I reinstalled gperftools and recompiled debug binaries for my code. I hit the SEGV again.
This time in src/central_freelist.cc:298 span->objects = *(reinterpret_cast<void**>(result));
Here is the call stack this time:


#0  tcmalloc::CentralFreeList::FetchFromSpans (this=0x7f9898f1caa0)
    at src/central_freelist.cc:298
#1  0x00007f9898cf1078 in tcmalloc::CentralFreeList::RemoveRange (
    this=0x7f9898f1caa0, start=0x7f982d066480, end=0x7f982d066488, N=166)
    at src/central_freelist.cc:269
#2  0x00007f9898cf4202 in tcmalloc::ThreadCache::FetchFromCentralCache (
    this=0x865e18, cl=<optimized out>, byte_size=8) at src/thread_cache.cc:160
#3  0x00007f9898d052d8 in Allocate (cl=<optimized out>, size=<optimized out>,
    this=<optimized out>) at src/thread_cache.h:364
#4  do_malloc_small (size=<optimized out>, heap=<optimized out>)
    at src/tcmalloc.cc:1088
#5  do_malloc_no_errno (size=5) at src/tcmalloc.cc:1095
#6  cpp_alloc (nothrow=false, size=5) at src/tcmalloc.cc:1423
#7  tc_newarray (size=5) at src/tcmalloc.cc:1631
#8  0x00007f98981e7574 in leveldb::Status::Status(leveldb::Status::Code, leveldb::Slice
const&, leveldb::Slice const&) ()
   from /home/storagevisor/leveldb-1.14.0/libleveldb.so.1
#9  0x00007f98981d80be in leveldb::Version::Get(leveldb::ReadOptions const&, leveldb::LookupKey
const&, std::string*, leveldb::Version::GetStats*) ()
   from /home/storagevisor/leveldb-1.14.0/libleveldb.so.1
#10 0x00007f98981bd98c in leveldb::DBImpl::Get(leveldb::ReadOptions const&, leveldb::Slice
const&, std::string*) ()
   from /home/storagevisor/leveldb-1.14.0/libleveldb.so.1

< valid stack from my code below>

I am using --enable-frame-pointers option while configuring since I do not want to
install libunwind.

Thanks for raising this.

First, I need to be sure, that this is not bug in your application. Have you tried
running without tcmalloc but with either valgrind or address sanitizer ?

Alternatively, if you can attach test program or link to test program that would help
too.

Yes I have tried it with valgrind successfully without tcmalloc.

It is rather complex system to share in isolation. I will see how I can share the repro.

Is there any additional logging and/or profiling that I can do to help you identify
the problem? It repros consistently in my environment.

Ok. Can you share your compiler and toolchain?

Recently somebody reported very similarly looking issue on windows with intel compiler.
I suspect we might be having pointer aliasing bug that more aggressive compiler is
hitting.

In order to investigate that possibility:

* can you try with -O0 or something like that ?

* can you try with -fno-strict-aliasing (my understanding is both clang and icc support
this flag on GNU/Linux) ?

* can try to post disassembly of FetchFromSpans ?

I am using g++ version 4.6.3 on ubuntu.

Note that I was getting an error even with debug (-g) compilation.

We re factored and rewrote some code to accommodate some additional functionality in
our system and now the issue does not seem to reproduce. There were some changes in
areas around which the failures were seen however I haven't yet completely analyzed
where and whether there were any issues in our code.

While analyzing some valgrind errors I could isolate a small standalone leveldb program
which gives errors similar to our code. I have posted to the issue here: http://code.google.com/p/leveldb/issues/detail?id=211
. I am posting the update here as well in case it is related.

Closing then. Please reopen if you can reproduce it.