This is version 0.9.16
I used sample-bdb.txt for instance, with the DUP_SORT option, and the mdb_put with the MDB_RESERVED flags, and execute it 2 times. The first run (creation) is ok, the second (update) gets the seg fault.
I ran it in gdb and got the stack :
#0 mdb_cursor_set (mc=mc@entry=0x7fffffffdb40, key=key@entry=0x7fffffffdda0,
exactp=exactp@entry=0x7fffffffd7f0) at mdb.c:5867
#1 0x00007ffff7bd024c in mdb_cursor_put (mc=0x7fffffffdb40,
key=0x7fffffffdda0, data="" flags=32768) at mdb.c:6391
#2 0x00007ffff7bd095f in mdb_cursor_put (mc=0x7fffffffd9b0,
key=0x7fffffffdd90, data="" flags=<optimized out>)
#3 0x00007ffff7bd29b2 in mdb_put (txn=<optimized out>, dbi=<optimized out>,
key=0x7fffffffdd90, data="" flags=65536) at mdb.c:8611
#4 0x0000000000400ccf in main (argc=1, argv=0x7fffffffded8) at sample-mdb.c:43
It seems the mp_lower value of the page is set to 0 instead of a value inside the page.