Tested this bug with:
libvirt-8.0.0-19.module+el8.8.0+18453+e0bf0d1d.x86_64
Testing steps are the same with those in Comment #2
As the testing results match with the expected results, mark the bug as verified.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: virt:rhel and virt-devel:rhel security and bug fix update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2023:3822
Test this bug with: libvirt-8.0.0-19.module+el8.8.0+18453+e0bf0d1d.x86_64 1. prepare a guest with guest agent device # virsh domtime rhel8.8 Time: 1680585239 2. check the dominfo # virsh dominfo rhel8.8 Id: 1 Name: rhel8.8 UUID: a239cb28-110e-4c39-9dd1-e9caf8bcf7f6 OS Type: hvm State: running CPU(s): 8 CPU time: 842.5s Max memory: 2883584 KiB Used memory: 2097152 KiB Persistent: yes Autostart: disable Managed save: no Security model: selinux Security DOI: 0 Security label: system_u:system_r:svirt_t:s0:c557,c936 (enforcing) 3. check the vcpus about guest using qemu-agent-command # virsh qemu-agent-command rhel8.8 '{"execute":"guest-get-vcpus"}' {"return":[{"online":true,"can-offline":true,"logical-id":7},.... 4. check the dominfo again Id: 2 Name: rhel8.8 UUID: a239cb28-110e-4c39-9dd1-e9caf8bcf7f6 OS Type: hvm State: running CPU(s): 8 CPU time: 166.5s Max memory: 2883584 KiB Used memory: 2097152 KiB Persistent: yes Autostart: disable Managed save: no Security model: selinux Security DOI: 0 Security label: system_u:system_r:svirt_t:s0:c676,c804 (enforcing) 5. check the log # grep -ni tainted /var/log/libvirt/libvirtd.log 569:2023-04-04 06:11:16.977+0000: 34389: warning : qemuDomainObjTaintMsg:6401 : Domain id=2 name='rhel8.8' uuid=a239cb28-110e-4c39-9dd1-e9caf8bcf7f6 is tainted: custom-ga-command 571:2023-04-04 06:11:16.977+0000: 34389: debug : qemuDomainLogAppendMessage:6766 : Append log message (vm='rhel8.8' message='2023-04-04 06:11:16.977+0000: Domain id=2 is tainted: custom-ga-command 6. repeat step 2 for 100 times # for i in {1..100}; do virsh qemu-agent-command rhel8.8 '{"execute":"guest-get-vcpus"}'; done 7. check the log again # grep -ni tainted /var/log/libvirt/libvirtd.log 569:2023-04-04 06:11:16.977+0000: 34389: warning : qemuDomainObjTaintMsg:6401 : Domain id=2 name='rhel8.8' uuid=a239cb28-110e-4c39-9dd1-e9caf8bcf7f6 is tainted: custom-ga-command 571:2023-04-04 06:11:16.977+0000: 34389: debug : qemuDomainLogAppendMessage:6766 : Append log message (vm='rhel8.8' message='2023-04-04 06:11:16.977+0000: Domain id=2 is tainted: custom-ga-command (The tainted message is printed when invoking guest-agent-command for the first time. And no new logs about tainted messages printed for the later invoking, logs are not spammed)