-
Notifications
You must be signed in to change notification settings - Fork 278
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Unable to restore session" due to lost pickle key #1816
Comments
We suspect some of these failure modes might be an interaction with user being a guest and then trying to log in later. |
I have had this issue with Element Desktop about a dozen times over the past year or so. I submitted 3 rageshakes to #1632. As I get this issue every couple of weeks, if there's any additional logging I can turn on to help fix this issue, or answer any questions, please let me know. |
I've just seen your bug report: thank you so much for being detailed on what you did. Thanks to this, I can clearly see that This can be reproduced by deleting the You say that you've had this "over the past year" - do you recall the earliest time and did you send a bug report when this happened? The earliest report I see from that user ID is Apr 22. Also, do you ever try nightly builds of Element Desktop? How frequently do you upgrade versions? I'm wondering if you could be hitting electron/electron#27734 ? |
I did some digging in my own notes and chats, but couldn't find exact dates of every time it happened unfortunately. So I don't know the earliest time this exact issue happened to me, but the earliest time I can recall and sent a rageshake was 2023-07-22. I also see my first report in the issue on element-desktop still uses Olm, so I assume that report and the times I experienced it before that were not using the rust crypto stack. Could be wrong of course. I also don't remember if I enabled rust crypto in labs or not. I doubt it, but can't be sure. I haven't noticed an increase of this bug recently. Once every couple of weeks. I never use the nightly builds of Element Desktop. I update every 1-3 weeks, and as the package in the AUR is not usually updated right away, it's not rare to be 1-2 versions behind. I have a few profiles in Element, but have exclusively used the default one for months. |
I did some more digging, and cross-referenced inactive sessions with some logging I have, and was able to get the dates of every time I had this issue in the past year or so. I am pretty confident these are all of them. It also appears that I overestimated how often this happened total. I have likely had this outcome a dozen times, but not in the past year, and with multiple different causes. Looking at the dates, it does appear that the issue started happening more often more recently. I don't know what versions/dates the rust crypto became available/default, so can't comment on the relation to that.
|
...and hopefully this will be my last message for a little while, but just had it happen again (rageshake sent). I was looking through the various tables in IndexedDB via devtools, noticed that the matrix-react-sdk pickleKey table was empty, was curious whether that meant it would be unable to restore the session, and sure enough. I was careful to not delete anything, so I didn't accidentally delete/edit/update/add anything in there. And it appears to always be empty, so even now with it being empty I can exit and re-open Element just fine... And probably unrelated to this issue, but downloading logs via the submit debug logs crashed Element desktop twice for me. |
Thanks, this is all very valuable information. I would be very interested to know if any other tables are empty when this happens. Specifically:
|
Worth noting that for The missing
This implies that
If the app is in an inconsistent state I could see this causing some of these errors. Separately, why now. What is different with EW-R that is causing us to see this more frequently? |
Just experienced the issue again.
I took some screenshots of a few of the mentioned tables, so I can censor those and send those too if needed. And I made a backup of the |
Amazing, thank you! I'll look into this soon. |
Also seen:
|
It also looks like this may have been an issue for a while - element-hq/element-web#9338 seems eerily similar. |
My best guess on this is that hard crashes are corrupting the database. This has increased with rust SDK because the indexedDB implementation does not ask for durable writes because it can't. I'm guessing that Electron is more affected because there's more opportunity for hard crashes - restarting a machine with chrome restores the tabs which I wonder if that behaves differently to closing an app in Electron. |
I believe this is what will happen on Element Desktop, if the pickle key is not provided by the system keychain when Element starts. (When you first log in, a key is stored in the system keyring, which is then used to encrypt the E2EE database. If that key is removed from the system keychain, then you'll get this error.) Certainly that is what seems to have happened in @KrisVos130's report of 2024-06-11. The clue is this line in the logs:
|
Tracking this over at element-hq/element-web#27870 because I think it's different. |
I strongly suspect that at least
|
This issue has been closed, can we now use durable writes? |
Yes, I believe so. That's tracked over at matrix-org/matrix-rust-sdk#3354. I'm a bit unconvinced that indexeddb corruption is the actual problem here. |
I have been using 1.11.68 for a month or so, and just downloaded 1.11.72 as it has some extra logging for this or similar issues. The first time I opened 1.11.72, I got the "Unable to restore session" screen. The "Unable to load session" error is slightly different than the three listed in comment 1 of this issue, I also saw the following in journalctl:
I also saw something about the problem potentially being with the interaction with the wallet. So for some extra context, in the kdewallet, I can see passwords/keys for the sessions that have failed to load over the past few months. So if the issue is with the wallet, the password still exists at the very least. I also have had no issues with any other program so far. |
It's becoming clear to me that these are three completely different root causes.
This is what used to happen when the database was encrypted, but the picklekey was missing: the account is stored as an array of bytes containing the json serialization of an As of v1.11.70 (which does a bit more checking on the values it is trying to deserialise, this may be replaced by simply
This is, probably, the opposite problem: the database is not encrypted, but we have a picklekey. The code is expecting to find an array of bytes, but in fact we have an unencrypted JSON serialization of a PickledAccount. Again, this has changed as of v1.11.70: it will always report "An object failed to be decrypted while unpickling".
This is a bit odd. Again, it happens when we do have a picklekey, and one thing that could cause it is when the stored "account" is just It's rather unfortunate that everything will end up with the same error from v1.11.70 :/ |
@KrisVos130: thanks for the update. Yes, this does look like basically the same problem; v1.11.70 added a database migration step, and if that step runs when the encryption key is missing it will spit out that error. |
I notice that this only seems to happen on the electron platform. I'll transfer it to the element-desktop repo. |
Also, I'm pretty sure it's related to #1077. |
I think my next step here is going to be to add some sanity-checking to the bit where we try to load the access token from the database. Currently I think that is failing, but the error is being silently swallowed, and then we get this more cryptic error from the crypto stack. At least if we fail earlier we can give better error messages in the logs. |
[Updated the description to reflect the fact that there are now different symptoms when this happens] |
For me this was caused by KeePassXC not being started and the database not opened. Element doesn't play very friendly with secret-service alternatives. |
There seems to be a problem wherein sometimes Element Desktop installations forget their pickle key, meaning users are unable to load their session.
The picklekey is used to encrypt things like the server access token, as well as the entire crypto DB (which holds the decryption keys for received messages).
On Element Desktop (in contrast with Element Web), the pickle key is stored in the system keyring, via keytar. We don't know why it is being lost.
The symptoms of the problem are a big error box like this on load:
NB: this is not the only root cause of that error; the only way to be sure it is the same problem is to inspect the console, or rageshake logs. It will (as of Element Desktop 1.11.78) show the line:
(Previously, the error message was
Unable to load session Error: An object failed to be decrypted while unpickling
)Original description
We've seen a few user reports of "Unable to restore session" errors with things like the following in the logs:
All of these suggest a problem deserialising the pickled account data in the
core.account
row in indexeddb. The first one suggests that thepickleKey
has been deleted from thematrix-react-sdk
indexeddb. The other two suggest some sort of malformed data in thematrix-js-sdk::matrix-sdk-crypto
store. I have no real ideas how we're getting into this state.The text was updated successfully, but these errors were encountered: