ASAN (AddressSanitizer) binaries crash with SIGSEGV intermittently during initialization on WSL2

[ttuurrnn]

Windows Version

Microsoft Windows [Version 10.0.22631.4169]

WSL Version

2.6.3.0

Are you using WSL 1 or WSL 2?

• WSL 2
• WSL 1

Kernel Version

Linux version 6.6.87.2-microsoft-standard-WSL2

Distro Version

Ubuntu 22.04.5 LTS

Other Software

Clang/LLVM 14.0.0 (Ubuntu clang version 14.0.0-1ubuntu1.1)
AFL++ 4.33c

Repro Steps

1. Create a minimal C file:

   cat > test_asan.c << 'EOF'
   int main() { return 0; }
   EOF

2. Compile with ASAN:

   clang -fsanitize=address -g test_asan.c -o test_asan

3. Run 20 times in a loop:

   for i in $(seq 1 20); do
   ./test_asan 2>/dev/null || echo "CRASH run $i (exit $?)"
   done

Expected Behavior

All 20 runs should exit with code 0.
A program that does nothing (main returns 0) should never crash.

Actual Behavior

~30% of runs exit with SIGSEGV (exit 139), with no ASAN output.

Root cause (identified via strace): ASAN shadow memory initialization
uses mmap(MAP_FIXED) to reserve specific virtual address ranges:

mmap(0x603000000000, ..., MAP_FIXED, ...)
mmap(0x603e00000000, ..., MAP_FIXED, ...)
mmap(0x60b000000000, ..., MAP_FIXED, ...)
... (several more fixed-address mappings)

On successful runs, all mappings succeed. On failing runs,
WSL2's ASLR has already placed other mappings at these addresses,
causing MAP_FIXED to fail → SIGSEGV during ASAN initialization,
before any user code executes.

Note: The bug does not reproduce under strace (strace changes the
memory layout, avoiding the conflict).

Setting ASAN_OPTIONS=detect_leaks=0 does NOT fix the issue.

Diagnostic Logs

[github-actions]

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise, please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The script will output the path of the log file once done.

If this is a networking issue, please use .\collect-wsl-logs.ps1 -LogProfile networking instead, following the instructions in Collect WSL logs for networking issues

Once completed please upload the output files to this GitHub issue.

See Collect WSL logs (recommended method).

If you choose to email these logs instead of attaching them to the bug, please send them to wsl-gh-logs@microsoft.com with the GitHub issue number in the subject, and include a link to your GitHub issue comment in the message body, and reply with '/emailed-logs'.

[ttuurrnn]

WslLogs-2026-04-13_10-01-39.zip

[github-actions]

The log file doesn't contain any WSL traces. Please make sure that you reproduced the issue while the log collection was running.

Diagnostic information

Detected appx version: 2.6.3.0
Found no WSL traces in the logs

[ttuurrnn]

WslLogs-2026-04-13_10-05-14.zip

[github-actions]

The log file doesn't contain any WSL traces. Please make sure that you reproduced the issue while the log collection was running.

Diagnostic information

Detected appx version: 2.6.3.0
Found no WSL traces in the logs

[ttuurrnn]

N/A — This bug occurs within Linux userspace (ASAN shadow memory
initialization). WSL ETW traces do not capture this layer.
The terminal output screenshot above is the primary evidence.