Cannot mount USB devices in AppVM anymore

c1sc0 · April 10, 2024, 9:26am

So all of the sudden I cannot use USB devices in AppVMs anymore. When trying to mount them I will get an error:

“Device attach failed:”

And that’s it. There is no more information than that. The journal of dom0 does not tell me anything useful. The journal of the AppVM does also not have anything.

What I already tried is rebooting the system several times. Using other USB devices and different target vms to mount them to. Reinstalling sys-usb did also not resolve the error.

I am running Qubes 4.1.

Is there anything I could do to fix that issue?

apparatus · April 10, 2024, 11:01am

Can you check the dom0 logs to see if there is any useful info there?
Run this command in dom0 terminal:

journalctl -f -n0

Then try to attach the USB device and check the dom0 command output.

c1sc0 · April 10, 2024, 11:06am

-- Logs begin at Wed 2024-02-28 15:00:01 CET. --
Apr 10 13:05:09 dom0 qrexec-policy-daemon[5072]: warning: !compat-4.0 directive in file /etc/qubes/policy.d/35-compat.policy line 16 is transitional and will be deprecated
Apr 10 13:05:09 dom0 qrexec-policy-daemon[5072]: qrexec: qubes.USB+2-1.1: <targetvm> -> sys-usb: allowed to sys-usb

This is all it gives me.

apparatus · April 10, 2024, 11:11am

Can you run the same journalctl command in your sys-usb and in qube to which you’re trying to attach the USB device and then try to attach the device again and check the logs there?

apparatus · April 10, 2024, 11:16am

Do you get this error when you try to attach your USB device to the qube or you can attach the device successfully but when you try to mount the attached USB drive using e.g. mount /dev/sda1 /mnt it’ll fail with this error?

c1sc0 · April 10, 2024, 11:17am

Sure.

sys-usb:

Apr 10 13:12:33 sys-usb qrexec-agent[3157]: 2024-04-10 13:12:33.688 qrexec-agent[3157]: qrexec-agent-data.c:244:handle_new_process_common: executed: root:QUBESRPC qubes.USB+2-1.1 <targetvm> (pid 3159)
Apr 10 13:12:33 sys-usb qrexec-agent[3159]: PAM unable to dlopen(/usr/lib64/security/pam_sss.so): /usr/lib64/security/pam_sss.so: cannot open shared object file: No such file or directory
Apr 10 13:12:33 sys-usb qrexec-agent[3159]: PAM adding faulty module: /usr/lib64/security/pam_sss.so
Apr 10 13:12:33 sys-usb audit[3159]: USER_AUTH pid=3159 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_rootok acct="root" exe="/usr/lib/qubes/qrexec-agent" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 sys-usb audit[3159]: CRED_ACQ pid=3159 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/lib/qubes/qrexec-agent" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 sys-usb kernel: audit: type=1100 audit(1712747553.690:294): pid=3159 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_rootok acct="root" exe="/usr/lib/qubes/qrexec-agent" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 sys-usb kernel: audit: type=1103 audit(1712747553.690:295): pid=3159 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/lib/qubes/qrexec-agent" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 sys-usb systemd[1]: Created slice user-0.slice - User Slice of UID 0.
Apr 10 13:12:33 sys-usb systemd[1]: Starting user-runtime-dir@0.service - User Runtime Directory /run/user/0...
Apr 10 13:12:33 sys-usb systemd[1]: Finished user-runtime-dir@0.service - User Runtime Directory /run/user/0.
Apr 10 13:12:33 sys-usb audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 sys-usb systemd[1]: Starting user@0.service - User Manager for UID 0...
Apr 10 13:12:33 sys-usb kernel: audit: type=1130 audit(1712747553.711:296): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 sys-usb (systemd)[3161]: PAM unable to dlopen(/usr/lib64/security/pam_sss.so): /usr/lib64/security/pam_sss.so: cannot open shared object file: No such file or directory
Apr 10 13:12:33 sys-usb (systemd)[3161]: PAM adding faulty module: /usr/lib64/security/pam_sss.so
Apr 10 13:12:33 sys-usb audit[3161]: USER_ACCT pid=3161 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_unix acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 sys-usb kernel: audit: type=1101 audit(1712747553.714:297): pid=3161 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_unix acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 sys-usb kernel: audit: type=1103 audit(1712747553.714:298): pid=3161 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=? acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Apr 10 13:12:33 sys-usb kernel: audit: type=1006 audit(1712747553.714:299): pid=3161 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=5 res=1
Apr 10 13:12:33 sys-usb audit[3161]: CRED_ACQ pid=3161 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=? acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=1 success=yes exit=1 a0=8 a1=7fffe19bb340 a2=1 a3=0 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="(systemd)" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb kernel: audit: type=1300 audit(1712747553.714:299): arch=c000003e syscall=1 success=yes exit=1 a0=8 a1=7fffe19bb340 a2=1 a3=0 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="(systemd)" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb kernel: audit: type=1327 audit(1712747553.714:299): proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit[3161]: USER_START pid=3161 uid=0 auid=0 ses=5 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_systemd_home,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 sys-usb (systemd)[3161]: pam_unix(systemd-user:session): session opened for user root(uid=0) by (uid=0)
Apr 10 13:12:33 sys-usb kernel: audit: type=1105 audit(1712747553.716:300): pid=3161 uid=0 auid=0 ses=5 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_systemd_home,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 sys-usb audit: BPF prog-id=92 op=LOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=321 success=yes exit=8 a0=5 a1=7ffd63e3fb90 a2=90 a3=0 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=92 op=UNLOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=3 success=yes exit=0 a0=8 a1=7ffd63e3fc70 a2=90 a3=200000008 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=93 op=LOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=321 success=yes exit=8 a0=5 a1=7ffd63e3fc30 a2=90 a3=0 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=93 op=UNLOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=3 success=yes exit=0 a0=8 a1=7ffd63e3fc30 a2=0 a3=0 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=94 op=LOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=321 success=yes exit=8 a0=5 a1=7ffd63e3e9c0 a2=74 a3=2 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=94 