Update snapshot 20240918 causing "screen locker is broken"problem

After updating to snapshot 20240918 I started getting this error when after locking the screen if I try to unlock it, the KDE screen locker crashes and displays this error on the black screen:

“Screen locker is broken and unlocking is not possible anymore.”

Followed by instructions how to unlock the session from the console with loginctl.

I think it can be caused by pam updates in snapshot 20240918, but I’m not sure: New Tumbleweed snapshot 20240918 released! - openSUSE Factory - openSUSE Mailing Lists

Doing a rollback to a btrfs snapshot prior to this update fixes the problem for me.

2 Likes

Found these lines in journalctl:

Sep 20 20:16:36 slick systemd[1]: Started dbus-:1.3-org.kde.powerdevil.backlighthelper@2.service.
Sep 20 20:16:38 slick kscreenlocker_greet[36628]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 20 20:16:38 slick kernel: QThread[36637]: segfault at fffffffffffffe80 ip 00007fb76b6a436e sp 00007fb74bdff260 error 5 in libc.so.6[a436e,7fb76b628000+16e000] likely on CPU 7 (core 12, socket 0)
Sep 20 20:16:38 slick kernel: Code: 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 90 90 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 ba 14 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 20 ba 14 00 64 48 83 3a
Sep 20 20:16:38 slick kscreenlocker_greet[36628]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 20 20:16:38 slick systemd[1]: Starting Fingerprint Authentication Daemon...
Sep 20 20:16:38 slick kscreenlocker_greet[36628]: no valid certificate which meets all requirements found
Sep 20 20:16:38 slick kscreenlocker_greet[36628]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Sep 20 20:16:38 slick systemd[1]: Started Fingerprint Authentication Daemon.
Sep 20 20:16:39 slick kscreenlocker_greet[53283]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 20 20:16:39 slick kscreenlocker_greet[53283]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 20 20:16:39 slick kscreenlocker_greet[53283]: no valid certificate which meets all requirements found
Sep 20 20:16:39 slick kscreenlocker_greet[53283]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Sep 20 20:16:39 slick kernel: QThread[53298]: segfault at fffffffffffffe80 ip 00007ff4d16a436e sp 00007ff4b29ff260 error 5 in libc.so.6[a436e,7ff4d1628000+16e000] likely on CPU 5 (core 8, socket 0)
Sep 20 20:16:39 slick kernel: Code: 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 90 90 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 ba 14 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 20 ba 14 00 64 48 83 3a
Sep 20 20:16:40 slick kscreenlocker_greet[53330]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 20 20:16:40 slick kscreenlocker_greet[53330]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 20 20:16:40 slick kscreenlocker_greet[53330]: no valid certificate which meets all requirements found
Sep 20 20:16:40 slick kscreenlocker_greet[53330]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Sep 20 20:16:40 slick kernel: QThread[53341]: segfault at fffffffffffffe80 ip 00007f5d962a436e sp 00007f5d773ff260 error 5 in libc.so.6[a436e,7f5d96228000+16e000] likely on CPU 5 (core 8, socket 0)
Sep 20 20:16:40 slick kernel: Code: 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 90 90 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 ba 14 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 20 ba 14 00 64 48 83 3a
Sep 20 20:16:42 slick kscreenlocker_greet[53374]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 20 20:16:42 slick kscreenlocker_greet[53374]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 20 20:16:42 slick kscreenlocker_greet[53374]: no valid certificate which meets all requirements found
Sep 20 20:16:42 slick kscreenlocker_greet[53374]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Sep 20 20:16:42 slick kernel: QThread[53383]: segfault at fffffffffffffe80 ip 00007f545c4a436e sp 00007f544d3ff260 error 5 in libc.so.6[a436e,7f545c428000+16e000] likely on CPU 2 (core 4, socket 0)
Sep 20 20:16:42 slick kernel: Code: 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 90 90 48 85 ff 0f 84 bb 00 00 00 55 48 8d 77 f0 53 48 83 ec 18 48 8b 1d 92 ba 14 00 <48> 8b 47 f8 64 8b 2b a8 02 75 57 48 8b 15 20 ba 14 00 64 48 83 3a
Sep 20 20:16:46 slick systemd[1]: dbus-:1.3-org.kde.powerdevil.backlighthelper@2.service: Deactivated successfully.

coredumpctl doesn’t show any new cores though.

Likely this bug.

1 Like

I have the same issue after updating it to 20240919

The screen locker is broken and unlocking is not possible anymore. In order to unlock it, switch to a virtual terminal, log in to your account and execute the command

loginctl unlock-session 3

Then log out of the virtual session by pressing Ctrl+D, and switch back to the running session. Should you have forgotten the instructions, you can get back to this screen by pressing Ctrl+Alt+F2.

I don’t have NVIDIA though. Am using integrated graphics.

Can confirm I rollback to a previous version that I had, which is 20240917, I don’t have this issue though.

facing same with AMD 6900xt :frowning:

1 Like

I’m also facing the same issue on proprietary early adopter (NFB?) NVIDIA drivers. It specifically occurs only on X11.

inxi -GSaz
System:
  Kernel: 6.10.9-1-default arch: x86_64 bits: 64 compiler: gcc v: 14.2.0
    clocksource: tsc avail: hpet,acpi_pm
    parameters: BOOT_IMAGE=/boot/vmlinuz-6.10.9-1-default
    root=UUID=dd274b2c-7420-497c-b1c7-8bf5ff7f80f8 splash=silent quiet
    nvidia_drm.modeset=1 fbdev=1 security=apparmor mitigations=auto
    rd.driver.blacklist=nouveau
  Desktop: KDE Plasma v: 6.1.5 tk: Qt v: N/A info: frameworks v: 6.6.0
    wm: kwin_x11 tools: avail: xscreensaver vt: 2 dm: SDDM Distro: openSUSE
    Tumbleweed 20240919
Graphics:
  Device-1: NVIDIA GA106 [GeForce RTX 3060 Lite Hash Rate] vendor: ASUSTeK
    driver: nvidia v: 560.35.03 alternate: nouveau,nvidia_drm non-free: 550.xx+
    status: current (as of 2024-09; EOL~2026-12-xx) arch: Ampere code: GAxxx
    process: TSMC n7 (7nm) built: 2020-2023 pcie: gen: 4 speed: 16 GT/s
    lanes: 16 ports: active: none off: DP-1 empty: DP-2,DP-3,HDMI-A-1
    bus-ID: 13:00.0 chip-ID: 10de:2504 class-ID: 0300
  Display: x11 server: X.Org v: 21.1.12 with: Xwayland v: 24.1.2
    compositor: kwin_x11 driver: X: loaded: nvidia gpu: nvidia,nvidia-nvswitch
    display-ID: :0 screens: 1
  Screen-1: 0 s-res: 1920x1080 s-dpi: 81 s-size: 602x343mm (23.70x13.50")
    s-diag: 693mm (27.28")
  Monitor-1: DP-1 mapped: DP-0 note: disabled model: Dell G2722HS
    serial: <filter> built: 2023 res: 1920x1080 dpi: 82 gamma: 1.2
    size: 597x336mm (23.5x13.23") diag: 685mm (27") ratio: 16:9 modes:
    max: 1920x1080 min: 640x480
  API: EGL v: 1.5 hw: drv: nvidia platforms: device: 0 drv: nvidia device: 2
    drv: swrast gbm: drv: nvidia surfaceless: drv: nvidia x11: drv: nvidia
    inactive: wayland,device-1
  API: OpenGL v: 4.6.0 compat-v: 4.5 vendor: nvidia mesa v: 560.35.03
    glx-v: 1.4 direct-render: yes renderer: NVIDIA GeForce RTX 3060/PCIe/SSE2
    memory: 11.72 GiB
  API: Vulkan v: 1.3.290 layers: 10 device: 0 type: discrete-gpu
    name: NVIDIA GeForce RTX 3060 driver: N/A device-ID: 10de:2504
    surfaces: xcb,xlib
journalctl
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: we were already executed
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: QRhiGles2: Context is lost.
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: Graphics device lost, cleaning up scenegraph and releasing RHI
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: no valid certificate which meets all requirements found
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[30315]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[71589]: PAM unable to dlopen(/usr/lib64/security/pam_fprintd.so): /usr/lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory
Sep 21 22:01:55 localhost.localdomain kscreenlocker_greet[71589]: PAM adding faulty module: /usr/lib64/security/pam_fprintd.so
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71589]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71589]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71589]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71589]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: we were already executed
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71589]: no valid certificate which meets all requirements found
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71589]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71687]: PAM unable to dlopen(/usr/lib64/security/pam_fprintd.so): /usr/lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory
Sep 21 22:01:57 localhost.localdomain kscreenlocker_greet[71687]: PAM adding faulty module: /usr/lib64/security/pam_fprintd.so
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71687]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71687]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: we were already executed
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71687]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71687]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71687]: no valid certificate which meets all requirements found
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71687]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: PAM unable to dlopen(/usr/lib64/security/pam_fprintd.so): /usr/lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: PAM adding faulty module: /usr/lib64/security/pam_fprintd.so
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: pam_kwallet5(kde:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: pam_kwallet5(kde:auth): pam_kwallet5: we were already executed
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: pam_sm_authenticate
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: pam_kwallet5(kde-fingerprint:auth): pam_kwallet5: we were already executed
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: no valid certificate which meets all requirements found
Sep 21 22:01:58 localhost.localdomain kscreenlocker_greet[71749]: pam_pkcs11(kde-smartcard:auth): no valid certificate which meets all requirements found

As can be seen in the bugreport, it is not related to any hardware like graphic card…

2 Likes

Doesn’t seem to be patched in 20240920 build.

So is there a way to perhaps sudo zypper dup by excluding the pam update and then including it after an update is finished so that there’s a fix available for the next update?

Does this work?

sudo zypper al pam

Yes, your command is incomplete but you can lock the pam packages to upgrade everything else.

First, roll back to a working version with snapper.
Afterwards you can run:

sudo zypper addlock pam pam-config pam-32bit pam-devel pam-extra pam-manpages

to lock the pam packages. Then you should be able to zypper dup without nuking your lock screen.

To unlock the pam packages again once a patch is released, run:

sudo zypper removelock pam pam-config pam-32bit pam-devel pam-extra pam-manpages
1 Like

If you only wish to lock pam, yes. OTOH, sudo zypper al pam* will lock all packages whose names begin with pam.

1 Like

oh damn I should’ve done that.

And I bet you use sudo zypper ll to view the locked packages.

Exactly, that will show all locked packages.
By default, zypper will also list all locked packages when doing zypper dup from terminal.

1 Like

true, it showed up for me.

Are the packages still available for download for people not using snapper?

@tnbp Hi, all packages in the repositories are available for installation, nothing requires snapper/snapshots to install. I don’t use snapper here on my Desktop system :wink:

There is a range of older packages available via the “History” repositories, but they are of a limited time period. https://download.opensuse.org/history/

1 Like

Super cool, thank you!!