Testcase:

#include <new> struct X { X *p; }; struct Y { Y *p; }; union U { X head; Y tail; }; int main() { U u; new (&u) X{.p = 0}; new (&u) Y{.p = 0}; }

(reduced from libc++'s std::variant implementation). This results in a false-positive diagnostics with -fsanitize=type:

==1==ERROR: TypeSanitizer: type-aliasing-violation on address 0x7fffaf0dc548 (pc 0x5e6468605ff7 bp 0x7fffaf0dc4f0 sp 0x7fffaf0dc480 tid 1) WRITE of size 8 at 0x7fffaf0dc548 with type p1 _ZTS1Y (in Y at offset 0) accesses an existing object of type p1 _ZTS1X (in X at offset 0)  #0 0x5e6468605ff6 (/app/output.s+0x2aff6)

Adding an explicit u.head.~X() call before the second placement new doesn't make a difference. Presumably type sanitizer isn't properly modeling new expressions (nor destructor / pseudo-destructor calls).