OS: Ubuntu 8.10 x86
Chrome version: 4.0.293.0~svn20100108r35769-0ubuntu1~ucd1~intrepid

Same here (just updated). Ubuntu 9.04 - the Jaunty Jackalope. 64bits

seems to be in the zygote.

(gdb) r
Starting program: /usr/lib/chromium-browser/chromium-browser
[Thread debugging using libthread_db enabled]
Inconsistency detected by ld.so: dl-minimal.c: 138: realloc: Assertion `ptr == alloc_last_block' failed!
^C
Program received signal SIGINT, Interrupt.
0x00ef8422 in __kernel_vsyscall ()
(gdb) bt
#0  0x00ef8422 in __kernel_vsyscall ()
#1  0x00572071 in recvmsg () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x08568919 in base::RecvMsg (fd=10, buf=0xbfffeba2, length=10, fds=0xbfffeaa8) at base/unix_domain_socket_posix.cc:64
#3  0x08281d0d in ZygoteHost::Init (this=0xa0590c8, sandbox_cmd=...) at chrome/browser/zygote_host_linux.cc:148
#4  0x0806a689 in ChromeMain (argc=2, argv=0xbffff844) at chrome/app/chrome_dll_main.cc:728
#5  0x0806ae05 in main (argc=2, argv=0xbffff844) at chrome/app/chrome_exe_main_gtk.cc:52

r35689: OK
r35769: NOK

Same here.
Ubuntu 9.0.4 32bits

same here:

Inconsistency detected by ld.so: dl-minimal.c: 138: realloc: Assertion `ptr ==
alloc_last_block' failed!

2.6.31-17-generic
ubuntu 9.10 32bits

Please stop confirming. We have enough info to show that it's reproducible on a bunch 
of different ubuntu distros so it's not something else. the bug is definitely in 
chromium (or in the way it is built in ubuntu). The error message seems to indicate 
something about memory corruption.

In the meantime, you can downgrade to yesterday's version, or shift to one of the 
other channels/PPAs:

https://launchpad.net/~chromium-daily/+archive/dev
https://launchpad.net/~chromium-daily/+archive/beta

I was wondering the same thing. I tried to roll back via Synaptic when the issue first 
surfaced and I didn't see an older version to roll back to. I was able to add the dev 
PPA (first link above) to my sources and force a rollback to an older version that 
way. It's damned good to have Chromium back, especially since something also killed 
Epiphany and I hated having to use Firefox just to find this bug.

neo.. edit your sources in Ubuntu 
1. System > Administration > Software Sources
2. Click 'Other Software'
3. Choose chromium deps and change them to read:
http://ppa.launchpad.net/chromium-daily/dev/ubuntu instead of 
http://ppa.launchpad.net/chromium-daily/ppa/ubuntu
**You should have 2 of them, one for sources and the other ;)

Close and choose reload when prompted.

Goto Synaptic and type chromium in the search.. when chromium-browser is displayed 
highlight and then from the menubar choose 'Packages > Force version' and you should 
get a drop down.. just choose the previous version from the list and away you go ;)

Another possible data point:  This same version that fails as above on my heavily
used dev machine does not fail on another machine.  I used an account on the
non-failing machine on which chromium-browser had never been used.  Worked fine.

On the failing machine, I got rid of(renamed) the ~/.cache/chromium and
~/.config/chromium directories, but to no avail.  Are there other "spots" which need
to be tended?

Of course, the downgrade worked as expected, but I'd prefer to live on the edge.

Problem:
dlsym(RTLD_NEXT) is getting us realloc out of dl-minimal.c, which provides its *own* 
realloc "minimal" replacement that is intended only for use within /lib/ld.so.  Due to 
our fiddling with realloc, when ICU (etc.) tries to realloc during startup we end up 
forwarding the call through to this bad function.

Our best guess is that some change in this window caused library chained dependencies to 
reorder, breaking RTLD_NEXT.  agl would also like to note "I told you so".


Options:
- try to reorder link line to make our dlsym() fall back on the "right" one in libc.  
sounds nearly impossible
- do something clever with /proc/self/maps to avoid this?  sounds like we probably can't 
do anything even if we know we're hosed
- do some binary patching of the real malloc, like how markus's sandbox works
- fix all users of malloc to use a safe one, like g_malloc or xmalloc
- use tcmalloc and sidestep all of this

The last one sounds easiest.  What's the status on that, Will?

I've enabled tcmalloc 3 times and failed 3 times.  Something always breaks.  I need to 
stop doing it on the side and devote solid chunks of time to squashing the issues that 
crop up (I currently have 4 or so outstanding issues I need to fix before I try to re-
enable again).  So, switching to tcmalloc isn't happening soon or someone else is 
going to have to do it.

Another possible solution (I think agl didn't like this because it uses glibc 
internals) is to just directly call __libc_realloc rather than go through dlsym().

We override __libc_realloc in case some library tries to use it directly.  
Verification that no one uses it seems like a fair work around though.

If we want to go that route and do away with dlsym completely, we'd should have a 
build check that nothing tries to use the "private versions."

@agl: tested the fix^Hworkaround locally, it works. Thanks!
It's currently building in the PPA. Give it some time.

 Issue 31852  has been merged into this issue.

 Issue 31826  has been merged into this issue.

 Issue 31815  has been merged into this issue.

malloc overrides have been reenabled in r35823, using a different method.

Ubuntu folks: tomorrow's PPA will not have any malloc overrides and the next day's 
will have the new set. Hopefully that will be enough to disambiguate any issues.

At some point, bugdroid will wake up and spam this bug will all the change records.

I'm a Ubuntu/Chromium user and I just wanted to say 'thanks' for your work. Those of 
us in userland *do* appreciate your effort.  

I wanna add to that :) Thank you guys for bringing the fastest browser over to Linux
under the power of open source :)

Karmic users: If you're like me and you updated today and broke your chromium, you
may be able fix it like so:

cd /var/cache/apt/archives
ls chromium-browser_*

and then using "sudo dpkg -i chromium-browser_SECOND-TO-LAST-ONE.deb" to reinstall
the second-to-last one.

It worked fine for me and my update manager recognizes that I'm behind on chromium
now, so updating again after today should just be like normal.

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=35823 

------------------------------------------------------------------------
r35823 | agl@chromium.org | 2010-01-08 13:28:27 -0800 (Fri, 08 Jan 2010) | 14 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/base/process_util_linux.cc?r1=35823&r2=35822
   M http://src.chromium.org/viewvc/chrome/trunk/src/base/process_util_unittest.cc?r1=35823&r2=35822

Linux: reenable malloc overrides.

(These were disabled in r35804 and r35810.)

This time we are using the __libc_* names to get at the real glibc
functions rather than dlsym. This now means that code that calls
__libc_* gets the raw functions, not 'safe' ones. Also, this sets the
visibility correctly. Previously we were not overriding malloc calls
made in shared libraries.

BUG= 31809 
TEST=Covered by unittests.

http://codereview.chromium.org/533001
------------------------------------------------------------------------

Chrome Version       : 4.0.293.0~svn20100108r35769-0ubuntu1~ucd1~karmic
OS + version : Ubuntu 9.10
CPU architecture (32-bit / 64-bit): 32
window manager : metacity

After the last upgrade from chromium PPA I cannot start chromium-browser
anymore, according to command ps there are three chromium-browser processes
running, one of them in the state of zombie. Chromium window does not show
up. On the terminal I got:

lgb@vega:~$ chromium-browser 
Inconsistency detected by ld.so: dl-minimal.c: 138: realloc: Assertion `ptr
== alloc_last_block' failed!

Chrome Version       : 4.0.293.0~svn20100108r35769-0ubuntu1~ucd1~karmic
OS + version : Ubuntu 9.10
CPU architecture (32-bit / 64-bit): 32
window manager : metacity

After the last upgrade from chromium PPA I cannot start chromium-browser
anymore, according to command ps there are three chromium-browser processes
running, one of them in the state of zombie. Chromium window does not show
up. On the terminal I got:

lgb@vega:~$ chromium-browser 
Inconsistency detected by ld.so: dl-minimal.c: 138: realloc: Assertion `ptr
== alloc_last_block' failed!

This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.