Crash in android.os.TransactionTooLargeException: data parcel size 3124056 bytes at android.os.BinderProxy.transactNative(Native Method)

RESOLVED FIXED in Firefox 63

Status

()

defect
--
critical
RESOLVED FIXED
Last year
10 months ago

People

(Reporter: marcia, Assigned: andrei.a.lazar)

Tracking

(Blocks 1 bug, {crash, regression, reproducible})

Trunk
Firefox 63
Unspecified
Android
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox61 unaffected, firefox62 unaffected, firefox63 fixed)

Details

(Whiteboard: --do_not_change--[priority:high][geckoview], crash signature)

Attachments

(2 attachments)

This bug was filed from the Socorro interface and is
report bp-4235e648-361e-4e49-b02a-083f80180717.
=============================================================

Seen while looking at trunk crash stats - crashes started using 20180717100050: https://bit.ly/2JvKCGz. There are also similar signatures with a data parcel size which is a different value: https://bit.ly/2LqHBZH. Very noticeable in this build.

Comments:
*crashed as soon as I started it. 

Top 10 frames of crashing thread:

0 libxul.so GeckoAppShellSupport::ReportJavaCrash widget/android/nsAppShell.cpp:280
1 libxul.so void mozilla::jni::NativeStub<mozilla::java::GeckoAppShell::ReportJavaCrash_t, GeckoAppShellSupport, mozilla::jni::Args<mozilla::jni::Ref<mozilla::jni::TypedObject<_jthrowable*>, _jthrowable*> const&, mozilla::jni::StringParam const&> >::Wrap<&GeckoAppShellSupport::ReportJavaCrash> widget/android/jni/Natives.h:778
2 base.odex base.odex@0x2286b 
3 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x4f6a 
4 libart.so libart.so@0x401775 
5 libart.so libart.so@0x4069ed 
6 base.vdex base.vdex@0x3b068e 
7 dalvik-LinearAlloc (deleted) dalvik-LinearAlloc @0x573a 
8 libart.so libart.so@0x3f047e 
9 libart.so libart.so@0x3f02b5 

=============================================================
Petru, is this possibly fallout from the API26 work? Timing fits.
Flags: needinfo?(petru.lingurar)
This signature moved up to the #17 top crash (I am not counting all the other individual signatures where the byte size is different). APIs from 28-26 are affected. Pixel/Pixel XL and Pixel 2/Pixel 2 XL are affected. Ioana - Can you try to see if you can reproduce the issue?

Other Comments:
*Lol I just download, open it and it's already crashed? 
*Literally just opened this after download. Didn't open anything. 
*I just opened settings!
Flags: needinfo?(ioana.chiorean)
Will investigate this together with Oana.
Flags: needinfo?(ioana.chiorean) → needinfo?(oana.horvath)
Reproducing on Nightly 2018-07-18 build.

STR:
1. Fresh install/clear app data.
2. Open Fennec.
3. Open the Settings menu.

Devices:
Google Pixel (Android 9)
Huawei Nexus 6P (Android 8.1.0)
Flags: needinfo?(oana.horvath)
Posted file logcat.txt
I was also able to reproduce this on my Pixel, but only with a fresh install of Nightly (and following the STR in Comment 4).
Assignee: nobody → andrei.a.lazar
Flags: needinfo?(petru.lingurar)
Adding a few other of the top volume signatures.
Crash Signature: [@ android.os.TransactionTooLargeException: data parcel size 3124056 bytes at android.os.BinderProxy.transactNative(Native Method)] → [@ android.os.TransactionTooLargeException: data parcel size 3124056 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data parcel size 6234516 bytes at android.os.BinderProxy.transactNative(Native…
Whiteboard: --do_not_change--[priority:high]
Crash Signature: 4680572 bytes at android.os.BinderProxy.transactNative(Native Method)] → 4680572 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data parcel size 3124748 bytes at android.os.BinderProxy.transactNative(Native Method)]
Crash Signature: 4680572 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data parcel size 3124748 bytes at android.os.BinderProxy.transactNative(Native Method)] → 4680572 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data parcel size 3124748 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data …
Duplicate of this bug: 1477547
Crash Signature: parcel size 3124824 bytes at android.os.BinderProxy.transactNative(Native Method)] → parcel size 3124824 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data parcel size 3124240 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeExce…
Attachment #8994151 - Flags: review?(sdaswani) → review?(nchen)
Comment on attachment 8994151 [details]
Bug 1476424 Crash in android.os.TransactionTooLargeException: data parcel size 3124056 bytes at android.os.BinderProxy.transactNative(Native Method)

https://reviewboard.mozilla.org/r/258764/#review265790
Attachment #8994151 - Flags: review?(nchen) → review+
Whiteboard: --do_not_change--[priority:high] → --do_not_change--[priority:high][geckoview]
Keywords: checkin-needed
Pushed by rgurzau@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/bf5ff5b3b3f2
Crash in android.os.TransactionTooLargeException: data parcel size 3124056 bytes at android.os.BinderProxy.transactNative(Native Method) r=jchen
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/bf5ff5b3b3f2
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → Firefox 63
While it looks as if the crash signatures listed in this bug stopped after the fix in Comment 12, I am still seeing individual crash reports with similar signatures that persist after the landing - here are two examples that have Build IDs after the patch landed:

* https://crash-stats.mozilla.com/report/index/5bf252c5-6379-4ba9-8c69-5c2070180801
* https://crash-stats.mozilla.com/report/index/4fac85d3-03e0-4a22-a02e-fe3420180802

Andrei - Should I file a new bug to track these?
Flags: needinfo?(andrei.a.lazar)
Hey Marcia, after investigations made for this issue, [as per https://developer.android.com/reference/android/os/TransactionTooLargeException] I found out that a safe maximum size for these kinds of transactions would be somewhere around 1MB (depending on OS version, CPU architecture etc.) so the second crash it's a surprise for me [the one crashing with 0.7MB]. Indeed filing a new bug would be necessary, also some steps to reproduce would be extremly helpful for me, and thank you very much for keeping an eye on this!
Flags: needinfo?(andrei.a.lazar) → needinfo?(mozillamarcia.knous)
Filed Bug 1480852 to track the signatures that are happening after the landing.
Flags: needinfo?(mozillamarcia.knous)
Crash Signature: android.os.BinderProxy.transactNative(Native Method)] → android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data parcel size 537688 bytes at android.os.BinderProxy.transactNative(Native Method)] [@ android.os.TransactionTooLargeException: data parcel size 635556…
No longer blocks: 1496435
You need to log in before you can comment on or make changes to this bug.