Version
7.2.8
Host OS Type
macOS
Host OS name + version
Fedora 43
Host Architecture
x86
Guest OS Type
all
Guest Architecture
x86
Guest OS name + version
Fedora 43
Component
Unspecified
What happened?
VBoxCreateUSBNode.sh missing from initramfs causes udev failures on Fedora 43 / VirtualBox 7.2.8 / systemd 258
Component: Packaging / udev rules / initramfs (Linux host)
Severity: Medium -- dmesg noise on every boot; USB passthrough device nodes not created during early boot
Observable Behavior
On every boot, dmesg contains repeated errors of the form:
(udev-worker)[NNN]: <device>: Failed to find and pin callout binary "/usr/lib/virtualbox/VBoxCreateUSBNode.sh": No such file or directory
(udev-worker)[NNN]: <device>: Failed to execute '/usr/lib/virtualbox/VBoxCreateUSBNode.sh 189 NNN NN', ignoring: No such file or directory
The errors appear at ~3-4 seconds into boot, for every USB device enumerated. The script exists on the real root filesystem (/usr/lib/virtualbox/VBoxCreateUSBNode.sh, mode 755, root:root, installed by the VirtualBox RPM). The errors are not caused by a missing file on the real root.
Analysis
Two issues appear to combine to produce the failure.
Issue 1: Rule Path
The udev rule is generated by /usr/lib/virtualbox/vboxdrv.sh setup during package installation and written to /etc/udev/rules.d/60-vboxdrv.rules. The generator function udev_write_usb() (lines 225-228 of vboxdrv.sh in 7.2.8) emits the rule referencing $INSTALLATION_DIR/VBoxCreateUSBNode.sh, which resolves to /usr/lib/virtualbox/VBoxCreateUSBNode.sh.
The RPM does not install a udev rules file -- the rule is generated at install/setup time only. vboxdrv.service's start action loads kernel modules but does not regenerate the rule.
Issue 2: Initramfs
The errors appear to occur during the initramfs boot phase, before switch_root to the real filesystem. dracut includes /etc/udev/rules.d/60-vboxdrv.rules in the initramfs (as it does all udev rules), but does not include /usr/lib/virtualbox/VBoxCreateUSBNode.sh. The script is therefore absent from the initramfs.
systemd-udev's pin_callout_binary() (src/basic/build-path.c) calls open(path, O_PATH|O_CLOEXEC) on the callout binary before executing it. If the script does not exist in the initramfs filesystem, this call would fail with ENOENT -- which matches the observed error.
Source code inspection of systemd 258 (src/basic/build-path.c, src/basic/path-util.c, src/udev/udev-spawn.c) shows pin_callout_binary() has no path allowlist or namespace restriction -- it is a plain open() call. This is consistent with the failure being a missing file rather than a permission or policy issue.
Additional Complication: vboxusers Group
Even after making the script available in the initramfs, it fails with exit code 1 because VBoxCreateUSBNode.sh calls chown root:vboxusers, and the vboxusers group does not appear to exist in the initramfs's minimal /etc/group.
Affected Versions
- VirtualBox 7.2.x -- Oracle upstream Fedora packaging, confirmed:
VirtualBox-7.2-7.2.8_173730_fedora40-1.x86_64 (Vendor: Oracle Corporation)
- Host OS: Fedora Linux 43 (Forty Three), kernel
6.19.11-200.fc43.x86_64, systemd-udev 258.7-1.fc43.x86_64
- Likely affects any Linux distribution using dracut for initramfs generation with VirtualBox installed, though this has not been tested on other distributions
Proposed Fix
If the above analysis is correct, the following packaging changes would address the issue:
-
Rule path -- update vboxdrv.sh to emit /usr/lib/udev/VBoxCreateUSBNode.sh instead of $INSTALLATION_DIR/VBoxCreateUSBNode.sh in udev_write_usb() (lines 225-228 in 7.2.8). /usr/lib/udev/ is the standard location for udev callout helpers.