op=UNLOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=3 success=yes exit=0 a0=8 a1=7ffd63e3e9c0 a2=74 a3=2 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=95 op=LOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=321 success=yes exit=8 a0=5 a1=7ffd63e3eb30 a2=80 a3=7ffd63e3ec20 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=95 op=UNLOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=3 success=yes exit=0 a0=8 a1=7ffd63e3eb30 a2=0 a3=7ffd63e3ec20 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=96 op=LOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=321 success=yes exit=8 a0=5 a1=7ffd63e3f9b0 a2=80 a3=2 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=96 op=UNLOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=3 success=yes exit=0 a0=8 a1=7ffd63e3f9b0 a2=0 a3=2 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb kernel: audit: type=1334 audit(1712747553.724:301): prog-id=92 op=LOAD
Apr 10 13:12:33 sys-usb audit: BPF prog-id=97 op=LOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=321 success=yes exit=9 a0=5 a1=7ffd63e3f730 a2=40 a3=0 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=97 op=UNLOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=3 success=yes exit=0 a0=9 a1=7ffd63e3f730 a2=40 a3=0 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=98 op=LOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=321 success=yes exit=11 a0=5 a1=7ffd63e3f070 a2=80 a3=4b items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=99 op=LOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=321 success=yes exit=12 a0=5 a1=7ffd63e3f070 a2=80 a3=4b items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=98 op=UNLOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=3 success=yes exit=0 a0=b a1=9 a2=58485ffb6960 a3=0 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=99 op=UNLOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=3 success=yes exit=0 a0=c a1=58485ffaf010 a2=1 a3=0 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=100 op=LOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=321 success=yes exit=8 a0=5 a1=7ffd63e3eb30 a2=80 a3=2 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=100 op=UNLOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=3 success=yes exit=0 a0=8 a1=7ffd63e3eb30 a2=0 a3=2 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=101 op=LOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=321 success=yes exit=8 a0=5 a1=7ffd63e3f960 a2=80 a3=2 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=101 op=UNLOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=3 success=yes exit=0 a0=8 a1=7ffd63e3f960 a2=0 a3=2 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=102 op=LOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=321 success=yes exit=11 a0=5 a1=7ffd63e3f6f0 a2=80 a3=5 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=102 op=UNLOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=3 success=yes exit=0 a0=b a1=7ffd63e3f6f0 a2=0 a3=5 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=103 op=LOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=321 success=yes exit=11 a0=5 a1=7ffd63e3eee0 a2=80 a3=2 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=103 op=UNLOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=3 success=yes exit=0 a0=b a1=7ffd63e3eee0 a2=0 a3=2 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=104 op=LOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=321 success=yes exit=11 a0=5 a1=7ffd63e3f020 a2=80 a3=13 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=105 op=LOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=321 success=yes exit=13 a0=5 a1=7ffd63e3ef20 a2=80 a3=2 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=105 op=UNLOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=3 success=yes exit=0 a0=d a1=7ffd63e3ef50 a2=0 a3=0 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=106 op=LOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=321 success=yes exit=12 a0=5 a1=7ffd63e3f020 a2=80 a3=13 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=104 op=UNLOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=3 success=yes exit=0 a0=b a1=9 a2=58485ffb7ee0 a3=0 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb audit: BPF prog-id=106 op=UNLOAD
Apr 10 13:12:33 sys-usb audit[3161]: SYSCALL arch=c000003e syscall=3 success=yes exit=0 a0=c a1=58485ffaf010 a2=3 a3=0 items=0 ppid=1 pid=3161 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 sys-usb audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 sys-usb systemd[3161]: Queued start job for default target default.target.
Apr 10 13:12:33 sys-usb systemd[3161]: Created slice app.slice - User Application Slice.
Apr 10 13:12:33 sys-usb systemd[3161]: grub-boot-success.timer - Mark boot as successful after the user session has run 2 minutes was skipped because of an unmet condition check (ConditionUser=!@system).
