Closed Bug 1476424 Opened 7 years ago Closed 7 years ago

Crash in android.os.TransactionTooLargeException: data parcel size 3124056 bytes at android.os.BinderProxy.transactNative(Native Method)

Categories

(Firefox for Android Graveyard :: General, defect)

Product:
Firefox for Android Graveyard
Component:
General
Platform:
Unspecified
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(firefox61 unaffected, firefox62 unaffected, firefox63 fixed)

Status:
RESOLVED FIXED
Milestone:
Firefox 63
Tracking Flags:
Tracking Status
firefox61 --- unaffected
firefox62 --- unaffected
firefox63 --- fixed

People

(Reporter: marcia, Assigned: andrei.a.lazar)

References

Details

(Keywords: crash, regression, reproducible, Whiteboard: --do_not_change--[priority:high][geckoview])

Crash Data

Attachments

(2 files)

logcat.txt
282.71 KB, text/plain
Details
Bug 1476424 Crash in android.os.TransactionTooLargeException: data parcel size 3124056 bytes at android.os.BinderProxy.transactNative(Native Method)
59 bytes, text/x-review-board-request
jchen
: review+
Details
This bug was filed from the Socorro interface and is report bp-4235e648-361e-4e49-b02a-083f80180717. ============================================================= Seen while looking at trunk crash stats - crashes started using 20180717100050: https://bit.ly/2JvKCGz. There are also similar signatures with a data parcel size which is a different value: https://bit.ly/2LqHBZH. Very noticeable in this build. Comments: *crashed as soon as I started it. Top 10 frames of crashing thread: 0 libxul.so GeckoAppShellSupport::ReportJavaCrash widget/android/nsAppShell.cpp:280 1 libxul.so void mozilla::jni::NativeStub<mozilla::java::GeckoAppShell::ReportJavaCrash_t, GeckoAppShellSupport, mozilla::jni::Args<mozilla::jni::Ref<mozilla::jni::TypedObject<_jthrowable*>, _jthrowable*> const&, mozilla::jni::StringParam const&> >::Wrap<&GeckoAppShellSupport::ReportJavaCrash> widget/android/jni/Natives.h:778 2 base.odex base.odex@0x2286b 3 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x4f6a 4 libart.so libart.so@0x401775 5 libart.so libart.so@0x4069ed 6 base.vdex base.vdex@0x3b068e 7 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x573a 8 libart.so libart.so@0x3f047e 9 libart.so libart.so@0x3f02b5 =============================================================
Petru, is this possibly fallout from the API26 work? Timing fits.
Flags: needinfo?(petru.lingurar)
This signature moved up to the #17 top crash (I am not counting all the other individual signatures where the byte size is different). APIs from 28-26 are affected. Pixel/Pixel XL and Pixel 2/Pixel 2 XL are affected. Ioana - Can you try to see if you can reproduce the issue? Other Comments: *Lol I just download, open it and it's already crashed? *Literally just opened this after download. Didn't open anything. *I just opened settings!
Flags: needinfo?(ioana.chiorean)
Will investigate this together with Oana.
Flags: needinfo?(ioana.chiorean) → needinfo?(oana.horvath)
Reproducing on Nightly 2018-07-18 build. STR: 1. Fresh install/clear app data. 2. Open Fennec. 3. Open the Settings menu. Devices: Google Pixel (Android 9) Huawei Nexus 6P (Android 8.1.0)
Flags: needinfo?(oana.horvath)
I was also able to reproduce this on my Pixel, but only with a fresh install of Nightly (and following the STR in Comment 4).
Assignee: nobody → andrei.a.lazar
Flags: needinfo?(petru.lingurar)
Adding a few other of the top volume signatures.
Crash Signature: [@ android.os.TransactionTooLargeException: data parcel size 3124056 bytes at android.os.BinderProxy.transactNative(Native Method)] → [@ android.os.TransactionTooLargeException: data parcel size 3124056 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data parcel size 6234516 bytes at android.os.BinderProxy.transactNative(Native…
Keywords: reproducible
Whiteboard: --do_not_change--[priority:high]
Crash Signature: 4680572 bytes at android.os.BinderProxy.transactNative(Native Method)] → 4680572 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data parcel size 3124748 bytes at android.os.BinderProxy.transactNative(Native Method)]
Crash Signature: 4680572 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data parcel size 3124748 bytes at android.os.BinderProxy.transactNative(Native Method)] → 4680572 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data parcel size 3124748 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data …
Crash Signature: parcel size 3124824 bytes at android.os.BinderProxy.transactNative(Native Method)] → parcel size 3124824 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data parcel size 3124240 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeExce…
Attachment #8994151 - Flags: review?(sdaswani) → review?(nchen)
Comment on attachment 8994151 [details] Bug 1476424 Crash in android.os.TransactionTooLargeException: data parcel size 3124056 bytes at android.os.BinderProxy.transactNative(Native Method) https://reviewboard.mozilla.org/r/258764/#review265790
Attachment #8994151 - Flags: review?(nchen) → review+
status-firefox62: --- → unaffected
Whiteboard: --do_not_change--[priority:high] → --do_not_change--[priority:high][geckoview]
Keywords: checkin-needed
Pushed by rgurzau@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/bf5ff5b3b3f2 Crash in android.os.TransactionTooLargeException: data parcel size 3124056 bytes at android.os.BinderProxy.transactNative(Native Method) r=jchen
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/bf5ff5b3b3f2
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox63: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 63
Depends on: 1480007
While it looks as if the crash signatures listed in this bug stopped after the fix in Comment 12, I am still seeing individual crash reports with similar signatures that persist after the landing - here are two examples that have Build IDs after the patch landed: * https://crash-stats.mozilla.com/report/index/5bf252c5-6379-4ba9-8c69-5c2070180801 * https://crash-stats.mozilla.com/report/index/4fac85d3-03e0-4a22-a02e-fe3420180802 Andrei - Should I file a new bug to track these?
Flags: needinfo?(andrei.a.lazar)
Hey Marcia, after investigations made for this issue, [as per https://developer.android.com/reference/android/os/TransactionTooLargeException] I found out that a safe maximum size for these kinds of transactions would be somewhere around 1MB (depending on OS version, CPU architecture etc.) so the second crash it's a surprise for me [the one crashing with 0.7MB]. Indeed filing a new bug would be necessary, also some steps to reproduce would be extremly helpful for me, and thank you very much for keeping an eye on this!
Flags: needinfo?(andrei.a.lazar) → needinfo?(mozillamarcia.knous)
Filed Bug 1480852 to track the signatures that are happening after the landing.
Flags: needinfo?(mozillamarcia.knous)
Crash Signature: android.os.BinderProxy.transactNative(Native Method)] → android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data parcel size 537688 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data parcel size 635556…
No longer blocks: 1496435
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: