tested with qemu-kvm-rhev-2.12.0-32.el7, not hit this issue. Versions: kernel-3.10.0-1055.el7.x86_64 qemu-kvm-rhev-2.12.0-32.el7 1. start service # systemctl start qemu-pr-helper # systemctl status qemu-pr-helper ● qemu-pr-helper.service - Persistent Reservation Daemon for QEMU Loaded: loaded (/usr/lib/systemd/system/qemu-pr-helper.service; static; vendor preset: disabled) Active: active (running) since Wed 2019-06-12 02:17:47 EDT; 1s ago Main PID: 587 (qemu-pr-helper) Tasks: 1 CGroup: /system.slice/qemu-pr-helper.service └─587 /usr/bin/qemu-pr-helper 2. boot guest with below cmd lines (pass-through sdc) /usr/libexec/qemu-kvm \ -S \ -name 'avocado-vt-vm1' \ -sandbox off \ -machine q35 \ -nodefaults \ -device VGA,bus=pcie.0,addr=0x1 \ -device pcie-root-port,id=pcie_root_port_0,slot=2,chassis=2,addr=0x2,bus=pcie.0 \ -device pcie-root-port,id=pcie_root_port_1,slot=3,chassis=3,addr=0x3,bus=pcie.0 \ -device pcie-root-port,id=pcie_root_port_2,slot=4,chassis=4,addr=0x4,bus=pcie.0 \ -chardev socket,id=qmp_id_qmpmonitor1,path=/var/tmp/avocado_yvw268de/monitor-qmpmonitor1-20181017-004217-U4Tik3JV,server,nowait \ -mon chardev=qmp_id_qmpmonitor1,mode=control \ -chardev socket,id=qmp_id_catch_monitor,path=/var/tmp/avocado_yvw268de/monitor-catch_monitor-20181017-004217-U4Tik3JV,server,nowait \ -mon chardev=qmp_id_catch_monitor,mode=control \ -device pvpanic,ioport=0x505,id=idaVJ26s \ -chardev socket,id=serial_id_serial0,path=/var/tmp/avocado_yvw268de/serial-serial0-20181017-004217-U4Tik3JV,server,nowait \ -device isa-serial,chardev=serial_id_serial0 \ -chardev socket,id=seabioslog_id_20181017-004217-U4Tik3JV,path=/var/tmp/avocado_yvw268de/seabios-20181017-004217-U4Tik3JV,server,nowait \ -device isa-debugcon,chardev=seabioslog_id_20181017-004217-U4Tik3JV,iobase=0x402 \ -device pcie-root-port,id=pcie.0-root-port-5,slot=5,chassis=5,addr=0x5,bus=pcie.0 \ -device qemu-xhci,id=usb1,bus=pcie.0-root-port-5,addr=0x0 \ -device pcie-root-port,id=pcie.0-root-port-6,slot=6,chassis=6,addr=0x6,bus=pcie.0 \ -object iothread,id=iothread0 \ -device virtio-scsi-pci,id=virtio_scsi_pci0,bus=pcie.0-root-port-6,addr=0x0,iothread=iothread0 \ -drive file=/home/kvm_autotest_root/images/rhel77-64-virtio-scsi.qcow2,if=none,format=qcow2,cache=none,werror=stop,rerror=stop,id=drive-system \ -device scsi-hd,drive=drive-system,id=image1,bootindex=0 \ -device pcie-root-port,id=pcie.0-root-port-8,slot=8,chassis=8,addr=0x8,bus=pcie.0 \ -device virtio-scsi-pci,id=scsi1,bus=pcie.0-root-port-8,addr=0x0 \ -object pr-manager-helper,id=helper0,path=/var/run/qemu-pr-helper.sock \ -drive file=/dev/sdc,if=none,format=raw,id=drive-data,file.pr-manager=helper0 \ -device scsi-block,drive=drive-data,id=data-disk1,bus=scsi1.0 \ -device pcie-root-port,id=pcie.0-root-port-7,slot=7,chassis=7,addr=0x7,bus=pcie.0 \ -device virtio-net-pci,mac=9a:82:83:84:85:86,id=idWBc2X6,vectors=4,netdev=idX17Mug,bus=pcie.0-root-port-7,addr=0x0 \ -netdev tap,id=idX17Mug,vhost=on \ -m 4G \ -smp 4,maxcpus=4,cores=2,threads=1,sockets=2 \ -cpu 'Westmere',hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time,+kvm_pv_unhalt \ -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 \ -vnc :0 \ -rtc base=utc,clock=host,driftfix=slew \ -boot order=cdn,once=d,menu=off,strict=off \ -enable-kvm \ -monitor stdio \ -qmp tcp:0:4444,server,nowait \ 3. test persistent reservation in guest. cat test-persistent.sh #! /bin/sh sg_persist --no-inquiry -v --out --register-ignore --param-sark 123aaa "$@" sg_persist --no-inquiry --in -k "$@" sg_persist --no-inquiry -v --out --reserve --param-rk 123aaa --prout-type 5 "$@" sg_persist --no-inquiry --in -r "$@" sg_persist --no-inquiry -v --out --release --param-rk 123aaa --prout-type 5 "$@" sg_persist --no-inquiry --in -r "$@" sg_persist --no-inquiry -v --out --register --param-rk 123aaa --prout-type 5 "$@" sg_persist --no-inquiry --in -k "$@" (1) # sh test-persisten.sh /dev/sdb Persistent Reservation Out cmd: 5f 06 00 00 00 00 00 00 18 00 PR out: command (Register and ignore existing key) successful PR generation=0x1, 1 registered reservation key follows: 0x123aaa Persistent Reservation Out cmd: 5f 01 05 00 00 00 00 00 18 00 PR out: command (Reserve) successful PR generation=0x1, Reservation follows: Key=0x123aaa scope: LU_SCOPE, type: Write Exclusive, registrants only Persistent Reservation Out cmd: 5f 02 05 00 00 00 00 00 18 00 PR out: command (Release) successful PR generation=0x1, there is NO reservation held Persistent Reservation Out cmd: 5f 00 05 00 00 00 00 00 18 00 PR out: command (Register) successful PR generation=0x1, there are NO registered reservation keys (2) restart guest with multipath (pass-through /dev/mapper/mpatha) # sh test-persisten.sh /dev/sdb Persistent Reservation Out cmd: 5f 06 00 00 00 00 00 00 18 00 PR out: command (Register and ignore existing key) successful PR generation=0x2, 2 registered reservation keys follow: 0x123aaa 0x123aaa Persistent Reservation Out cmd: 5f 01 05 00 00 00 00 00 18 00 PR out: command (Reserve) successful PR generation=0x2, Reservation follows: Key=0x123aaa scope: LU_SCOPE, type: Write Exclusive, registrants only Persistent Reservation Out cmd: 5f 02 05 00 00 00 00 00 18 00 PR out: command (Release) successful PR generation=0x2, there is NO reservation held Persistent Reservation Out cmd: 5f 00 05 00 00 00 00 00 18 00 PR out: command (Register) successful PR generation=0x2, there are NO registered reservation keys after step 2, guest boot up normally. after step 3, persistent reservation works well.
Tested with qemu-kvm-4.0.0-4.module+el8.1.0+3356+cda7f1ee, hit this issue. Versions: kernel-4.18.0-100.el8.x86_64 qemu-kvm-4.0.0-4.module+el8.1.0+3356+cda7f1ee 1. start service # systemctl start qemu-pr-helper # systemctl status qemu-pr-helper ● qemu-pr-helper.service - Persistent Reservation Daemon for QEMU Loaded: loaded (/usr/lib/systemd/system/qemu-pr-helper.service; static; vend> Active: active (running) since Wed 2019-06-12 22:22:15 EDT; 3s ago Main PID: 31032 (qemu-pr-helper) Tasks: 2 (limit: 26213) Memory: 1.7M CGroup: /system.slice/qemu-pr-helper.service └─31032 /usr/bin/qemu-pr-helper 2. boot guest with below cmd lines /usr/libexec/qemu-kvm \ -S \ -name 'avocado-vt-vm1' \ -sandbox off \ -machine q35 \ -nodefaults \ -device VGA,bus=pcie.0,addr=0x1 \ -device pcie-root-port,id=pcie_root_port_0,slot=2,chassis=2,addr=0x2,bus=pcie.0 \ -device pcie-root-port,id=pcie_root_port_1,slot=3,chassis=3,addr=0x3,bus=pcie.0 \ -device pcie-root-port,id=pcie_root_port_2,slot=4,chassis=4,addr=0x4,bus=pcie.0 \ -chardev socket,id=qmp_id_qmpmonitor1,path=/var/tmp/avocado_w2u90exl/monitor-qmpmonitor1-20181127-024837-wdAVx2FL,server,nowait \ -mon chardev=qmp_id_qmpmonitor1,mode=control \ -chardev socket,id=qmp_id_catch_monitor,path=/var/tmp/avocado_w2u90exl/monitor-catch_monitor-20181127-024837-wdAVx2FL,server,nowait \ -mon chardev=qmp_id_catch_monitor,mode=control \ -device pvpanic,ioport=0x505,id=idulvcka \ -chardev socket,id=serial_id_serial0,path=/var/tmp/avocado_w2u90exl/serial-serial0-20181127-024837-wdAVx2FL,server,nowait \ -device isa-serial,chardev=serial_id_serial0 \ -chardev socket,id=seabioslog_id_20181127-024837-wdAVx2FL,path=/var/tmp/avocado_w2u90exl/seabios-20181127-024837-wdAVx2FL,server,nowait \ -device isa-debugcon,chardev=seabioslog_id_20181127-024837-wdAVx2FL,iobase=0x402 \ -device pcie-root-port,id=pcie.0-root-port-5,slot=5,chassis=5,addr=0x5,bus=pcie.0 \ -device qemu-xhci,id=usb1,bus=pcie.0-root-port-5,addr=0x0 \ -object iothread,id=iothread0 \ -device pcie-root-port,id=pcie.0-root-port-6,slot=6,chassis=6,addr=0x6,bus=pcie.0 \ -device virtio-scsi-pci,iothread=iothread0,id=virtio_scsi_pci0,bus=pcie.0-root-port-6,addr=0x0 \ -blockdev driver=file,cache.direct=on,cache.no-flush=off,filename=/home/kvm_autotest_root/images/rhel810-64-virtio-scsi.qcow2,node-name=my_file \ -blockdev driver=qcow2,node-name=my,file=my_file,cache.direct=on,cache.no-flush=off \ -device scsi-hd,drive=my,bus=virtio_scsi_pci0.0,write-cache=on \ -device pcie-root-port,id=pcie.0-root-port-7,slot=7,chassis=7,addr=0x7,bus=pcie.0 \ -device virtio-net-pci,mac=9a:34:35:36:37:38,id=idyb3F88,vectors=4,netdev=idTAFS0s,bus=pcie.0-root-port-7,addr=0x0 \ -netdev tap,id=idTAFS0s,vhost=on \ -m 4G \ -smp 12,maxcpus=12,cores=6,threads=1,sockets=2 \ -cpu 'Opteron_G5',+kvm_pv_unhalt \ -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 \ -vnc :0 \ -rtc base=localtime,clock=host,driftfix=slew \ -boot order=cdn,once=c,menu=off,strict=off \ -enable-kvm \ -monitor stdio \ -qmp tcp:0:4444,server,nowait \ -device pcie-root-port,id=pcie.0-root-port-9,slot=9,chassis=9,addr=0x9,bus=pcie.0 \ -object pr-manager-helper,id=helper0,path=/var/run/qemu-pr-helper.sock \ -device virtio-scsi-pci,id=virtio_scsi_pci1,bus=pcie.0-root-port-9,addr=0x0 \ -blockdev driver=host_device,cache.direct=off,cache.no-flush=on,filename=/dev/mapper/mpatha,node-name=host_disk4,pr-manager=helper0 \ -blockdev driver=raw,node-name=disk_4,file=host_disk4 \ -device scsi-block,drive=disk_4,bus=virtio_scsi_pci1.0,id=host_disk4 \ 3. test persistent reservation in guest. cat test-persistent.sh #! /bin/sh sg_persist --no-inquiry -v --out --register-ignore --param-sark 123aaa "$@" sg_persist --no-inquiry --in -k "$@" sg_persist --no-inquiry -v --out --reserve --param-rk 123aaa --prout-type 5 "$@" sg_persist --no-inquiry --in -r "$@" sg_persist --no-inquiry -v --out --release --param-rk 123aaa --prout-type 5 "$@" sg_persist --no-inquiry --in -r "$@" sg_persist --no-inquiry -v --out --register --param-rk 123aaa --prout-type 5 "$@" sg_persist --no-inquiry --in -k "$@" # sh test-persisten.sh /dev/sdb after step 2, guest boot up normally. after step 3, core dumped, persistent reservation doesn't work. Please refer to attached log file.