Apr 10 13:12:33 sys-usb systemd[3161]: Started systemd-tmpfiles-clean.timer - Daily Cleanup of User's Temporary Directories.
Apr 10 13:12:33 sys-usb systemd[3161]: Reached target paths.target - Paths.
Apr 10 13:12:33 sys-usb systemd[3161]: Reached target timers.target - Timers.
Apr 10 13:12:33 sys-usb systemd[3161]: Starting dbus.socket - D-Bus User Message Bus Socket...
Apr 10 13:12:33 sys-usb systemd[3161]: pulseaudio.socket - Sound System was skipped because of an unmet condition check (ConditionPathExists=/var/run/qubes-service/pulseaudio-vanilla-broken).
Apr 10 13:12:33 sys-usb systemd[3161]: Starting systemd-tmpfiles-setup.service - Create User's Volatile Files and Directories...
Apr 10 13:12:33 sys-usb systemd[3161]: Finished systemd-tmpfiles-setup.service - Create User's Volatile Files and Directories.
Apr 10 13:12:33 sys-usb systemd[3161]: Listening on dbus.socket - D-Bus User Message Bus Socket.
Apr 10 13:12:33 sys-usb systemd[3161]: Reached target sockets.target - Sockets.
Apr 10 13:12:33 sys-usb systemd[3161]: Reached target basic.target - Basic System.
Apr 10 13:12:33 sys-usb systemd[3161]: Reached target default.target - Main User Target.
Apr 10 13:12:33 sys-usb systemd[3161]: Startup finished in 138ms.
Apr 10 13:12:33 sys-usb systemd[1]: Started user@0.service - User Manager for UID 0.
Apr 10 13:12:33 sys-usb audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 sys-usb systemd[1]: Started session-c7.scope - Session c7 of User root.
Apr 10 13:12:33 sys-usb qrexec-agent[3159]: pam_unix(qrexec:session): session opened for user root(uid=0) by (uid=0)
Apr 10 13:12:33 sys-usb audit[3159]: USER_START pid=3159 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="root" exe="/usr/lib/qubes/qrexec-agent" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 sys-usb qubes.USB+2-1.1-<targetvm>[3201]: Invalid bus path /sys/bus/usb/devices/2-1.1
Apr 10 13:12:33 sys-usb qrexec-agent[3159]: pam_unix(qrexec:session): session closed for user root
Apr 10 13:12:33 sys-usb audit[3159]: USER_END pid=3159 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="root" exe="/usr/lib/qubes/qrexec-agent" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 sys-usb audit[3159]: CRED_DISP pid=3159 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/lib/qubes/qrexec-agent" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 sys-usb qrexec-agent[3157]: 2024-04-10 13:12:33.919 qrexec-agent[3157]: qrexec-agent-data.c:272:handle_new_process_common: pid 3159 exited with 1
Apr 10 13:12:33 sys-usb systemd[1]: session-c7.scope: Deactivated successfully.
Apr 10 13:12:43 sys-usb systemd[1]: Stopping user@0.service - User Manager for UID 0...
Apr 10 13:12:43 sys-usb systemd[3161]: Activating special unit exit.target...
Apr 10 13:12:43 sys-usb systemd[3161]: Stopped target default.target - Main User Target.
Apr 10 13:12:43 sys-usb systemd[3161]: Stopped target basic.target - Basic System.
Apr 10 13:12:43 sys-usb systemd[3161]: Stopped target paths.target - Paths.
Apr 10 13:12:43 sys-usb systemd[3161]: Stopped target sockets.target - Sockets.
Apr 10 13:12:43 sys-usb systemd[3161]: Stopped target timers.target - Timers.
Apr 10 13:12:43 sys-usb systemd[3161]: Stopped systemd-tmpfiles-clean.timer - Daily Cleanup of User's Temporary Directories.
Apr 10 13:12:43 sys-usb systemd[3161]: Closed dbus.socket - D-Bus User Message Bus Socket.
Apr 10 13:12:43 sys-usb systemd[3161]: Stopped systemd-tmpfiles-setup.service - Create User's Volatile Files and Directories.
Apr 10 13:12:43 sys-usb systemd[3161]: Removed slice app.slice - User Application Slice.
Apr 10 13:12:43 sys-usb systemd[3161]: Reached target shutdown.target - Shutdown.
Apr 10 13:12:43 sys-usb systemd[3161]: Finished systemd-exit.service - Exit the Session.
Apr 10 13:12:43 sys-usb systemd[3161]: Reached target exit.target - Exit the Session.
Apr 10 13:12:43 sys-usb systemd[1]: user@0.service: Deactivated successfully.
Apr 10 13:12:43 sys-usb systemd[1]: Stopped user@0.service - User Manager for UID 0.
Apr 10 13:12:43 sys-usb audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:43 sys-usb kernel: kauditd_printk_skb: 93 callbacks suppressed
Apr 10 13:12:43 sys-usb kernel: audit: type=1131 audit(1712747563.972:335): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:43 sys-usb systemd[1]: Stopping user-runtime-dir@0.service - User Runtime Directory /run/user/0...
Apr 10 13:12:43 sys-usb systemd[1]: run-user-0.mount: Deactivated successfully.
Apr 10 13:12:43 sys-usb systemd[1]: user-runtime-dir@0.service: Deactivated successfully.
Apr 10 13:12:43 sys-usb systemd[1]: Stopped user-runtime-dir@0.service - User Runtime Directory /run/user/0.
Apr 10 13:12:43 sys-usb audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:43 sys-usb systemd[1]: Removed slice user-0.slice - User Slice of UID 0.
Apr 10 13:12:43 sys-usb kernel: audit: type=1131 audit(1712747563.988:336): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

