alexzak
September 21, 2024, 4:13am
1
After updating to snapshot 20240918 I started getting this error when after locking the screen if I try to unlock it, the KDE screen locker crashes and displays this error on the black screen:
“Screen locker is broken and unlocking is not possible anymore.”
Followed by instructions how to unlock the session from the console with loginctl.
I think it can be caused by pam updates in snapshot 20240918, but I’m not sure: New Tumbleweed snapshot 20240918 released! - openSUSE Factory - openSUSE Mailing Lists
Doing a rollback to a btrfs snapshot prior to this update fixes the problem for me.
2 Likes
alexzak
September 21, 2024, 4:25am
2
Found these lines in journalctl:
Sep 20 20:16:36 slick systemd[1]: Started dbus-:1.3-org.kde.powerdevil.backlighthelper@2.service.
Sep 20 20:16:38 slick kscreenlocker_greet[36628]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 20 20:16:38 slick kernel: QThread[36637]: segfault at fffffffffffffe80 ip 00007fb76b6a436e sp 00007fb74bdff260 error 5 in libc.so.6[a436e,7fb76b628000+16e000] likely on CPU 7 (core 12, socket 0)
Sep 20 20:16:38 slick kernel: Code: 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 90 90 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 ba 14 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 20 ba 14 00 64 48 83 3a
Sep 20 20:16:38 slick kscreenlocker_greet[36628]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 20 20:16:38 slick systemd[1]: Starting Fingerprint Authentication Daemon...
Sep 20 20:16:38 slick kscreenlocker_greet[36628]: no valid certificate which meets all requirements found
Sep 20 20:16:38 slick kscreenlocker_greet[36628]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Sep 20 20:16:38 slick systemd[1]: Started Fingerprint Authentication Daemon.
Sep 20 20:16:39 slick kscreenlocker_greet[53283]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 20 20:16:39 slick kscreenlocker_greet[53283]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 20 20:16:39 slick kscreenlocker_greet[53283]: no valid certificate which meets all requirements found
Sep 20 20:16:39 slick kscreenlocker_greet[53283]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Sep 20 20:16:39 slick kernel: QThread[53298]: segfault at fffffffffffffe80 ip 00007ff4d16a436e sp 00007ff4b29ff260 error 5 in libc.so.6[a436e,7ff4d1628000+16e000] likely on CPU 5 (core 8, socket 0)
Sep 20 20:16:39 slick kernel: Code: 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 90 90 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 ba 14 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 20 ba 14 00 64 48 83 3a
Sep 20 20:16:40 slick kscreenlocker_greet[53330]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 20 20:16:40 slick kscreenlocker_greet[53330]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 20 20:16:40 slick kscreenlocker_greet[53330]: no valid certificate which meets all requirements found
Sep 20 20:16:40 slick kscreenlocker_greet[53330]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Sep 20 20:16:40 slick kernel: QThread[53341]: segfault at fffffffffffffe80 ip 00007f5d962a436e sp 00007f5d773ff260 error 5 in libc.so.6[a436e,7f5d96228000+16e000] likely on CPU 5 (core 8, socket 0)
Sep 20 20:16:40 slick kernel: Code: 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 90 90 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 ba 14 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 20 ba 14 00 64 48 83 3a
Sep 20 20:16:42 slick kscreenlocker_greet[53374]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 20 20:16:42 slick kscreenlocker_greet[53374]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 20 20:16:42 slick kscreenlocker_greet[53374]: no valid certificate which meets all requirements found
Sep 20 20:16:42 slick kscreenlocker_greet[53374]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Sep 20 20:16:42 slick kernel: QThread[53383]: segfault at fffffffffffffe80 ip 00007f545c4a436e sp 00007f544d3ff260 error 5 in libc.so.6[a436e,7f545c428000+16e000] likely on CPU 2 (core 4, socket 0)
Sep 20 20:16:42 slick kernel: Code: 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 90 90 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 ba 14 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 20 ba 14 00 64 48 83 3a
Sep 20 20:16:46 slick systemd[1]: dbus-:1.3-org.kde.powerdevil.backlighthelper@2.service: Deactivated successfully.
coredumpctl doesn’t show any new cores though.
I have the same issue after updating it to 20240919
The screen locker is broken and unlocking is not possible anymore. In order to unlock it, switch to a virtual terminal, log in to your account and execute the command
loginctl unlock-session 3
Then log out of the virtual session by pressing Ctrl+D, and switch back to the running session. Should you have forgotten the instructions, you can get back to this screen by pressing Ctrl+Alt+F2.
I don’t have NVIDIA though. Am using integrated graphics.
