Comment 8 for bug 1535898

The crash you're hitting is something very different than what valgrind is finding (though I agree technically valgrind is correct in pointing this out, and it looks as though some of it is addressed upstream).

Program terminated with signal SIGSEGV, Segmentation fault.
#0 malloc_consolidate (av=av@entry=0x7f9aa4000020) at malloc.c:4151
[Current thread is 1 (LWP 3163)]
(gdb) bt full
#0 malloc_consolidate (av=av@entry=0x7f9aa4000020) at malloc.c:4151
        fb = <optimized out>
        maxfb = 0x7f9aa4000070
        p = 0x7f9aa4000078
        nextp = 0x7f9aa40009a0
        unsorted_bin = 0x7f9aa4000078
        first_unsorted = <optimized out>
        nextchunk = 0xff3548000a18
        size = 140302153157024
        nextsize = <optimized out>
        prevsize = <optimized out>
        nextinuse = <optimized out>
        bck = <optimized out>
        fwd = <optimized out>
        __func__ = "malloc_consolidate"
#1 0x00007f9acb099df8 in _int_malloc (av=0x7f9aa4000020, bytes=16384) at malloc.c:3423
        nb = 16400
        idx = 114
        bin = <optimized out>
        victim = <optimized out>
        size = <optimized out>
        victim_index = <optimized out>
        remainder = <optimized out>
        remainder_size = <optimized out>
        block = <optimized out>
        bit = <optimized out>
        map = <optimized out>
        fwd = <optimized out>
        bck = <optimized out>
        errstr = 0x0
        __func__ = "_int_malloc"
#2 0x00007f9acb09c7b0 in __GI___libc_malloc (bytes=16384) at malloc.c:2891
        ar_ptr = 0x7f9aa4000020
        victim = 0x511
        __func__ = "__libc_malloc"
#3 0x00007f9acbaa94d7 in dm_task_run () from /tmp/apport_sandbox_S4eo5o/lib/x86_64-linux-gnu/libdevmapper.so.1.02.1
No symbol table info available.
#4 0x00007f9acb3eed9a in dm_map_present (str=0x7f9aa4000ef0 "lun01") at devmapper.c:304
        r = 0
        dmt = 0x7f9aa40008e0
        info = {exists = -871807232, suspended = 32666, live_table = -888551504, inactive_table = 32666, open_count = -871809664, event_nr = 32666, major = 3423160064, minor = 32666,
          read_only = -871809840, target_count = 32666}
#5 0x0000000000404a77 in ev_add_map (dev=0x7f9ac40020fb "dm-3", alias=0x7f9aa4000ef0 "lun01", vecs=0xb6b6b0) at main.c:256
        refwwid = 0x600000000 <error: Cannot access memory at address 0x600000000>
        mpp = 0x7f9aa4000ef0
        map_present = 32666
        r = 1
#6 0x0000000000404a3c in uev_add_map (uev=0x7f9ac4002020, vecs=0xb6b6b0) at main.c:243
        alias = 0x7f9aa4000ef0 "lun01"
        major = -1
        minor = -1
        rc = 32666
#7 0x00000000004061ed in uev_trigger (uev=0x7f9ac4002020, trigger_data=0xb6b6b0) at main.c:755
        r = 0
        vecs = 0xb6b6b0
#8 0x00007f9acb40d29d in service_uevq (tmpq=0x7f9acc093de0) at uevent.c:118
        uev = 0x7f9ac4002020
        tmp = 0x7f9acc093de0
#9 0x00007f9acb40d4ac in uevent_dispatch (uev_trigger=0x406130 <uev_trigger>, trigger_data=0xb6b6b0) at uevent.c:167
        uevq_tmp = {next = 0x7f9acc093de0, prev = 0x7f9acc093de0}
#10 0x0000000000406436 in uevqloop (ap=0xb6b6b0) at main.c:814
No locals.
#11 0x00007f9acbcc3182 in start_thread (arg=0x7f9acc094700) at pthread_create.c:312
        __res = <optimized out>
        pd = 0x7f9acc094700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140302824851200, 5524701056917599093, 0, 0, 140302824851904, 140302824851200, -5503902022748048523, -5503898131477662859},
              mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#12 0x00007f9acb11447d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
No locals.

That kind of makes me suspicious of the state of the kernel multipath modules. Which ones are loaded of the dm-* modules? Does anything show up in /var/log/syslog? It would be quite helpful if you could attach syslog to this bug report.