:

Apr 10 13:12:33 <targetvm> qrexec-agent[2205]: 2024-04-10 13:12:33.460 qrexec-agent[2205]: qrexec-agent-data.c:244:handle_new_process_common: executed: root:QUBESRPC qubes.USBAttach dom0 (pid 2207)
Apr 10 13:12:33 <targetvm> qrexec-agent[2207]: PAM unable to dlopen(/usr/lib64/security/pam_sss.so): /usr/lib64/security/pam_sss.so: cannot open shared object file: No such file or directory
Apr 10 13:12:33 <targetvm> qrexec-agent[2207]: PAM adding faulty module: /usr/lib64/security/pam_sss.so
Apr 10 13:12:33 <targetvm> audit[2207]: USER_AUTH pid=2207 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_rootok acct="root" exe="/usr/lib/qubes/qrexec-agent" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 <targetvm> audit[2207]: CRED_ACQ pid=2207 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/lib/qubes/qrexec-agent" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 <targetvm> kernel: audit: type=1100 audit(1712747553.463:340): pid=2207 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_rootok acct="root" exe="/usr/lib/qubes/qrexec-agent" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 <targetvm> kernel: audit: type=1103 audit(1712747553.463:341): pid=2207 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/lib/qubes/qrexec-agent" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 <targetvm> systemd[1]: Created slice user-0.slice - User Slice of UID 0.
Apr 10 13:12:33 <targetvm> systemd[1]: Starting user-runtime-dir@0.service - User Runtime Directory /run/user/0...
Apr 10 13:12:33 <targetvm> systemd[1]: Finished user-runtime-dir@0.service - User Runtime Directory /run/user/0.
Apr 10 13:12:33 <targetvm> audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 <targetvm> kernel: audit: type=1130 audit(1712747553.479:342): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 <targetvm> systemd[1]: Starting user@0.service - User Manager for UID 0...
Apr 10 13:12:33 <targetvm> (systemd)[2209]: PAM unable to dlopen(/usr/lib64/security/pam_sss.so): /usr/lib64/security/pam_sss.so: cannot open shared object file: No such file or directory
Apr 10 13:12:33 <targetvm> (systemd)[2209]: PAM adding faulty module: /usr/lib64/security/pam_sss.so
Apr 10 13:12:33 <targetvm> audit[2209]: USER_ACCT pid=2209 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_unix acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 <targetvm> audit[2209]: CRED_ACQ pid=2209 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=? acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=1 success=yes exit=1 a0=8 a1=7ffcdf92c480 a2=1 a3=0 items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="(systemd)" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> kernel: audit: type=1101 audit(1712747553.482:343): pid=2209 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_unix acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 <targetvm> kernel: audit: type=1103 audit(1712747553.482:344): pid=2209 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=? acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Apr 10 13:12:33 <targetvm> kernel: audit: type=1006 audit(1712747553.482:345): pid=2209 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=6 res=1
Apr 10 13:12:33 <targetvm> kernel: audit: type=1300 audit(1712747553.482:345): arch=c000003e syscall=1 success=yes exit=1 a0=8 a1=7ffcdf92c480 a2=1 a3=0 items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="(systemd)" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> kernel: audit: type=1327 audit(1712747553.482:345): proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit[2209]: USER_START pid=2209 uid=0 auid=0 ses=6 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_systemd_home,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 <targetvm> (systemd)[2209]: pam_unix(systemd-user:session): session opened for user root(uid=0) by (uid=0)
Apr 10 13:12:33 <targetvm> kernel: audit: type=1105 audit(1712747553.483:346): pid=2209 uid=0 auid=0 ses=6 msg='op=PAM:session_open grantors=pam_selinux,pam_selinux,pam_loginuid,pam_keyinit,pam_namespace,pam_systemd_home,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=119 op=LOAD
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=321 success=yes exit=8 a0=5 a1=7ffe7f47a6f0 a2=90 a3=0 items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=119 op=UNLOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=120 op=LOAD
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=321 success=yes exit=8 a0=5 a1=7ffe7f47a790 a2=90 a3=0 items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=120 op=UNLOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=121 op=LOAD
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=321 success=yes exit=8 a0=5 a1=7ffe7f479520 a2=74 a3=2 items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=121 op=UNLOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=122 op=LOAD
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=321 success=yes exit=8 a0=5 a1=7ffe7f479690 a2=80 a3=7ffe7f479780 items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=122 op=UNLOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=123 op=LOAD
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=321 success=yes exit=8 a0=5 a1=7ffe7f47a510 a2=80 a3=2 items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=123 op=UNLOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=124 op=LOAD
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=321 success=yes exit=9 a0=5 a1=7ffe7f47a290 a2=40 a3=0 items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=124 op=UNLOAD
Apr 10 13:12:33 <targetvm> kernel: audit: type=1334 audit(1712747553.486:347): prog-id=119 op=LOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=125 op=LOAD
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=321 success=yes exit=11 a0=5 a1=7ffe7f479bd0 a2=80 a3=4b items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=126 op=LOAD
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=321 success=yes exit=12 a0=5 a1=7ffe7f479bd0 a2=80 a3=4b items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=125 op=UNLOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=126 op=UNLOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=127 op=LOAD
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=321 success=yes exit=8 a0=5 a1=7ffe7f479690 a2=80 a3=2 items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=127 op=UNLOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=128 op=LOAD
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=321 success=yes exit=8 a0=5 a1=7ffe7f47a4c0 a2=80 a3=2 items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=128 op=UNLOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=129 op=LOAD
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=321 success=yes exit=11 a0=5 a1=7ffe7f47a250 a2=80 a3=5 items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=129 op=UNLOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=130 op=LOAD