reproduced with qemu-kvm running under valgrind. # valgrind qemu-kvm arguments-to-qemu-kvm... ==4368== Memcheck, a memory error detector ==4368== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==4368== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==4368== Command: /usr/libexec/qemu-kvm -S -name avocado-vt-vm1 -sandbox off -machine q35 -nodefaults -device VGA,bus=pcie.0,addr=0x1 -device pcie-root-port,id=pcie_root_port_0,slot=2,chassis=2,addr=0x2,bus=pcie.0 -device pcie-root-port,id=pcie_root_port_1,slot=3,chassis=3,addr=0x3,bus=pcie.0 -device pcie-root-port,id=pcie_root_port_2,slot=4,chassis=4,addr=0x4,bus=pcie.0 -chardev socket,id=qmp_id_qmpmonitor1,path=/var/tmp/avocado_w2u90exl/monitor-qmpmonitor1-20181127-024837-wdAVx2FL,server,nowait -mon chardev=qmp_id_qmpmonitor1,mode=control -chardev socket,id=qmp_id_catch_monitor,path=/var/tmp/avocado_w2u90exl/monitor-catch_monitor-20181127-024837-wdAVx2FL,server,nowait -mon chardev=qmp_id_catch_monitor,mode=control -device pvpanic,ioport=0x505,id=idulvcka -chardev socket,id=serial_id_serial0,path=/var/tmp/avocado_w2u90exl/serial-serial0-20181127-024837-wdAVx2FL,server,nowait -device isa-serial,chardev=serial_id_serial0 -chardev socket,id=seabioslog_id_20181127-024837-wdAVx2FL,path=/var/tmp/avocado_w2u90exl/seabios-20181127-024837-wdAVx2FL,server,nowait -device isa-debugcon,chardev=seabioslog_id_20181127-024837-wdAVx2FL,iobase=0x402 -device pcie-root-port,id=pcie.0-root-port-5,slot=5,chassis=5,addr=0x5,bus=pcie.0 -device qemu-xhci,id=usb1,bus=pcie.0-root-port-5,addr=0x0 -object iothread,id=iothread0 -device pcie-root-port,id=pcie.0-root-port-6,slot=6,chassis=6,addr=0x6,bus=pcie.0 -device virtio-scsi-pci,iothread=iothread0,id=virtio_scsi_pci0,bus=pcie.0-root-port-6,addr=0x0 -blockdev driver=file,cache.direct=on,cache.no-flush=off,filename=/home/kvm_autotest_root/images/rhel810-64-virtio-scsi.qcow2,node-name=my_file -blockdev driver=qcow2,node-name=my,file=my_file,cache.direct=on,cache.no-flush=off -device scsi-hd,drive=my,bus=virtio_scsi_pci0.0,write-cache=on -device pcie-root-port,id=pcie.0-root-port-7,slot=7,chassis=7,addr=0x7,bus=pcie.0 -device virtio-net-pci,mac=9a:34:35:36:37:38,id=idyb3F88,vectors=4,netdev=idTAFS0s,bus=pcie.0-root-port-7,addr=0x0 -netdev tap,id=idTAFS0s,vhost=on -m 4G -smp 12,maxcpus=12,cores=6,threads=1,sockets=2 -cpu Opteron_G5,+kvm_pv_unhalt -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 -vnc :0 -rtc base=localtime,clock=host,driftfix=slew -boot order=cdn,once=c,menu=off,strict=off -enable-kvm -monitor stdio -qmp tcp:0:4444,server,nowait -device pcie-root-port,id=pcie.0-root-port-9,slot=9,chassis=9,addr=0x9,bus=pcie.0 -object pr-manager-helper,id=helper0,path=/var/run/qemu-pr-helper.sock -device virtio-scsi-pci,id=virtio_scsi_pci1,bus=pcie.0-root-port-9,addr=0x0 -blockdev driver=host_device,cache.direct=off,cache.no-flush=on,filename=/dev/mapper/mpatha,node-name=host_disk4,pr-manager=helper0 -blockdev driver=raw,node-name=disk_4,file=host_disk4 -device scsi-block,drive=disk_4,bus=virtio_scsi_pci1.0,id=host_disk4 ==4368== --4368-- WARNING: unhandled amd64-linux syscall: 317 --4368-- You may be able to write your own handler. --4368-- Read the file README_MISSING_SYSCALL_OR_IOCTL. --4368-- Nevertheless we consider this a bug. Please report --4368-- it at http://valgrind.org/support/bug_reports.html. qemu-kvm: -sandbox off: There is no option group 'sandbox' ==4368== Invalid read of size 8 ==4368== at 0x765018: opts_parse (qemu-option.c:888) ==4368== by 0x765493: qemu_opts_parse_noisily (qemu-option.c:950) ==4368== by 0x3FAEE4: main (vl.c:3942) ==4368== Address 0x8 is not stack'd, malloc'd or (recently) free'd ==4368== ==4368== ==4368== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==4368== Access not within mapped region at address 0x8 ==4368== at 0x765018: opts_parse (qemu-option.c:888) ==4368== by 0x765493: qemu_opts_parse_noisily (qemu-option.c:950) ==4368== by 0x3FAEE4: main (vl.c:3942) ==4368== If you believe this happened as a result of a stack ==4368== overflow in your program's main thread (unlikely but ==4368== possible), you can try to increase the size of the ==4368== main thread stack using the --main-stacksize= flag. ==4368== The main thread stack size used in this run was 8388608. ==4368== ==4368== HEAP SUMMARY: ==4368== in use at exit: 329,195 bytes in 2,713 blocks ==4368== total heap usage: 3,504 allocs, 791 frees, 560,508 bytes allocated ==4368== ==4368== LEAK SUMMARY: ==4368== definitely lost: 0 bytes in 0 blocks ==4368== indirectly lost: 0 bytes in 0 blocks ==4368== possibly lost: 2,220 bytes in 39 blocks ==4368== still reachable: 326,975 bytes in 2,674 blocks ==4368== of which reachable via heuristic: ==4368== newarray : 1,536 bytes in 16 blocks ==4368== suppressed: 0 bytes in 0 blocks ==4368== Rerun with --leak-check=full to see details of leaked memory ==4368== ==4368== For lists of detected and suppressed errors, rerun with: -s ==4368== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) Segmentation fault (core dumped) # gdb /usr/libexec/qemu-kvm vgcore.4368 GNU gdb (GDB) Red Hat Enterprise Linux 8.2-6.el8 Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/libexec/qemu-kvm...Reading symbols from /usr/lib/debug/usr/libexec/qemu-kvm-4.0.0-4.module+el8.1.0+3356+cda7f1ee.x86_64.debug...done. done. [New LWP 4368] [New process 1] warning: Error reading shared library list entry at 0x2825048b4864 warning: Error reading shared library list entry at 0x640824448b481674 Unsupported JIT protocol version 6099760 in descriptor (expected 1) Core was generated by `'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x0000000000765018 in mac_reg_access () [Current thread is 1 (LWP 4368)] (gdb) bt #0 0x0000000000765018 in mac_reg_access () #1 0x0000000000000000 in ?? () (gdb) Additional comment: without valgrind, guest boot up normally, crash when running persistent reservation. with valgrind, we crash during startup.
Tested on another rhel8.0.1 host, not hit this issue. kernel-4.18.0-80.el8.x86_64 qemu-kvm-3.1.0-27.module+el8.0.1+3253+c5371cb3