-
Script location -- install VBoxCreateUSBNode.sh to /usr/lib/udev/VBoxCreateUSBNode.sh as a real file, not a symlink. A symlink appears insufficient: open() follows it and the target /usr/lib/virtualbox/VBoxCreateUSBNode.sh would still not be in the initramfs. The existing /usr/lib/virtualbox/VBoxCreateUSBNode.sh can remain for compatibility.
-
Initramfs -- packaging would need to ensure:
/usr/lib/udev/VBoxCreateUSBNode.sh is included in the initramfs- The
vboxusers group is present in the initramfs /etc/group
User-Applied Workaround (Verified on Fedora 43)
The following workaround resolved the issue on the reporter's system. It is not guaranteed to work in all configurations.
(1) copy the script to the udev callout path (not symlink):
cp /usr/lib/virtualbox/VBoxCreateUSBNode.sh /usr/lib/udev/VBoxCreateUSBNode.sh
chmod 755 /usr/lib/udev/VBoxCreateUSBNode.sh
(2) patch vboxdrv.sh to emit the correct path in generated rules:
sed -i 's|$INSTALLATION_DIR/VBoxCreateUSBNode.sh|/usr/lib/udev/VBoxCreateUSBNode.sh|g' /usr/lib/virtualbox/vboxdrv.sh
(3) regenerate the rule file:
/usr/lib/virtualbox/vboxdrv.sh setup
(4) tell dracut to include the script in the initramfs, and attempt to add the vboxusers group (note: it is unclear whether the groups+= line is honoured by dracut or whether the module in step 5 is solely responsible for the group -- both were present when the fix was verified):
cat > /etc/dracut.conf.d/vbox-udev.conf << 'EOF'
install_items+=" /usr/lib/udev/VBoxCreateUSBNode.sh "
groups+=" vboxusers "
EOF
(5) create a dracut module to add the vboxusers group to the initramfs:
mkdir -p /usr/lib/dracut/modules.d/99vboxusb
cat > /usr/lib/dracut/modules.d/99vboxusb/module-setup.sh << 'EOF'
#!/bin/bash
check() { return 0; }
depends() { return 0; }
install() {
local gid
gid=$(getent group vboxusers 2>/dev/null | cut -d: -f3)
[[ -n "$gid" ]] && echo "vboxusers:x:${gid}:" >> "${initdir}/etc/group"
}
EOF
chmod +x /usr/lib/dracut/modules.d/99vboxusb/module-setup.sh(6) rebuild the initramfs and reboot:
After reboot, dmesg | grep VBox showed only:
VBoxNetFlt: Successfully started.
VBoxNetAdp: Successfully started.
Workaround Caveats
- Steps 2 and 3 are overwritten on VirtualBox package update (which re-runs
vboxdrv.sh setup) and must be re-applied.
- Steps 4 and 5 persist across VirtualBox updates.
- Step 1 (the copied script) becomes stale if
VBoxCreateUSBNode.sh is updated by a package update and must also be refreshed.
References
How can we reproduce this?
see above
Did you upload all of your necessary log files, screenshots, etc.?
Version
7.2.8
Host OS Type
macOS
Host OS name + version
Fedora 43
Host Architecture
x86
Guest OS Type
all
Guest Architecture
x86
Guest OS name + version
Fedora 43
Component
Unspecified
What happened?
VBoxCreateUSBNode.sh missing from initramfs causes udev failures on Fedora 43 / VirtualBox 7.2.8 / systemd 258
Component: Packaging / udev rules / initramfs (Linux host)
Severity: Medium -- dmesg noise on every boot; USB passthrough device nodes not created during early boot
Observable Behavior
On every boot, dmesg contains repeated errors of the form:
The errors appear at ~3-4 seconds into boot, for every USB device enumerated. The script exists on the real root filesystem (
/usr/lib/virtualbox/VBoxCreateUSBNode.sh, mode 755, root:root, installed by the VirtualBox RPM). The errors are not caused by a missing file on the real root.Analysis
Two issues appear to combine to produce the failure.