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=321 success=yes exit=11 a0=5 a1=7ffe7f479a40 a2=80 a3=2 items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=130 op=UNLOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=131 op=LOAD
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=321 success=yes exit=11 a0=5 a1=7ffe7f479b80 a2=80 a3=13 items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=132 op=LOAD
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=321 success=yes exit=13 a0=5 a1=7ffe7f479a80 a2=80 a3=2 items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=132 op=UNLOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=133 op=LOAD
Apr 10 13:12:33 <targetvm> audit[2209]: SYSCALL arch=c000003e syscall=321 success=yes exit=12 a0=5 a1=7ffe7f479b80 a2=80 a3=13 items=0 ppid=1 pid=2209 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=6 comm="systemd" exe="/usr/lib/systemd/systemd" key=(null)
Apr 10 13:12:33 <targetvm> audit: PROCTITLE proctitle="(systemd)"
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=131 op=UNLOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=133 op=UNLOAD
Apr 10 13:12:33 <targetvm> systemd[2209]: Queued start job for default target default.target.
Apr 10 13:12:33 <targetvm> systemd[2209]: Created slice app.slice - User Application Slice.
Apr 10 13:12:33 <targetvm> systemd[2209]: grub-boot-success.timer - Mark boot as successful after the user session has run 2 minutes was skipped because of an unmet condition check (ConditionUser=!@system).
Apr 10 13:12:33 <targetvm> systemd[2209]: Started systemd-tmpfiles-clean.timer - Daily Cleanup of User's Temporary Directories.
Apr 10 13:12:33 <targetvm> systemd[2209]: Reached target paths.target - Paths.
Apr 10 13:12:33 <targetvm> systemd[2209]: Reached target timers.target - Timers.
Apr 10 13:12:33 <targetvm> systemd[2209]: Starting dbus.socket - D-Bus User Message Bus Socket...
Apr 10 13:12:33 <targetvm> systemd[2209]: pulseaudio.socket - Sound System was skipped because of an unmet condition check (ConditionPathExists=/var/run/qubes-service/pulseaudio-vanilla-broken).
Apr 10 13:12:33 <targetvm> systemd[2209]: Starting systemd-tmpfiles-setup.service - Create User's Volatile Files and Directories...
Apr 10 13:12:33 <targetvm> systemd[2209]: Finished systemd-tmpfiles-setup.service - Create User's Volatile Files and Directories.
Apr 10 13:12:33 <targetvm> systemd[2209]: Listening on dbus.socket - D-Bus User Message Bus Socket.
Apr 10 13:12:33 <targetvm> systemd[2209]: Reached target sockets.target - Sockets.
Apr 10 13:12:33 <targetvm> systemd[2209]: Reached target basic.target - Basic System.
Apr 10 13:12:33 <targetvm> systemd[2209]: Reached target default.target - Main User Target.
Apr 10 13:12:33 <targetvm> systemd[2209]: Startup finished in 76ms.
Apr 10 13:12:33 <targetvm> systemd[1]: Started user@0.service - User Manager for UID 0.
Apr 10 13:12:33 <targetvm> audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 <targetvm> systemd[1]: Started session-c8.scope - Session c8 of User root.
Apr 10 13:12:33 <targetvm> qrexec-agent[2207]: pam_unix(qrexec:session): session opened for user root(uid=0) by (uid=0)
Apr 10 13:12:33 <targetvm> audit[2207]: USER_START pid=2207 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="root" exe="/usr/lib/qubes/qrexec-agent" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=134 op=LOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=135 op=LOAD
Apr 10 13:12:33 <targetvm> audit: BPF prog-id=136 op=LOAD
Apr 10 13:12:33 <targetvm> systemd[1]: Starting systemd-hostnamed.service - Hostname Service...
Apr 10 13:12:33 <targetvm> systemd[1]: Started systemd-hostnamed.service - Hostname Service.
Apr 10 13:12:33 <targetvm> audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 <targetvm> qrexec-agent[2207]: pam_unix(qrexec:session): session closed for user root
Apr 10 13:12:33 <targetvm> audit[2207]: USER_END pid=2207 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_lastlog acct="root" exe="/usr/lib/qubes/qrexec-agent" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 <targetvm> audit[2207]: CRED_DISP pid=2207 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_rootok acct="root" exe="/usr/lib/qubes/qrexec-agent" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:33 <targetvm> qrexec-agent[2205]: 2024-04-10 13:12:33.960 qrexec-agent[2205]: qrexec-agent-data.c:272:handle_new_process_common: pid 2207 exited with 1
Apr 10 13:12:33 <targetvm> systemd[1]: session-c8.scope: Deactivated successfully.
Apr 10 13:12:44 <targetvm> systemd[1]: Stopping user@0.service - User Manager for UID 0...
Apr 10 13:12:44 <targetvm> systemd[2209]: Activating special unit exit.target...
Apr 10 13:12:44 <targetvm> systemd[2209]: Stopped target default.target - Main User Target.
Apr 10 13:12:44 <targetvm> systemd[2209]: Stopped target basic.target - Basic System.
Apr 10 13:12:44 <targetvm> systemd[2209]: Stopped target paths.target - Paths.
Apr 10 13:12:44 <targetvm> systemd[2209]: Stopped target sockets.target - Sockets.
Apr 10 13:12:44 <targetvm> systemd[2209]: Stopped target timers.target - Timers.
Apr 10 13:12:44 <targetvm> systemd[2209]: Stopped systemd-tmpfiles-clean.timer - Daily Cleanup of User's Temporary Directories.
Apr 10 13:12:44 <targetvm> systemd[2209]: Closed dbus.socket - D-Bus User Message Bus Socket.
Apr 10 13:12:44 <targetvm> systemd[2209]: Stopped systemd-tmpfiles-setup.service - Create User's Volatile Files and Directories.
Apr 10 13:12:44 <targetvm> systemd[2209]: Removed slice app.slice - User Application Slice.
Apr 10 13:12:44 <targetvm> systemd[2209]: Reached target shutdown.target - Shutdown.
Apr 10 13:12:44 <targetvm> systemd[2209]: Finished systemd-exit.service - Exit the Session.
Apr 10 13:12:44 <targetvm> systemd[2209]: Reached target exit.target - Exit the Session.
Apr 10 13:12:44 <targetvm> systemd[1]: user@0.service: Deactivated successfully.
Apr 10 13:12:44 <targetvm> systemd[1]: Stopped user@0.service - User Manager for UID 0.
Apr 10 13:12:44 <targetvm> audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:44 <targetvm> kernel: kauditd_printk_skb: 67 callbacks suppressed
Apr 10 13:12:44 <targetvm> kernel: audit: type=1131 audit(1712747564.093:385): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:44 <targetvm> systemd[1]: Stopping user-runtime-dir@0.service - User Runtime Directory /run/user/0...
Apr 10 13:12:44 <targetvm> systemd[1]: run-user-0.mount: Deactivated successfully.
Apr 10 13:12:44 <targetvm> systemd[1]: user-runtime-dir@0.service: Deactivated successfully.
Apr 10 13:12:44 <targetvm> systemd[1]: Stopped user-runtime-dir@0.service - User Runtime Directory /run/user/0.
Apr 10 13:12:44 <targetvm> audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:12:44 <targetvm> systemd[1]: Removed slice user-0.slice - User Slice of UID 0.
Apr 10 13:12:44 <targetvm> kernel: audit: type=1131 audit(1712747564.111:386): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=user-runtime-dir@0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