Can confirm I rollback to a previous version that I had, which is 20240917, I don’t have this issue though.
facing same with AMD 6900xt
1 Like
I’m also facing the same issue on proprietary early adopter (NFB?) NVIDIA drivers. It specifically occurs only on X11.
inxi -GSaz
System:
Kernel: 6.10.9-1-default arch: x86_64 bits: 64 compiler: gcc v: 14.2.0
clocksource: tsc avail: hpet,acpi_pm
parameters: BOOT_IMAGE=/boot/vmlinuz-6.10.9-1-default
root=UUID=dd274b2c-7420-497c-b1c7-8bf5ff7f80f8 splash=silent quiet
nvidia_drm.modeset=1 fbdev=1 security=apparmor mitigations=auto
rd.driver.blacklist=nouveau
Desktop: KDE Plasma v: 6.1.5 tk: Qt v: N/A info: frameworks v: 6.6.0
wm: kwin_x11 tools: avail: xscreensaver vt: 2 dm: SDDM Distro: openSUSE
Tumbleweed 20240919
Graphics:
Device-1: NVIDIA GA106 [GeForce RTX 3060 Lite Hash Rate] vendor: ASUSTeK
driver: nvidia v: 560.35.03 alternate: nouveau,nvidia_drm non-free: 550.xx+
status: current (as of 2024-09; EOL~2026-12-xx) arch: Ampere code: GAxxx
process: TSMC n7 (7nm) built: 2020-2023 pcie: gen: 4 speed: 16 GT/s
lanes: 16 ports: active: none off: DP-1 empty: DP-2,DP-3,HDMI-A-1
bus-ID: 13:00.0 chip-ID: 10de:2504 class-ID: 0300
Display: x11 server: X.Org v: 21.1.12 with: Xwayland v: 24.1.2
compositor: kwin_x11 driver: X: loaded: nvidia gpu: nvidia,nvidia-nvswitch
display-ID: :0 screens: 1
Screen-1: 0 s-res: 1920x1080 s-dpi: 81 s-size: 602x343mm (23.70x13.50")
s-diag: 693mm (27.28")
Monitor-1: DP-1 mapped: DP-0 note: disabled model: Dell G2722HS
serial: <filter> built: 2023 res: 1920x1080 dpi: 82 gamma: 1.2
size: 597x336mm (23.5x13.23") diag: 685mm (27") ratio: 16:9 modes:
max: 1920x1080 min: 640x480
API: EGL v: 1.5 hw: drv: nvidia platforms: device: 0 drv: nvidia device: 2
drv: swrast gbm: drv: nvidia surfaceless: drv: nvidia x11: drv: nvidia
inactive: wayland,device-1
API: OpenGL v: 4.6.0 compat-v: 4.5 vendor: nvidia mesa v: 560.35.03
glx-v: 1.4 direct-render: yes renderer: NVIDIA GeForce RTX 3060/PCIe/SSE2
memory: 11.72 GiB
API: Vulkan v: 1.3.290 layers: 10 device: 0 type: discrete-gpu
name: NVIDIA GeForce RTX 3060 driver: N/A device-ID: 10de:2504
surfaces: xcb,xlib
journalctl
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: we were already executed
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: QRhiGles2: Context is lost.
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: Graphics device lost, cleaning up scenegraph and releasing RHI
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: no valid certificate which meets all requirements found
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[71589]: PAM unable to dlopen(/usr/lib64/security/pam_fprintd.so): /usr/lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[71589]: PAM adding faulty module: /usr/lib64/security/pam_fprintd.so
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71589]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71589]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71589]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71589]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: we were already executed
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71589]: no valid certificate which meets all requirements found
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71589]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71687]: PAM unable to dlopen(/usr/lib64/security/pam_fprintd.so): /usr/lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71687]: PAM adding faulty module: /usr/lib64/security/pam_fprintd.so
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71687]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71687]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: we were already executed
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71687]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71687]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71687]: no valid certificate which meets all requirements found
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71687]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: PAM unable to dlopen(/usr/lib64/security/pam_fprintd.so): /usr/lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: PAM adding faulty module: /usr/lib64/security/pam_fprintd.so
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: we were already executed
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: no valid certificate which meets all requirements found
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
hui
September 21, 2024, 7:25pm
9
As can be seen in the bugreport, it is not related to any hardware like graphic card…
2 Likes
Doesn’t seem to be patched in 20240920 build.
So is there a way to perhaps sudo zypper dup
by excluding the pam update and then including it after an update is finished so that there’s a fix available for the next update?
Does this work?
sudo zypper al pam
DarkWav
September 22, 2024, 1:12am
12
Yes, your command is incomplete but you can lock the pam packages to upgrade everything else.
First, roll back to a working version with snapper.
Afterwards you can run:
sudo zypper addlock pam pam-config pam-32bit pam-devel pam-extra pam-manpages
to lock the pam packages. Then you should be able to zypper dup without nuking your lock screen.
To unlock the pam packages again once a patch is released, run:
sudo zypper removelock pam pam-config pam-32bit pam-devel pam-extra pam-manpages
1 Like
mrmazda
September 22, 2024, 2:10am
13
ENTPRESTIGIOUS:
sudo zypper al pam
If you only wish to lock pam, yes. OTOH, sudo zypper al pam* will lock all packages whose names begin with pam.
1 Like
oh damn I should’ve done that.
And I bet you use sudo zypper ll
to view the locked packages.
DarkWav
September 22, 2024, 11:13am
16
Exactly, that will show all locked packages.
By default, zypper will also list all locked packages when doing zypper dup from terminal.
1 Like
true, it showed up for me.
tnbp
September 23, 2024, 7:36am
18
Are the packages still available for download for people not using snapper?
@tnbp Hi, all packages in the repositories are available for installation, nothing requires snapper/snapshots to install. I don’t use snapper here on my Desktop system
There is a range of older packages available via the “History” repositories, but they are of a limited time period. https://download.opensuse.org/history/
1 Like