Issue 1: Rule Path
The udev rule is generated by
/usr/lib/virtualbox/vboxdrv.sh setupduring package installation and written to/etc/udev/rules.d/60-vboxdrv.rules. The generator functionudev_write_usb()(lines 225-228 ofvboxdrv.shin 7.2.8) emits the rule referencing$INSTALLATION_DIR/VBoxCreateUSBNode.sh, which resolves to/usr/lib/virtualbox/VBoxCreateUSBNode.sh.The RPM does not install a udev rules file -- the rule is generated at install/setup time only.
vboxdrv.service's start action loads kernel modules but does not regenerate the rule.Issue 2: Initramfs
The errors appear to occur during the initramfs boot phase, before
switch_rootto the real filesystem. dracut includes/etc/udev/rules.d/60-vboxdrv.rulesin the initramfs (as it does all udev rules), but does not include/usr/lib/virtualbox/VBoxCreateUSBNode.sh. The script is therefore absent from the initramfs.systemd-udev's
pin_callout_binary()(src/basic/build-path.c) callsopen(path, O_PATH|O_CLOEXEC)on the callout binary before executing it. If the script does not exist in the initramfs filesystem, this call would fail with ENOENT -- which matches the observed error.Source code inspection of systemd 258 (
src/basic/build-path.c,src/basic/path-util.c,src/udev/udev-spawn.c) showspin_callout_binary()has no path allowlist or namespace restriction -- it is a plainopen()call. This is consistent with the failure being a missing file rather than a permission or policy issue.Additional Complication: vboxusers Group
Even after making the script available in the initramfs, it fails with exit code 1 because
VBoxCreateUSBNode.shcallschown root:vboxusers, and thevboxusersgroup does not appear to exist in the initramfs's minimal/etc/group.Affected Versions
VirtualBox-7.2-7.2.8_173730_fedora40-1.x86_64(Vendor: Oracle Corporation)6.19.11-200.fc43.x86_64,systemd-udev 258.7-1.fc43.x86_64Proposed Fix
If the above analysis is correct, the following packaging changes would address the issue:
Rule path -- update
vboxdrv.shto emit/usr/lib/udev/VBoxCreateUSBNode.shinstead of$INSTALLATION_DIR/VBoxCreateUSBNode.shinudev_write_usb()(lines 225-228 in 7.2.8)./usr/lib/udev/is the standard location for udev callout helpers.Script location -- install
VBoxCreateUSBNode.shto/usr/lib/udev/VBoxCreateUSBNode.shas a real file, not a symlink. A symlink appears insufficient:open()follows it and the target/usr/lib/virtualbox/VBoxCreateUSBNode.shwould still not be in the initramfs. The existing/usr/lib/virtualbox/VBoxCreateUSBNode.shcan remain for compatibility.Initramfs -- packaging would need to ensure:
/usr/lib/udev/VBoxCreateUSBNode.shis included in the initramfsvboxusersgroup is present in the initramfs/etc/groupUser-Applied Workaround (Verified on Fedora 43)
The following workaround resolved the issue on the reporter's system. It is not guaranteed to work in all configurations.
(1) copy the script to the udev callout path (not symlink):
(2) patch
vboxdrv.shto emit the correct path in generated rules:sed -i 's|$INSTALLATION_DIR/VBoxCreateUSBNode.sh|/usr/lib/udev/VBoxCreateUSBNode.sh|g' /usr/lib/virtualbox/vboxdrv.sh(3) regenerate the rule file:
(4) tell dracut to include the script in the initramfs, and attempt to add the
vboxusersgroup (note: it is unclear whether thegroups+=line is honoured by dracut or whether the module in step 5 is solely responsible for the group -- both were present when the fix was verified):(5) create a dracut module to add the
vboxusersgroup to the initramfs:(6) rebuild the initramfs and reboot:
After reboot,
dmesg | grep VBoxshowed only:Workaround Caveats
vboxdrv.sh setup) and must be re-applied.VBoxCreateUSBNode.shis updated by a package update and must also be refreshed.References
pin_callout_binarysource: https://github.com/systemd/systemd/blob/main/src/udev/udev-spawn.cHow can we reproduce this?
see above
Did you upload all of your necessary log files, screenshots, etc.?