c1sc0 · April 10, 2024, 11:19am

To be more specific I am trying to connect a usb dongle for a headset to an appvm and the connection already yields the error. Also trying to connect a Yubikey as well as an external USB Webcam will also trigger the same error.

apparatus · April 10, 2024, 11:21am

Can you try it again, but using sudo?

sudo journalctl -f -n0

c1sc0 · April 10, 2024, 11:21am

All journalctl commands in all vms I did use sudo for.

apparatus · April 10, 2024, 11:24am

Then can you run the journalctl in sys-usb and remove and plug back in again the USB device?

c1sc0 · April 10, 2024, 11:25am

sure:

<remove>

Apr 10 13:24:37 sys-usb kernel: usb 2-1: USB disconnect, device number 15
Apr 10 13:24:37 sys-usb kernel: usb 2-1.1: USB disconnect, device number 16
Apr 10 13:24:37 sys-usb systemd[1]: Stopping qubes-input-sender-keyboard@event6.service - Qubes input proxy sender (keyboard)...
Apr 10 13:24:37 sys-usb systemd[1]: qubes-input-sender-keyboard@event6.service: Deactivated successfully.
Apr 10 13:24:37 sys-usb systemd[1]: Stopped qubes-input-sender-keyboard@event6.service - Qubes input proxy sender (keyboard).
Apr 10 13:24:37 sys-usb audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=qubes-input-sender-keyboard@event6 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:24:37 sys-usb kernel: audit: type=1131 audit(1712748277.429:496): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=qubes-input-sender-keyboard@event6 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

<plugin again>

Apr 10 13:24:42 sys-usb kernel: usb 2-1: new full-speed USB device number 21 using xhci_hcd
Apr 10 13:24:42 sys-usb kernel: usb 2-1: New USB device found, idVendor=0a12, idProduct=4010, bcdDevice=16.80
Apr 10 13:24:42 sys-usb kernel: usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
Apr 10 13:24:42 sys-usb kernel: hub 2-1:1.0: USB hub found
Apr 10 13:24:42 sys-usb kernel: hub 2-1:1.0: 4 ports detected
Apr 10 13:24:42 sys-usb kernel: usb 2-1.1: new full-speed USB device number 22 using xhci_hcd
Apr 10 13:24:42 sys-usb kernel: usb 2-1.1: New USB device found, idVendor=0b0e, idProduct=24c8, bcdDevice= 1.16
Apr 10 13:24:42 sys-usb kernel: usb 2-1.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
Apr 10 13:24:42 sys-usb kernel: usb 2-1.1: Product: Jabra Link 380
Apr 10 13:24:42 sys-usb kernel: usb 2-1.1: SerialNumber: 50C275FBACF3
Apr 10 13:24:43 sys-usb kernel: input: Jabra Link 380 as /devices/pci0000:00/0000:00:07.0/usb2/2-1/2-1.1/2-1.1:1.3/0003:0B0E:24C8.000C/input/input18
Apr 10 13:24:43 sys-usb kernel: jabra 0003:0B0E:24C8.000C: input,hiddev96,hidraw1: USB HID v1.11 Device [Jabra Link 380] on usb-0000:00:07.0-1.1/input3
Apr 10 13:24:43 sys-usb mtp-probe[3659]: checking bus 2, device 22: "/sys/devices/pci0000:00/0000:00:07.0/usb2/2-1/2-1.1"
Apr 10 13:24:43 sys-usb mtp-probe[3659]: bus: 2, device: 22 was not an MTP device
Apr 10 13:24:43 sys-usb systemd[1]: Started qubes-input-sender-keyboard@event6.service - Qubes input proxy sender (keyboard).
Apr 10 13:24:43 sys-usb audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=qubes-input-sender-keyboard@event6 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:24:43 sys-usb kernel: audit: type=1130 audit(1712748283.387:497): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=qubes-input-sender-keyboard@event6 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 10 13:24:43 sys-usb mtp-probe[3708]: checking bus 2, device 22: "/sys/devices/pci0000:00/0000:00:07.0/usb2/2-1/2-1.1"
Apr 10 13:24:43 sys-usb mtp-probe[3708]: bus: 2, device: 22 was not an MTP device
Apr 10 13:24:43 sys-usb pulseaudio[1029]: Disabling timer-based scheduling because running inside a VM.
Apr 10 13:24:43 sys-usb rtkit-daemon[1036]: Successfully made thread 3710 of process 1029 (/usr/bin/pulseaudio) owned by '1000' RT at priority 5.
Apr 10 13:24:43 sys-usb pulseaudio[1029]: Disabling timer-based scheduling because running inside a VM.
Apr 10 13:24:43 sys-usb rtkit-daemon[1036]: Successfully made thread 3712 of process 1029 (/usr/bin/pulseaudio) owned by '1000' RT at priority 5.

