+[NSAppearance _aquaAppearance] + 64
 frame #42: 0x0000000192271cd0 AppKit`+[NSAppearance appearanceNamed:] + 32
    frame #43: 0x0000000192271324 AppKit`-[NSSystemAppearanceProxy init] + 124
    frame #44: 0x0000000192271298 AppKit`__38+[NSSystemAppearanceProxy systemProxy]_block_invoke + 24
 frame #45: 0x000000018e4e0658 libdispatch.dylib`_dispatch_client_callout + 20
    frame #46: 0x000000018e4e1ea0 libdispatch.dylib`_dispatch_once_callout + 32
    frame #47: 0x000000019227127c AppKit`+[NSSystemAppearanceProxy systemProxy] + 64
 frame #48: 0x0000000192271208 AppKit`-[NSApplication(NSApplicationAppearance_Internal) _registerForAppearanceNotifications] + 32
    frame #49: 0x000000019226ee24 AppKit`-[NSApplication init] + 908
    frame #50: 0x000000019226e8cc AppKit`+[NSApplication sharedApplication] + 128
 frame #51: 0x0000000100003f84 a.out`main + 52
    frame #52: 0x000000018e310274 dyld`start + 2840
```

</p>
</details>

The crash seems to be in:

https://github.com/llvm/llvm-project/blob/c4d656a4e992648f3490536336c230041c74dc38/compiler-rt/lib/sanitizer_common/sanitizer_allocator_secondary.h#L175-L178

Clang version: (I'm using the Clang from Homebrew here, because Apple's bundled Clang does not have LeakSanitizer enabled. The problem also reproduces with the Clang from Nixpkgs, and with `rustc`)
```
Homebrew clang version 19.1.4
Target: arm64-apple-darwin24.1.0
Thread model: posix
InstalledDir: /opt/homebrew/Cellar/llvm/19.1.4/bin
Configuration file: /opt/homebrew/etc/clang/arm64-apple-darwin24.cfg
```

Let me know if there's anything else I can do to resolve this!
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzMWltz46i2_jXkhYoLgazLQx4cp93TNemersns_epCaNlmB4E2oCTuX38KJF9iKenpPj2nTlc6kfDS97GugJa5c3KrAW7Q_BbN765453fG3jS8do1vripT729uO6lqqbeY6xrbTutw7XeAN0Yp8xzuWmu2lje40zVYfA_88YFr6eU3sNho3HDxxwMWlrsdOPws_Q4jSite49ZI7cEiSoNcZfwOL7gVuyyNbC9Fts5S_Kdx4D2fIXKHyGL4nZH-x1T_AeHlE1yL4RO6QnSFN8bMmsMIk01rrMeILRdt-7v0iK76i9kOsQ_nwFJ73HCpES0QLTHKb_txjDFG89svD4u2VVJwL43Gbsct1GcjaH6H2NkTFnxnNSbHQZTfXShwTv4Je3Aeaux30mGpMcdP0vqOq2DEndSAucPPoBSiy16otaZS0OB4CQ60j895rIA7P9g-YbN8loRnhvs03EcbDwPzWTJLXluYLWvwXCoXLMSWrmsabveIfVh1SuGKi0dvuYCTh3sQjGhRhZjBNL0tE0RLxJaIrk7PH_HbC9sfbSKMdkbBwX0pBrEzIWiGn__Hbj3MESP24XUQphjRlWnDJHemgcrC83FAqacG0VUVJrgSiustvt5Y3sCzsY-41wlfb9yQVojdKeCPl_hK1RWeIbriM9P5w3gRhoPSntsteCwscA_BmifRg02XnbUhhOAFROd5pQA78NgH4-dn4nnwMrdNliJazkZMth_5ao0A5zDL5wVWvNNiBzVii_fA-ieHT4rwJKJL8pJsWM7zIiUBvuFKGRGANNcGfzMhLyqua6OhxnUHYcJS80oq6ffhJmSGfQL81GDXcgHDlF-VqoB3VpQweSkF5DDfkJKnJK9z8cZDy98-LH_HGy5Vr93BS3Yd58m9sWsHwuia232IzEWS5300F4gWn9xChSpcI1pYiNytBb8W3HnEll3rbQhmWrTBPHSJW76FtZPfYB0HyhjQNEHsLhiSxBEaL19IkI9_gkjhZY3YXVImLDua-pWTnDdtC_XBoQvsdxZ4