Index: lib/tsan/rtl/tsan_rtl_report.cc
===================================================================
--- lib/tsan/rtl/tsan_rtl_report.cc
+++ lib/tsan/rtl/tsan_rtl_report.cc
@@ -634,7 +634,27 @@
   const uptr kMop = 2;
   VarSizeStackTrace traces[kMop];
   uptr tags[kMop] = {kExternalTagNone};
-  const uptr toppc = TraceTopPC(thr);
+  uptr toppc = TraceTopPC(thr);
+  if (toppc >> 61) {
+    // This is a work-around for a known issue.
+    // The scenario where this happens is rather elaborate and requires
+    // an instrumented __sanitizer_report_error_summary callback and
+    // a __tsan_symbolize_external callback and a race during a range memory
+    // access larger than 8 bytes. MemoryAccessRange adds the current PC to
+    // the trace and starts processing memory accesses. A first memory access
+    // triggers a race, we report it and call the instrumented
+    // __sanitizer_report_error_summary, which adds more stuff to the trace
+    // since it is intrumented. Then a second memory access in MemoryAccessRange
+    // also triggers a race and we get here and call TraceTopPC to get the
+    // current PC, however now it contains some unrelated events from the
+    // callback. Most likely, TraceTopPC will now return a EventTypeFuncExit
+    // event. Later we subtract -1 from it (in GetPreviousInstructionPc)
+    // and the resulting PC has kExternalPCBit set, so we pass it to
+    // __tsan_symbolize_external. __tsan_symbolize_external is within its rights
+    // to crash since the PC is completely bogus.
+    // test/tsan/double_race.cc contains a test case for this.
+    toppc = 0;
+  }
   ObtainCurrentStack(thr, toppc, &traces[0], &tags[0]);
   if (IsFiredSuppression(ctx, typ, traces[0]))
     return;
Index: test/tsan/double_race.cc
===================================================================
--- test/tsan/double_race.cc
+++ test/tsan/double_race.cc
@@ -0,0 +1,48 @@
+// RUN: %clangxx_tsan -O1 %s -o %t && %deflake %run %t 2>&1 | FileCheck %s
+#include "test.h"
+#include <memory.h>
+
+// A reproducer for a known issue.
+// See reference to double_race.cc in tsan_rtl_report.cc for an explanation.
+
+char buf[16];
+volatile int nreport;
+
+void __sanitizer_report_error_summary(const char *summary) {
+  nreport++;
+}
+
+extern "C" bool __tsan_symbolize_external(unsigned long pc, char *func_buf,
+                               unsigned long func_siz, char *file_buf,
+                               unsigned long file_siz, int *line, int *col) {
+  if (pc >> 61) {
+    printf("bad PC passed to __tsan_symbolize_external: %lx\n", pc);
+    _exit(1);
+  }
+  return true;
+}
+
+void *Thread(void *arg) {
+  barrier_wait(&barrier);
+  memset(buf, 2, sizeof(buf));
+  return 0;
+}
+
+int main() {
+  barrier_init(&barrier, 2);
+  pthread_t t;
+  pthread_create(&t, 0, Thread, 0);
+  memset(buf, 1, sizeof(buf));
+  barrier_wait(&barrier);
+  pthread_join(t, 0);
+  return 0;
+}
+
+// CHECK: WARNING: ThreadSanitizer: data race
+// CHECK:   Write of size 8 at {{.*}} by thread T1:
+// CHECK:     #0 memset
+// CHECK:     #1 Thread
+// CHECK-NOT: bad PC passed to __tsan_symbolize_external
+// CHECK: WARNING: ThreadSanitizer: data race
+// CHECK:   Write of size 8 at {{.*}} by thread T1:
+// CHECK:     #0 Thread