apparatus · April 10, 2024, 11:32am

Can you post the full “Device attach failed” message?
Maybe there will be some relevant info.

c1sc0 · April 10, 2024, 11:33am

There is no additional information:

[user@dom0 ~]$ qvm-usb attach <targetvm> sys-usb:2-1.1 -v
Device attach failed: 
[user@dom0 ~]$

That is all I get.

c1sc0 · April 10, 2024, 11:36am

Additional information. The only two devices which I am able to connect to an appVM are: sys-usb:2-10 and sys-usb:2-6. What throws me off is that they don’t end in “.X” as the others.

[user@dom0 ~]$ qvm-usb
BACKEND:DEVID  DESCRIPTION                                         USED BY
sys-usb:2-1.1  0b0e_Jabra_Link_380_50C275FBACF3                    
sys-usb:2-10   8087_0026                                           
sys-usb:2-3.2  Yubico_YubiKey_OTP+FIDO+CCID                        
sys-usb:2-4.3  046d_081b_4047F880                                  
sys-usb:2-4.5  VIA_Labs__Inc._PD3.0_USB-C_Device_0000000000000001  
sys-usb:2-6    SunplusIT_Inc_FHD_Webcam_01.00.00                   
sys-usb:3-1.1  Norelsys_NS1081_0123456789ABCDE                     
sys-usb:3-1.4  ASIX_AX88179A_00000000000001                        
sys-usb:3-4.1  Generic_USB3.0-CRW_20120501030900000                
[user@dom0 ~]$

apparatus · April 10, 2024, 11:40am

The devices with a dot are the ones connected using USB hub. At least it’s like this for my hub. Maybe it’s something like composite USB device and not a hub specifically.
Maybe your hub is faulty?

c1sc0 · April 10, 2024, 11:42am

This would then be my internal usb controller (hub), because the dongle is inserted on one of the notebooks usb-a interfaces. Also I did connect it to my usb-c hub (that is connected to a usb-c interface of the notebook). That did also not work.

DVM · April 10, 2024, 11:43am

Someone posted about this 10 minutes ago:

github.com/QubesOS/qubes-issues

Attaching some USB devices to qubes fails

opened 11:30AM - 10 Apr 24 UTC

swamba

T: bug P: default

[How to file a helpful issue](https://www.qubes-os.org/doc/issue-tracking/) #…## Qubes OS release 4.1.2 ### Brief summary After upgrading qubes-usb-proxy to version 1.2.0-1 then some USB devices fail to attach. In my experience then if the USB id is of the form 1-1.4.0.1 (or similar) then it fails, if it is of the form 3-2 then it succeeds. ### Steps to reproduce Attach a USB device that gets a USB id of form x-y.z.i.k and try to attach it to a qube. ### Expected behavior The device is attached to a specific qube ### Actual behavior An error pops up saying "Attaching device xxxx to $qube failed. Error: QubesExceptio - Device attached failed" I traced this down to a failed regex in file usb-export (qubes-app-linux-usb-proxy repo) on line 89 if ! [[ "$busid" =~ ^[0-9]+-[0-9]+$ ]]; then This handles USB ids x-y and x-y.z.i.k differently.

There is already a pull request for it.

c1sc0 · April 10, 2024, 11:45am

That has to be the solution or at least the same bug. Looks apparently exactly like the bug I have. Thanks for referencing.

c1sc0 · April 10, 2024, 11:49am

I can confirm that commenting the lines mentioned in the pull request behind the issue mentioned above resolves the problem:

in sys-usb file /usr/lib/qubes/usb-export, comment line 89-92 (if statement)

c1sc0 · April 22, 2024, 12:01pm

Qubes just rolled out an update for this specific issue that should fix it in fedora and debian based sys-usb templates.

Attaching some USB devices to qubes fails · Issue #9104 · QubesOS/qubes-issues