jRFlsXz8t4MOcM-UC9PMeNsqmIXMuu5FEc2DYADCFrgzOoqHdYYr_PDp4-L2z7-GTIoRHrBJMBt5If2_pIBszjNCsJKV2zsPzfoRrAY1q_dKVigj63Xb060fpVIY0Vtc9KB_8xHEhsJwHfIUk5cTaSxXt0WseguMq5kyp88piRWD3Q5iKTkWmvDBCScdBBI6ALVcyMq1eEq4OAhng7DzbZB46R3-wqIf0fzWtfGCsmvykpBQlmgyBSgGQEoGwMY8nQG6tn_or74ikD4niyHrykMYjBO78v9HoYEDwz8RH8EKR9xkhFvSTX6OO8AcgUewtJgCppfA83JTkuIMWBwheRXXMHqLEzqFxV5jEZKUJSciYMWVYm39TDmu18a9rOu95o0UZ4ZwZ6UKscUisB1WwWAWMkGZTlCS9Gcp7yScESYknWCcTzAmGflJxuUOxOOqL8i0EDtucdhSeEQXIQKl9uHPaLzTcTtcY2X0Nv56a3RQZU4nVMlGqvAckp9WxTSV1FAvDksJYsuR0IP8BkvFnTtKZWmUCzyD378OQxeP3hvB1aKuLTj3EJbGf0t4jkXjQ1B-LB9KxueGt0eqr94urOX7u16VvuAgtvgI_jN4fsc9R7R4MrI-M3ZvQJZOBXw-YUBaFn_XgCedo1DzLa6Vb03hmHJH-uIyd1NOS3Geu_3-40jZ30aWIY3TS8zyErNI6pyleGksrEyn636bGaa_Xi9Xt1Jzu_-qpPPLuFv7I55yVlJ5sFCvK2XE41rqJ_M4UJb0kjIZFc2ckYKSKc7vMkaSssymauioiBYJkLd4vlrTgvX7-yPRgeJOiiDH7b7XqJhmG1XWnCUFEz-v1TyhUyUwYSOiKt-QKaL3tOpjLBsFWZKOrFalAG_p0elaQY_84K3UW7eypomKhfzqLZZMGmw-QVTxqdBThtdn6Efg6SxNsglgxqc0OAP-pP-wNdh-wvnkhPMxLi3EVDwJ0-573L_iUSWuZ9OTHSV1UVGymQI9Wtu0-1gc5TcYZr8ydhiJ0pH0X3_eL3T9mdvH2jzrP9p4gIxOn1znklElyLMkT4rJibyawr_BOmn07zDkx2R60HHSZ0k6mYw9_IB6mXzT4KNMz7OETefeAP8QC-aIZFzA0lGG0FGmp0CyeazDtXQt92J3qvqHkbVQEnQ4PCllOj94YkqZUX6nkAAn34E3WsArcDa1BaCj7A6WIm97-Q079WV3VNrpRU6XaZKzjYhz_2wqqeAjOM-VP1sV12ELv-605g3Ua7dvKqMSxvpFcHIfQ7Mxy4bCj7PkRfrGUkvzEUXBWZn-KAWlRfGOq4uxInnOf1yRlMyHJWMyPcoJr-SZeJvm88eP4G-NUQvtnoeiyKagLw9AZZqUBct-WAM6L_LIko12KJdnoUBBkvLHKdKcDrugKV9cnoyCx2lVFD_sizJl752Z2ITLs_-Fy2k2qc1Fnpe0zEWRieGNXYT98vAvB3YhBGi_NMrYj-B_47Z-5hbORr_wBqb2ddnIUaMF_ZfWxcvjyy-ti5db-2ivsn7TXr9xdzBVNNLYQJML1cQW_peaaLSG_0ITpZepTmnOGDkz0ZeHQxhdBNZQP6a2HelldlNaMpKmJ1REbw_vwYFbrgXgNf9vx0_3aH73Ru1IL5Oa0jwRNXkXnR8vQ-jX4cQ2EEzb5TKjAwejZxpcR4Z-JT3xfLXmZY-llv4AfzqevcIfpTLNk3DqPAtNVhz0mGbpj4fxGs3vxsE6Phem_2wyp_9kMqejZA4Wy8XY63_HWm-F1uXaHUlIcen282YNLV7dn3jXn7QHq7kKh_-1ha10HuzK2JPIF-PlZnjQvR-Ql8s9pRnAOCDPG0vnYViSqYVrPk7_DAoxYdTvNawuVscTQ3L5eoUQtilS3L_9zUjDpX57VzgfbctZQmie4nqvapQR5_nwNpMWKXmn19l3BdvzfiCiq7OW45nsXzvo-8fYATQOe4MrwFIf3-L3v3fety6MxRbwVvpdV82EaU4NtvDnurXmPyA8oqtKmQrRlUjrbJ7xFMqSZmmxYWlJ5ixjLBOUEZImIk9rEbJ_JUzTSgX22sa2nQyPn_o9wjRNCMDV91pAlN0n-fz6PsmLcwWWsfP31B8DhpfynxDNG9y5Q9u9l9lY0-DfhjYi3oEFRJe4AsE7ByFYFCCaO1zFs2w9PFUbcFgbj3f8CS4a9aDDcbae4WDsQ1eZK2ewhdaauhOH5v3FLL7Il_Zx6wI_1_XQ38-I7ZwXMV7LySg4Tl6cK42TcpbM0vP2RLBD7A5ex47Cdc3ts9Q0nSUzcgiP2IloTA0qtlqMky9DR12HbZ6C-k7a3qDjFuwSlOL2FCTDFPp2bO8Xozdy29k-2zZSwVtY4MWhg4voanLaYrN9Jy3uweMG8KM2z1hugq1t70mu934XggCUA_wJC65xbYbmplFPEL8PgGhyVd-wumQlv4KbJGc0TbOUlFe7G1FVYpNwXgshSEXmfF6wqqwywoEmScKu5A0lNE2S8J9kaTmjaSpKWkCdVJukohVKCTRcqlmw1MzY7ZV0roObJMnTPLtSvALl4pdJKNXwjOOniFI0v7uyNzH5qm7rUEqUdN6dYLz0Kn4L5f5h8SUUr_iNgmDkEKSnjirecb112NjT10l2oIfsiJHX18mrzqqbHy4HcbouRECvz9MN_Z8AAAD__wMzhlU">