Closed Bug 1776525 Opened 2 years ago Closed 2 years ago

"FLAG_IMMUTABLE or FLAG_MUTABLE be specified when creating a PendingIntent" Crash in [@ java.lang.IllegalArgumentException: at android.app.PendingIntent.checkFlags(PendingIntent.java)]

Categories

(Fenix :: General, defect, P1)

Product:
Fenix
Component:
General
Platform:
Unspecified
Android
Type:
defect

Tracking

(firefox101 unaffected, firefox102 unaffected, firefox103 wontfix, firefox104 wontfix, firefox105 wontfix, firefox106 fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox101 --- unaffected
firefox102 --- unaffected
firefox103 --- wontfix
firefox104 --- wontfix
firefox105 --- wontfix
firefox106 --- fixed

People

(Reporter: cpeterson, Assigned: jonalmeida)

References

Details

(Keywords: crash, topcrash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/cf7b2892-5c21-4509-9860-aec310220624

This crash looks like a regression in Fenix Nightly 103. In the last six months, there are 95 crash reports with this crash signature from 48 clients, all running Fenix Nightly 103.

Java stack trace:

java.lang.IllegalArgumentException
	at android.app.PendingIntent.checkFlags(PendingIntent.java:382)
	at android.app.PendingIntent.getActivityAsUser(PendingIntent.java:465)
	at android.app.PendingIntent.getActivity(PendingIntent.java:451)
	at android.app.PendingIntent.getActivity(PendingIntent.java:415)
	at com.google.android.gms.common.api.internal.GoogleApiManager.zac(Unknown Source:12)
	at com.google.android.gms.common.api.internal.GoogleApiManager$zaa.onConnectionFailed(Unknown Source:22)
	at com.google.android.gms.common.internal.BaseGmsClient$zzf.zza(Unknown Source:4)
	at com.google.android.gms.common.internal.BaseGmsClient$zza.zza(Unknown Source:7)
	at com.google.android.gms.common.internal.BaseGmsClient$zzb.handleMessage(Unknown Source:55)
	at android.os.Handler.dispatchMessage(Handler.java:106)
	at com.google.android.gms.internal.common.zze.dispatchMessage(Unknown Source:1)
	at android.os.Looper.loopOnce(Looper.java:226)
	at android.os.Looper.loop(Looper.java:313)
	at android.os.HandlerThread.run(HandlerThread.java:67)
Component: General → Stability
Product: GeckoView → Fenix

Duplicate of bug 1774565?

(In reply to Kevin Brosnan [:kbrosnan] from comment #1)

Duplicate of bug 1774565?

Bug looks like a similar issue, but I don't think this bug is a duplicate. That bug was (supposedly) fixed in 103 on 2022-06-18 and we're still seeing this bug's crashes in 104

status-firefox104: --- → affected
See Also: → 1774565

This is a topcrash for Fenix 104 at the moment.

status-firefox103: affectedwontfix
status-firefox105: --- → affected
status-firefox106: --- → affected
Keywords: topcrash

Looks like the first crash reports were from Nightly 103.0a1 build ID 20220607093440.

The IllegalArgumentException's message is:

java.lang.IllegalArgumentException: org.mozilla.fenix: Targeting S+ (version 31 and above) requires that one of FLAG_IMMUTABLE or FLAG_MUTABLE be specified when creating a PendingIntent. Strongly consider using FLAG_IMMUTABLE, only use FLAG_MUTABLE if some functionality depends on the PendingIntent being mutable, e.g. if it needs to be used with inline replies or bubbles.

Crash Signature: [@ java.lang.IllegalArgumentException: at android.app.PendingIntent.checkFlags(PendingIntent.java)] → [@ java.lang.IllegalArgumentException: at android.app.PendingIntent.checkFlags(PendingIntent.java)] [@ java.lang.IllegalArgumentException: at android.app.PendingIntent.checkFlags(Unknown Source:73)]
Priority: P2 → P1

I don't see any suspicious changes in the Gecko/GeckoView changelog from 2022-06-06 to 2022-06-07, so this is presumably a regression in Fenix, AC, or AS:

https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=3d6d967aa9f60c37c85ba1791eeaac99ba0d9e3d&tochange=4c50bf9afb4269a5615079a3b074500fcfb869e6

While talking to Christian, I had a hunch it might be because of a PendingIntent that sent to us from a third party app via a Custom Tab. While trying to replicate this situation, I looks like a client app that is targeting a lower version SDK without the flags mentioned above would not end up crashing the browser app. We saw a hint that it might have been a Custom Tab as well because the last breadcrumbs in some of the events were from the ExternalAppBrowserActivity, but I can see other events that have the last breadcrumb as the HomeActivity.

I'm now more inclined to believing it's because of Firebase Cloud Messaging when we check if the service is available with GoogleApiAvailability#isGooglePlayServicesAvailable. When the service tries to check if the API is available, it leads down the similar code path as below:

	at com.google.android.gms.common.api.internal.GoogleApiManager.zac(Unknown Source:12)
	at com.google.android.gms.common.api.internal.GoogleApiManager$zaa.onConnectionFailed(Unknown Source:22)

It's hard to tell if it's also coming from the rest of same stack trace path as well because it's an obfuscated path, but we know that Firebase has the same dependency (gradlew :lib-push-firebase:dependencies) that has the BaseGmsClient as well:

	at .internal.BaseGmsClient$zzf.zza(Unknown Source:4)
	at com.google.android.gms.common.internal.BaseGmsClient$zza.zza(Unknown Source:7)
	at com.google.android.gms.common.internal.BaseGmsClient$zzb.handleMessage(Unknown Source:55)

So if there is a onConnectionFailed error while trying to get the Firebase result, then we could be invoking the code path that leads to this crash.

As also mentioned in a Slack thread, we can't downgrade our target SDK since 31 is required starting from November. However, what we can do is upgrade to a newer version of the FCM dependency to see if that resolves the crashes.

We could also consider patching the incoming Pending Intent from the Custom Tab as well to be doubly-sure, but I'm not sure if I've convinced myself yet if this is even needed.

According to this bug report, there was a bug in the play-services-base project that is an in-direct dependency of only FCM (when looking at the dependency tree in Fenix) which was fixed in version 18.0.0 of the app. The FCM version we have currently is using 17.0.0 of that library, so I'm more inclined to believing this is the cause albeit I'm unable to reproduce the bug with the STR mentioned in opening post of the bug report.

Blocks: Android_12

Do we have an issue on file for updating to a newer FCM release? Looks like 23.0.7 is the latest? And 23.0.1 appears to the be the first bringing along play-services-base 18.x.

Flags: needinfo?(jonalmeida942)

I went ahead and started a PR for the bump to 23.0.7, but it's going to need a bit more love than just that (as expected). Would be great if someone could take it over from there.
https://github.com/mozilla-mobile/android-components/pull/12753

status-firefox104: affectedwontfix
status-firefox105: affectedwontfix
See Also: → https://github.com/mozilla-mobile/android-components/pull/12753

We've updated to 23.0.8 (which also includes a security fix) in it and tested the change against Fenix. This is landing now and should be in the next nightly.

Flags: needinfo?(jonalmeida942)

No Nightly crashes since this landed. Looks like it worked!

Assignee: nobody → jonalmeida942
Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox106: affectedfixed
Resolution: --- → FIXED

Excellent! 🙌

Component: Stability → General
You need to log in before you can comment on or make changes to this bug.