Tested on the same host with slow train, not hit this issue. kernel-4.18.0-100.el8.x86_64 qemu-kvm-2.12.0-76.module+el8.1.0+3351+d11c20fa test persistent reservation in guest. # sh persistent.sh /dev/sdb Persistent reservation out cdb: 5f 06 00 00 00 00 00 00 18 00 PR out: command (Register and ignore existing key) successful PR generation=0x16, 2 registered reservation keys follow: 0x123aaa 0x123aaa Persistent reservation out cdb: 5f 01 05 00 00 00 00 00 18 00 PR out: command (Reserve) successful PR generation=0x16, Reservation follows: Key=0x123aaa scope: LU_SCOPE, type: Write Exclusive, registrants only Persistent reservation out cdb: 5f 02 05 00 00 00 00 00 18 00 PR out: command (Release) successful PR generation=0x16, there is NO reservation held Persistent reservation out cdb: 5f 00 05 00 00 00 00 00 18 00 PR out: command (Register) successful PR generation=0x18, there are NO registered reservation keys But hit crash when qemu-kvm running under valgrind. # valgrind qemu-kvm arguments-to-qemu-kvm... ==8536== Memcheck, a memory error detector ==8536== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==8536== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==8536== Command: /usr/libexec/qemu-kvm -S -name avocado-vt-vm1 -sandbox off -machine q35 -nodefaults -device VGA,bus=pcie.0,addr=0x1 -device pcie-root-port,id=pcie_root_port_0,slot=2,chassis=2,addr=0x2,bus=pcie.0 -device pcie-root-port,id=pcie_root_port_1,slot=3,chassis=3,addr=0x3,bus=pcie.0 -device pcie-root-port,id=pcie_root_port_2,slot=4,chassis=4,addr=0x4,bus=pcie.0 -chardev socket,id=qmp_id_qmpmonitor1,path=/var/tmp/avocado_w2u90exl/monitor-qmpmonitor1-20181127-024837-wdAVx2FL,server,nowait -mon chardev=qmp_id_qmpmonitor1,mode=control -chardev socket,id=qmp_id_catch_monitor,path=/var/tmp/avocado_w2u90exl/monitor-catch_monitor-20181127-024837-wdAVx2FL,server,nowait -mon chardev=qmp_id_catch_monitor,mode=control -device pvpanic,ioport=0x505,id=idulvcka -chardev socket,id=serial_id_serial0,path=/var/tmp/avocado_w2u90exl/serial-serial0-20181127-024837-wdAVx2FL,server,nowait -device isa-serial,chardev=serial_id_serial0 -chardev socket,id=seabioslog_id_20181127-024837-wdAVx2FL,path=/var/tmp/avocado_w2u90exl/seabios-20181127-024837-wdAVx2FL,server,nowait -device isa-debugcon,chardev=seabioslog_id_20181127-024837-wdAVx2FL,iobase=0x402 -device pcie-root-port,id=pcie.0-root-port-5,slot=5,chassis=5,addr=0x5,bus=pcie.0 -device qemu-xhci,id=usb1,bus=pcie.0-root-port-5,addr=0x0 -object iothread,id=iothread0 -device pcie-root-port,id=pcie.0-root-port-6,slot=6,chassis=6,addr=0x6,bus=pcie.0 -device virtio-scsi-pci,iothread=iothread0,id=virtio_scsi_pci0,bus=pcie.0-root-port-6,addr=0x0 -blockdev driver=file,cache.direct=on,cache.no-flush=off,filename=/home/kvm_autotest_root/images/rhel810-64-virtio-scsi.qcow2,node-name=my_file -blockdev driver=qcow2,node-name=my,file=my_file,cache.direct=on,cache.no-flush=off -device scsi-hd,drive=my,bus=virtio_scsi_pci0.0,write-cache=on -device pcie-root-port,id=pcie.0-root-port-7,slot=7,chassis=7,addr=0x7,bus=pcie.0 -device virtio-net-pci,mac=9a:34:35:36:37:38,id=idyb3F88,vectors=4,netdev=idTAFS0s,bus=pcie.0-root-port-7,addr=0x0 -netdev tap,id=idTAFS0s,vhost=on -m 4G -smp 12,maxcpus=12,cores=6,threads=1,sockets=2 -cpu Opteron_G5,+kvm_pv_unhalt -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 -vnc :0 -rtc base=localtime,clock=host,driftfix=slew -boot order=cdn,once=c,menu=off,strict=off -enable-kvm -monitor stdio -qmp tcp:0:4444,server,nowait -device pcie-root-port,id=pcie.0-root-port-9,slot=9,chassis=9,addr=0x9,bus=pcie.0 -object pr-manager-helper,id=helper0,path=/var/run/qemu-pr-helper.sock -device virtio-scsi-pci,id=virtio_scsi_pci1,bus=pcie.0-root-port-9,addr=0x0 -blockdev driver=host_device,cache.direct=off,cache.no-flush=on,filename=/dev/mapper/mpatha,node-name=host_disk4,pr-manager=helper0 -blockdev driver=raw,node-name=disk_4,file=host_disk4 -device scsi-block,drive=disk_4,bus=virtio_scsi_pci1.0,id=host_disk4 ==8536== ==8536== Source and destination overlap in memcpy_chk(0x1ffeffe840, 0x1ffeffe842, 5) ==8536== at 0x4C39200: __memcpy_chk (vg_replace_strmem.c:1595) ==8536== by 0x730933: UnknownInlinedFun (string_fortified.h:40) ==8536== by 0x730933: opts_do_parse (qemu-option.c:776) ==8536== by 0x73185D: opts_parse (qemu-option.c:851) ==8536== by 0x731BFD: qemu_opts_parse_noisily (qemu-option.c:888) ==8536== by 0x3E6F0C: main (vl.c:4079) ==8536== ==8536== Source and destination overlap in memcpy_chk(0x1ffeffeb50, 0x1ffeffeb52, 5) ==8536== at 0x4C39200: __memcpy_chk (vg_replace_strmem.c:1595) ==8536== by 0x730933: UnknownInlinedFun (string_fortified.h:40) ==8536== by 0x730933: opts_do_parse (qemu-option.c:776) ==8536== by 0x6BEF0C: qemu_chr_parse_compat (char.c:417) ==8536== by 0x51A051: monitor_parse (vl.c:2482) ==8536== by 0x3E873E: main (vl.c:3525) ==8536== ==8536== Warning: client switching stacks? SP change: 0x1ffeffe6f8 --> 0x4162fe8 ==8536== to suppress, use: --max-stackframe=137353606928 or greater ==8536== Warning: client switching stacks? SP change: 0x4162f88 --> 0x1ffeffe700 ==8536== to suppress, use: --max-stackframe=137353607032 or greater ==8536== Warning: client switching stacks? SP change: 0x1ffeffef08 --> 0x4162fc0 ==8536== to suppress, use: --max-stackframe=137353609032 or greater ==8536== further instances of this message will not be shown. QEMU 2.12.0 monitor - type 'help' for more information (qemu) ==8536== Syscall param ioctl(generic) points to uninitialised byte(s) ==8536== at 0x9D58CCB: ioctl (in /usr/lib64/libc-2.28.so) ==8536== by 0x44DA95: kvm_ioctl (kvm-all.c:2073) ==8536== by 0x503089: kvm_arch_get_supported_msr_feature (kvm.c:444) ==8536== by 0x4B29B9: x86_cpu_get_supported_feature_word (cpu.c:3687) ==8536== by 0x4B2A18: x86_cpu_filter_features (cpu.c:4944) ==8536== by 0x4B7807: x86_cpu_realizefn (cpu.c:5017) ==8536== by 0x567B2F: device_set_realized (qdev.c:852) ==8536== by 0x65EAEA: property_set_bool (object.c:1925) ==8536== by 0x662C42: object_property_set_qobject (qom-qobject.c:27) ==8536== by 0x6607A8: object_property_set_bool (object.c:1188) ==8536== by 0x49900E: pc_new_cpu (pc.c:1107) ==8536== by 0x49C9A0: pc_cpus_init (pc.c:1155) ==8536== Address 0x1ffeffed84 is on thread 1's stack ==8536== in frame #2, created by kvm_arch_get_supported_msr_feature (kvm.c:420) ==8536== ==8536== Warning: noted but unhandled ioctl 0xaea3 with no size/direction hints. ==8536== This could cause spurious value errors to appear. ==8536== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper. ==8536== Warning: set address range perms: large range [0x59e8e000, 0x15a08e000) (noaccess) ==8536== Warning: set address range perms: large range [0x5a000000, 0x15a000000) (defined) ==8536== Conditional jump or move depends on uninitialised value(s) ==8536== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==8536== by 0x4923C8: vhost_commit (vhost.c:444) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1065) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1045) ==8536== by 0x49FEA0: old_pc_system_rom_init (pc_sysfw.c:213) ==8536== by 0x49FEA0: pc_system_firmware_init (pc_sysfw.c:253) ==8536== by 0x49CE1B: pc_memory_init (pc.c:1415) ==8536== by 0x49F737: pc_q35_init (pc_q35.c:154) ==8536== by 0x56D71A: machine_run_board_init (machine.c:829) ==8536== by 0x3EA473: main (vl.c:4662) ==8536== ==8536== Conditional jump or move depends on uninitialised value(s) ==8536== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==8536== by 0x4923C8: vhost_commit (vhost.c:444) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1065) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1045) ==8536== by 0x49FF34: old_pc_system_rom_init (pc_sysfw.c:231) ==8536== by 0x49FF34: pc_system_firmware_init (pc_sysfw.c:253) ==8536== by 0x49CE1B: pc_memory_init (pc.c:1415) ==8536== by 0x49F737: pc_q35_init (pc_q35.c:154) ==8536== by 0x56D71A: machine_run_board_init (machine.c:829) ==8536== by 0x3EA473: main (vl.c:4662) ==8536== ...... ==8536== Syscall param ioctl(generic) points to uninitialised byte(s) ==8536== at 0x9D58CCB: ioctl (in /usr/lib64/libc-2.28.so) ==8536== by 0x44FEF8: kvm_vcpu_ioctl (kvm-all.c:2109) ==8536== by 0x506834: kvm_put_debugregs (kvm.c:2827) ==8536== by 0x506834: kvm_arch_put_registers (kvm.c:2916) ==8536== by 0x44CF61: do_kvm_cpu_synchronize_post_init (kvm-all.c:1833) ==8536== by 0x536372: process_queued_cpu_work (cpus-common.c:342) ==8536== by 0x42CBA7: qemu_kvm_cpu_thread_fn (cpus.c:1220) ==8536== by 0x42CBA7: qemu_kvm_cpu_thread_fn (cpus.c:1188) ==8536== by 0x9A4E2DD: start_thread (in /usr/lib64/libpthread-2.28.so) ==8536== by 0x9D622D2: clone (in /usr/lib64/libc-2.28.so) ==8536== Address 0x13d936e0 is on thread 6's stack ==8536== in frame #2, created by kvm_arch_put_registers (kvm.c:2854) ==8536== ==8536== Thread 1: ==8536== Conditional jump or move depends on uninitialised value(s) ==8536== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==8536== by 0x4923C8: vhost_commit (vhost.c:444) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1065) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1045) ==8536== by 0x5C6555: pci_init_bus_master (pci.c:96) ==8536== by 0x5C6594: pcibus_machine_done (pci.c:108) ==8536== by 0x72FF33: notifier_list_notify (notify.c:40) ==8536== by 0x3EA5F7: qemu_run_machine_init_done_notifiers (vl.c:2770) ==8536== by 0x3EA5F7: main (vl.c:4744) ==8536== ==8536== Conditional jump or move depends on uninitialised value(s) ==8536== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==8536== by 0x4923C8: vhost_commit (vhost.c:444) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1065) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1045) ==8536== by 0x56DE8A: rom_set_mr (loader.c:896) ==8536== by 0x56EDD8: rom_add_blob (loader.c:1039) ==8536== by 0x4A8D26: acpi_add_rom_blob (acpi-build.c:2809) ==8536== by 0x4ADB9F: acpi_setup (acpi-build.c:2852) ==8536== by 0x49B1B4: pc_machine_done (pc.c:1229) ==8536== by 0x72FF33: notifier_list_notify (notify.c:40) ==8536== by 0x3EA5F7: qemu_run_machine_init_done_notifiers (vl.c:2770) ==8536== by 0x3EA5F7: main (vl.c:4744) ==8536== ....... ==8536== Thread 6: ==8536== Syscall param ioctl(generic) points to uninitialised byte(s) ==8536== at 0x9D58CCB: ioctl (in /usr/lib64/libc-2.28.so) ==8536== by 0x44FEF8: kvm_vcpu_ioctl (kvm-all.c:2109) ==8536== by 0x506834: kvm_put_debugregs (kvm.c:2827) ==8536== by 0x506834: kvm_arch_put_registers (kvm.c:2916) ==8536== by 0x44CF41: do_kvm_cpu_synchronize_post_reset (kvm-all.c:1822) ==8536== by 0x536372: process_queued_cpu_work (cpus-common.c:342) ==8536== by 0x42CBA7: qemu_kvm_cpu_thread_fn (cpus.c:1220) ==8536== by 0x42CBA7: qemu_kvm_cpu_thread_fn (cpus.c:1188) ==8536== by 0x9A4E2DD: start_thread (in /usr/lib64/libpthread-2.28.so) ==8536== by 0x9D622D2: clone (in /usr/lib64/libc-2.28.so) ==8536== Address 0x13d936e0 is on thread 6's stack ==8536== in frame #2, created by kvm_arch_put_registers (kvm.c:2854) ==8536== (qemu) c (qemu) ==8536== Conditional jump or move depends on uninitialised value(s) ==8536== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==8536== by 0x4923C8: vhost_commit (vhost.c:444) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1065) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1045) ==8536== by 0x5C2672: mch_update_pciexbar (q35.c:329) ==8536== by 0x5C28F7: mch_write_config (q35.c:456) ==8536== by 0x43EF45: memory_region_write_accessor (memory.c:530) ==8536== by 0x43D395: access_with_adjusted_size (memory.c:597) ==8536== by 0x4411F9: memory_region_dispatch_write (memory.c:1474) ==8536== by 0x3EF452: flatview_write_continue (exec.c:3093) ==8536== by 0x3EF452: flatview_write (exec.c:3149) ==8536== by 0x3F3BF2: address_space_write (exec.c:3265) ==8536== by 0x4501BF: kvm_handle_io (kvm-all.c:1746) ==8536== by 0x4501BF: kvm_cpu_exec (kvm-all.c:1986) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1215) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1188) ==8536== ==8536== Conditional jump or move depends on uninitialised value(s) ==8536== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==8536== by 0x4923C8: vhost_commit (vhost.c:444) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1065) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1045) ==8536== by 0x5C7D6B: pci_bridge_update_mappings (pci_bridge.c:245) ==8536== by 0x5C7DFD: pci_bridge_write_config (pci_bridge.c:270) ==8536== by 0x5BD92E: rp_write_config (pcie_root_port.c:34) ==8536== by 0x43EF45: memory_region_write_accessor (memory.c:530) ==8536== by 0x43D395: access_with_adjusted_size (memory.c:597) ==8536== by 0x4411F9: memory_region_dispatch_write (memory.c:1474) ==8536== by 0x3EF610: flatview_write_continue (exec.c:3105) ==8536== by 0x3EF610: flatview_write (exec.c:3149) ==8536== by 0x3F3BF2: address_space_write (exec.c:3265) ==8536== by 0x4501BF: kvm_handle_io (kvm-all.c:1746) ==8536== by 0x4501BF: kvm_cpu_exec (kvm-all.c:1986) ==8536== ==8536== Conditional jump or move depends on uninitialised value(s) ==8536== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==8536== by 0x4923C8: vhost_commit (vhost.c:444) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1065) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1045) ==8536== by 0x5C3D0C: pci_update_mappings (pci.c:1324) ==8536== by 0x5C4280: pci_default_write_config (pci.c:1376) ==8536== by 0x43EF45: memory_region_write_accessor (memory.c:530) ==8536== by 0x43D395: access_with_adjusted_size (memory.c:597) ==8536== by 0x4411F9: memory_region_dispatch_write (memory.c:1474) ==8536== by 0x3EF56B: flatview_write_continue (exec.c:3099) ==8536== by 0x3EF56B: flatview_write (exec.c:3149) ==8536== by 0x3F3BF2: address_space_write (exec.c:3265) ==8536== by 0x4501BF: kvm_handle_io (kvm-all.c:1746) ==8536== by 0x4501BF: kvm_cpu_exec (kvm-all.c:1986) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1215) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1188) ==8536== ==8536== Conditional jump or move depends on uninitialised value(s) ==8536== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==8536== by 0x4923C8: vhost_commit (vhost.c:444) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1065) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1045) ==8536== by 0x471A62: ich9_lpc_config_write (lpc_ich9.c:523) ==8536== by 0x43EF45: memory_region_write_accessor (memory.c:530) ==8536== by 0x43D395: access_with_adjusted_size (memory.c:597) ==8536== by 0x4411F9: memory_region_dispatch_write (memory.c:1474) ==8536== by 0x3EF452: flatview_write_continue (exec.c:3093) ==8536== by 0x3EF452: flatview_write (exec.c:3149) ==8536== by 0x3F3BF2: address_space_write (exec.c:3265) ==8536== by 0x4501BF: kvm_handle_io (kvm-all.c:1746) ==8536== by 0x4501BF: kvm_cpu_exec (kvm-all.c:1986) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1215) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1188) ==8536== by 0x9A4E2DD: start_thread (in /usr/lib64/libpthread-2.28.so) ==8536== ==8536== Warning: noted but unhandled ioctl 0xaeb7 with no size/direction hints. ==8536== This could cause spurious value errors to appear. ==8536== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper. ==8536== Conditional jump or move depends on uninitialised value(s) ==8536== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==8536== by 0x4923C8: vhost_commit (vhost.c:444) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1065) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1045) ==8536== by 0x5C3C7C: pci_update_mappings (pci.c:1316) ==8536== by 0x5C422F: pci_default_write_config (pci.c:1376) ==8536== by 0x43EF45: memory_region_write_accessor (memory.c:530) ==8536== by 0x43D395: access_with_adjusted_size (memory.c:597) ==8536== by 0x4411F9: memory_region_dispatch_write (memory.c:1474) ==8536== by 0x3EF452: flatview_write_continue (exec.c:3093) ==8536== by 0x3EF452: flatview_write (exec.c:3149) ==8536== by 0x3F3BF2: address_space_write (exec.c:3265) ==8536== by 0x4501BF: kvm_handle_io (kvm-all.c:1746) ==8536== by 0x4501BF: kvm_cpu_exec (kvm-all.c:1986) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1215) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1188) ==8536== ==8536== Conditional jump or move depends on uninitialised value(s) ==8536== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==8536== by 0x4923C8: vhost_commit (vhost.c:444) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1065) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1045) ==8536== by 0x5C42F2: pci_default_write_config (pci.c:1380) ==8536== by 0x43EF45: memory_region_write_accessor (memory.c:530) ==8536== by 0x43D395: access_with_adjusted_size (memory.c:597) ==8536== by 0x4411F9: memory_region_dispatch_write (memory.c:1474) ==8536== by 0x3EF56B: flatview_write_continue (exec.c:3099) ==8536== by 0x3EF56B: flatview_write (exec.c:3149) ==8536== by 0x3F3BF2: address_space_write (exec.c:3265) ==8536== by 0x4501BF: kvm_handle_io (kvm-all.c:1746) ==8536== by 0x4501BF: kvm_cpu_exec (kvm-all.c:1986) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1215) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1188) ==8536== by 0x9A4E2DD: start_thread (in /usr/lib64/libpthread-2.28.so) ==8536== ==8536== Conditional jump or move depends on uninitialised value(s) ==8536== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==8536== by 0x4923C8: vhost_commit (vhost.c:444) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1065) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1045) ==8536== by 0x4A61EF: vapic_map_rom_writable (kvmvapic.c:613) ==8536== by 0x4A61EF: vapic_prepare (kvmvapic.c:622) ==8536== by 0x4A67A9: vapic_write (kvmvapic.c:670) ==8536== by 0x43EF45: memory_region_write_accessor (memory.c:530) ==8536== by 0x43D395: access_with_adjusted_size (memory.c:597) ==8536== by 0x4411F9: memory_region_dispatch_write (memory.c:1474) ==8536== by 0x3EF56B: flatview_write_continue (exec.c:3099) ==8536== by 0x3EF56B: flatview_write (exec.c:3149) ==8536== by 0x3F3BF2: address_space_write (exec.c:3265) ==8536== by 0x4501BF: kvm_handle_io (kvm-all.c:1746) ==8536== by 0x4501BF: kvm_cpu_exec (kvm-all.c:1986) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1215) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1188) ==8536== ==8536== Syscall param ioctl(generic) points to uninitialised byte(s) ==8536== at 0x9D58CCB: ioctl (in /usr/lib64/libc-2.28.so) ==8536== by 0x44FEF8: kvm_vcpu_ioctl (kvm-all.c:2109) ==8536== by 0x506834: kvm_put_debugregs (kvm.c:2827) ==8536== by 0x506834: kvm_arch_put_registers (kvm.c:2916) ==8536== by 0x450004: kvm_cpu_exec (kvm-all.c:1926) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1215) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1188) ==8536== by 0x9A4E2DD: start_thread (in /usr/lib64/libpthread-2.28.so) ==8536== by 0x9D622D2: clone (in /usr/lib64/libc-2.28.so) ==8536== Address 0x13d936a0 is on thread 6's stack ==8536== in frame #2, created by kvm_arch_put_registers (kvm.c:2854) ==8536== ==8536== Conditional jump or move depends on uninitialised value(s) ==8536== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==8536== by 0x4923C8: vhost_commit (vhost.c:444) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1065) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1045) ==8536== by 0x5C2907: mch_write_config (q35.c:451) ==8536== by 0x43EF45: memory_region_write_accessor (memory.c:530) ==8536== by 0x43D395: access_with_adjusted_size (memory.c:597) ==8536== by 0x4411F9: memory_region_dispatch_write (memory.c:1474) ==8536== by 0x3EF452: flatview_write_continue (exec.c:3093) ==8536== by 0x3EF452: flatview_write (exec.c:3149) ==8536== by 0x3F3BF2: address_space_write (exec.c:3265) ==8536== by 0x4501BF: kvm_handle_io (kvm-all.c:1746) ==8536== by 0x4501BF: kvm_cpu_exec (kvm-all.c:1986) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1215) ==8536== by 0x42CBCD: qemu_kvm_cpu_thread_fn (cpus.c:1188) ==8536== by 0x9A4E2DD: start_thread (in /usr/lib64/libpthread-2.28.so) ==8536== ==8536== Thread 13: ==8536== Conditional jump or move depends on uninitialised value(s) ==8536== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==8536== by 0x4923C8: vhost_commit (vhost.c:444) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1065) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1045) ==8536== by 0x54D6BE: acpi_switch_to_modern_cphp (cpu_hotplug.c:106) ==8536== by 0x54C827: ich9_pm_set_cpu_hotplug_legacy (ich9.c:351) ==8536== by 0x65EAEA: property_set_bool (object.c:1925) ==8536== by 0x662C42: object_property_set_qobject (qom-qobject.c:27) ==8536== by 0x6607A8: object_property_set_bool (object.c:1188) ==8536== by 0x43EF45: memory_region_write_accessor (memory.c:530) ==8536== by 0x43D395: access_with_adjusted_size (memory.c:597) ==8536== by 0x4411F9: memory_region_dispatch_write (memory.c:1474) ==8536== by 0x3EF610: flatview_write_continue (exec.c:3105) ==8536== by 0x3EF610: flatview_write (exec.c:3149) ==8536== ==8536== Conditional jump or move depends on uninitialised value(s) ==8536== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==8536== by 0x4923C8: vhost_commit (vhost.c:444) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1065) ==8536== by 0x440C8D: memory_region_transaction_commit (memory.c:1045) ==8536== by 0x54C827: ich9_pm_set_cpu_hotplug_legacy (ich9.c:351) ==8536== by 0x65EAEA: property_set_bool (object.c:1925) ==8536== by 0x662C42: object_property_set_qobject (qom-qobject.c:27) ==8536== by 0x6607A8: object_property_set_bool (object.c:1188) ==8536== by 0x43EF45: memory_region_write_accessor (memory.c:530) ==8536== by 0x43D395: access_with_adjusted_size (memory.c:597) ==8536== by 0x4411F9: memory_region_dispatch_write (memory.c:1474) ==8536== by 0x3EF610: flatview_write_continue (exec.c:3105) ==8536== by 0x3EF610: flatview_write (exec.c:3149) ==8536== by 0x3F3BF2: address_space_write (exec.c:3265) ==8536== ==8536== Thread 14: ==8536== Syscall param ioctl(generic) points to uninitialised byte(s) ==8536== at 0x9D58CCB: ioctl (in /usr/lib64/libc-2.28.so) ==8536== by 0x44DCC5: kvm_vm_ioctl (kvm-all.c:2091) ==8536== by 0x44EE2F: kvm_irqchip_send_msi (kvm-all.c:1139) ==8536== by 0x4AE33A: kvm_send_msi (apic.c:185) ==8536== by 0x4AE3A7: kvm_apic_mem_write (apic.c:203) ==8536== by 0x43EF45: memory_region_write_accessor (memory.c:530) ==8536== by 0x43D395: access_with_adjusted_size (memory.c:597) ==8536== by 0x4411F9: memory_region_dispatch_write (memory.c:1474) ==8536== by 0x3F24B9: address_space_stl_internal (memory_ldst.inc.c:415) ==8536== by 0x5BD946: rp_write_config (pcie_root_port.c:36) ==8536== by 0x43EF45: memory_region_write_accessor (memory.c:530) ==8536== by 0x43D395: access_with_adjusted_size (memory.c:597) ==8536== Address 0x17d9b360 is on thread 14's stack ==8536== in frame #2, created by kvm_irqchip_send_msi (kvm-all.c:1128) ==8536== ==8536== Thread 6: ==8536== Syscall param ioctl(generic) points to uninitialised byte(s) ==8536== at 0x9D58CCB: ioctl (in /usr/lib64/libc-2.28.so) ==8536== by 0x44FEF8: kvm_vcpu_ioctl (kvm-all.c:2109) ==8536== by 0x501E41: kvm_get_tsc (kvm.c:185) ==8536== by 0x501E41: do_kvm_synchronize_tsc (kvm.c:197) ==8536== by 0x536372: process_queued_cpu_work (cpus-common.c:342) ==8536== by 0x42CBA7: qemu_kvm_cpu_thread_fn (cpus.c:1220) ==8536== by 0x42CBA7: qemu_kvm_cpu_thread_fn (cpus.c:1188) ==8536== by 0x9A4E2DD: start_thread (in /usr/lib64/libpthread-2.28.so) ==8536== by 0x9D622D2: clone (in /usr/lib64/libc-2.28.so) ==8536== Address 0x13d93744 is on thread 6's stack ==8536== in frame #2, created by do_kvm_synchronize_tsc (kvm.c:196) ==8536== ==8536== ==8536== HEAP SUMMARY: ==8536== in use at exit: 13,198,301 bytes in 33,762 blocks ==8536== total heap usage: 557,716 allocs, 523,954 frees, 415,731,910 bytes allocated ==8536== ==8536== LEAK SUMMARY: ==8536== definitely lost: 2,075 bytes in 115 blocks ==8536== indirectly lost: 176 bytes in 11 blocks ==8536== possibly lost: 9,032 bytes in 34 blocks ==8536== still reachable: 13,187,018 bytes in 33,602 blocks ==8536== of which reachable via heuristic: ==8536== newarray : 1,632 bytes in 19 blocks ==8536== suppressed: 0 bytes in 0 blocks ==8536== Rerun with --leak-check=full to see details of leaked memory ==8536== ==8536== Use --track-origins=yes to see where uninitialised values come from ==8536== For lists of detected and suppressed errors, rerun with: -s ==8536== ERROR SUMMARY: 4257 errors from 71 contexts (suppressed: 0 from 0)
According to Comment 1 and Comment 4, add Keywords "Regression".
The valgrind crash during startup is an unrelated minor bug unmasked by valgrind: bug 1720226.
(1) re-run qemu-kvm without -sandbox off, also hit this issue. (2) re-run valgrind qemu-kvm without -sandbox off, not hit this issue. But hit another issue "Oh, no! Something has gone wrong." when logging in. Please refer to attached screenshot. Log out and try it again, it works well. Details: ==23790== Memcheck, a memory error detector ==23790== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==23790== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info ==23790== Command: /usr/libexec/qemu-kvm -S -name avocado-vt-vm1 -machine q35 -nodefaults -device VGA,bus=pcie.0,addr=0x1 -device pcie-root-port,id=pcie_root_port_0,slot=2,chassis=2,addr=0x2,bus=pcie.0 -device pcie-root-port,id=pcie_root_port_1,slot=3,chassis=3,addr=0x3,bus=pcie.0 -device pcie-root-port,id=pcie_root_port_2,slot=4,chassis=4,addr=0x4,bus=pcie.0 -chardev socket,id=qmp_id_qmpmonitor1,path=/var/tmp/avocado_w2u90exl/monitor-qmpmonitor1-20181127-024837-wdAVx2FL,server,nowait -mon chardev=qmp_id_qmpmonitor1,mode=control -chardev socket,id=qmp_id_catch_monitor,path=/var/tmp/avocado_w2u90exl/monitor-catch_monitor-20181127-024837-wdAVx2FL,server,nowait -mon chardev=qmp_id_catch_monitor,mode=control -device pvpanic,ioport=0x505,id=idulvcka -chardev socket,id=serial_id_serial0,path=/var/tmp/avocado_w2u90exl/serial-serial0-20181127-024837-wdAVx2FL,server,nowait -device isa-serial,chardev=serial_id_serial0 -chardev socket,id=seabioslog_id_20181127-024837-wdAVx2FL,path=/var/tmp/avocado_w2u90exl/seabios-20181127-024837-wdAVx2FL,server,nowait -device isa-debugcon,chardev=seabioslog_id_20181127-024837-wdAVx2FL,iobase=0x402 -device pcie-root-port,id=pcie.0-root-port-5,slot=5,chassis=5,addr=0x5,bus=pcie.0 -device qemu-xhci,id=usb1,bus=pcie.0-root-port-5,addr=0x0 -object iothread,id=iothread0 -device pcie-root-port,id=pcie.0-root-port-6,slot=6,chassis=6,addr=0x6,bus=pcie.0 -device virtio-scsi-pci,iothread=iothread0,id=virtio_scsi_pci0,bus=pcie.0-root-port-6,addr=0x0 -blockdev driver=file,cache.direct=on,cache.no-flush=off,filename=/home/kvm_autotest_root/images/rhel810-64-virtio-scsi.qcow2,node-name=my_file -blockdev driver=qcow2,node-name=my,file=my_file,cache.direct=on,cache.no-flush=off -device scsi-hd,drive=my,bus=virtio_scsi_pci0.0,write-cache=on -device pcie-root-port,id=pcie.0-root-port-7,slot=7,chassis=7,addr=0x7,bus=pcie.0 -device virtio-net-pci,mac=9a:34:35:36:37:38,id=idyb3F88,vectors=4,netdev=idTAFS0s,bus=pcie.0-root-port-7,addr=0x0 -netdev tap,id=idTAFS0s,vhost=on -m 4G -smp 12,maxcpus=12,cores=6,threads=1,sockets=2 -cpu Opteron_G5,+kvm_pv_unhalt -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 -vnc :0 -rtc base=localtime,clock=host,driftfix=slew -boot order=cdn,once=c,menu=off,strict=off -enable-kvm -monitor stdio -qmp tcp:0:4444,server,nowait -device pcie-root-port,id=pcie.0-root-port-9,slot=9,chassis=9,addr=0x9,bus=pcie.0 -object pr-manager-helper,id=helper0,path=/var/run/qemu-pr-helper.sock -device virtio-scsi-pci,id=virtio_scsi_pci1,bus=pcie.0-root-port-9,addr=0x0 -blockdev driver=host_device,cache.direct=off,cache.no-flush=on,filename=/dev/mapper/mpatha,node-name=host_disk4,pr-manager=helper0 -blockdev driver=raw,node-name=disk_4,file=host_disk4 -device scsi-block,drive=disk_4,bus=virtio_scsi_pci1.0,id=host_disk4 ==23790== --23790-- WARNING: unhandled amd64-linux syscall: 317 --23790-- You may be able to write your own handler. --23790-- Read the file README_MISSING_SYSCALL_OR_IOCTL. --23790-- Nevertheless we consider this a bug. Please report --23790-- it at http://valgrind.org/support/bug_reports.html. ==23790== Warning: client switching stacks? SP change: 0x1ffeffe6f8 --> 0x4162fe8 ==23790== to suppress, use: --max-stackframe=137353606928 or greater ==23790== Warning: client switching stacks? SP change: 0x4162f88 --> 0x1ffeffe700 ==23790== to suppress, use: --max-stackframe=137353607032 or greater ==23790== Warning: client switching stacks? SP change: 0x1ffeffef08 --> 0x4162fc0 ==23790== to suppress, use: --max-stackframe=137353609032 or greater ==23790== further instances of this message will not be shown. QEMU 4.0.0 monitor - type 'help' for more information (qemu) ==23790== Syscall param ioctl(generic) points to uninitialised byte(s) ==23790== at 0xA141CCB: ioctl (in /usr/lib64/libc-2.28.so) ==23790== by 0x46BD45: kvm_ioctl (kvm-all.c:2123) ==23790== by 0x5310D9: kvm_arch_get_supported_msr_feature (kvm.c:459) ==23790== by 0x4DED89: x86_cpu_get_supported_feature_word (cpu.c:3842) ==23790== by 0x4DEDE8: x86_cpu_filter_features (cpu.c:5108) ==23790== by 0x4E3DBF: x86_cpu_realizefn (cpu.c:5193) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x4C0E7E: pc_new_cpu (pc.c:2170) ==23790== by 0x4C4A20: pc_cpus_init (pc.c:2218) ==23790== Address 0x1ffeffed84 is on thread 1's stack ==23790== in frame #2, created by kvm_arch_get_supported_msr_feature (kvm.c:435) ==23790== ==23790== Warning: noted but unhandled ioctl 0xaea3 with no size/direction hints. ==23790== This could cause spurious value errors to appear. ==23790== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper. ==23790== Warning: set address range perms: large range [0x59e8e000, 0x15a08e000) (noaccess) ==23790== Warning: set address range perms: large range [0x5a000000, 0x15a000000) (defined) ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x4C808C: old_pc_system_rom_init (pc_sysfw.c:238) ==23790== by 0x4C82B5: pc_system_firmware_init (pc_sysfw.c:310) ==23790== by 0x4C4E09: pc_memory_init (pc.c:2454) ==23790== by 0x4C7D47: pc_q35_init (pc_q35.c:209) ==23790== by 0x58DAFA: machine_run_board_init (machine.c:1328) ==23790== by 0x3FDE0B: main (vl.c:4517) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5E5404: mch_realize (q35.c:551) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x586935: qdev_init_nofail (qdev.c:321) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5E30B1: init_pam (pam.c:47) ==23790== by 0x5E5633: mch_realize (q35.c:593) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x586935: qdev_init_nofail (qdev.c:321) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x49A33F: ich9_lpc_realize (lpc_ich9.c:694) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x586935: qdev_init_nofail (qdev.c:321) ==23790== by 0x5E9447: pci_create_simple_multifunction (pci.c:2139) ==23790== by 0x4C7831: pc_q35_init (pc_q35.c:244) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5CC5C7: isa_register_ioport (isa-bus.c:130) ==23790== by 0x5CAE77: pic_common_realize (i8259_common.c:81) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x586935: qdev_init_nofail (qdev.c:321) ==23790== by 0x5CAF8B: i8259_init_chip (i8259_common.c:100) ==23790== by 0x4D85EB: kvm_i8259_init (i8259.c:132) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x4C5C42: ioapic_init_gsi (pc.c:2709) ==23790== by 0x4C7D96: pc_q35_init (pc_q35.c:280) ==23790== by 0x58DAFA: machine_run_board_init (machine.c:1328) ==23790== by 0x3FDE0B: main (vl.c:4517) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x4C5636: pc_basic_device_init (pc.c:2619) ==23790== by 0x4C7A06: pc_q35_init (pc_q35.c:291) ==23790== by 0x58DAFA: machine_run_board_init (machine.c:1328) ==23790== by 0x3FDE0B: main (vl.c:4517) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x4A46D7: rtc_realizefn (mc146818rtc.c:1005) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x586935: qdev_init_nofail (qdev.c:321) ==23790== by 0x4A48D4: mc146818_rtc_init (mc146818rtc.c:1026) ==23790== by 0x4C5756: pc_basic_device_init (pc.c:2651) ==23790== by 0x4C7A06: pc_q35_init (pc_q35.c:291) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5B8338: i8257_realize (i8257.c:555) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x586935: qdev_init_nofail (qdev.c:321) ==23790== by 0x5B8CB4: i8257_dma_init (i8257.c:638) ==23790== by 0x4C578B: pc_basic_device_init (pc.c:2668) ==23790== by 0x4C7A06: pc_q35_init (pc_q35.c:291) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x4548CB: portio_list_add_1 (ioport.c:248) ==23790== by 0x45504F: portio_list_add (ioport.c:275) ==23790== by 0x5B835F: i8257_realize (i8257.c:558) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x586935: qdev_init_nofail (qdev.c:321) ==23790== by 0x5B8CB4: i8257_dma_init (i8257.c:638) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5B83EA: i8257_realize (i8257.c:569) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x586935: qdev_init_nofail (qdev.c:321) ==23790== by 0x5B8CB4: i8257_dma_init (i8257.c:638) ==23790== by 0x4C578B: pc_basic_device_init (pc.c:2668) ==23790== by 0x4C7A06: pc_q35_init (pc_q35.c:291) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x56B4BC: ich9_pm_init (ich9.c:275) ==23790== by 0x49ADB3: ich9_lpc_pm_init (lpc_ich9.c:388) ==23790== by 0x4C7A1D: pc_q35_init (pc_q35.c:296) ==23790== by 0x58DAFA: machine_run_board_init (machine.c:1328) ==23790== by 0x3FDE0B: main (vl.c:4517) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x56C1B7: legacy_acpi_cpu_hotplug_init (cpu_hotplug.c:92) ==23790== by 0x56B604: ich9_pm_init (ich9.c:303) ==23790== by 0x49ADB3: ich9_lpc_pm_init (lpc_ich9.c:388) ==23790== by 0x4C7A1D: pc_q35_init (pc_q35.c:296) ==23790== by 0x58DAFA: machine_run_board_init (machine.c:1328) ==23790== by 0x3FDE0B: main (vl.c:4517) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5B2964: pci_std_vga_realize (vga-pci.c:238) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x545B83: qdev_device_add (qdev-monitor.c:642) ==23790== by 0x547932: device_init_func (vl.c:2367) ==23790== by 0x7659C1: qemu_opts_foreach (qemu-option.c:1171) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5B271B: pci_std_vga_mmio_region_init (vga-pci.c:208) ==23790== by 0x5B2A6E: pci_std_vga_realize (vga-pci.c:259) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x545B83: qdev_device_add (qdev-monitor.c:642) ==23790== by 0x547932: device_init_func (vl.c:2367) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5B274D: pci_std_vga_mmio_region_init (vga-pci.c:213) ==23790== by 0x5B2A6E: pci_std_vga_realize (vga-pci.c:259) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x545B83: qdev_device_add (qdev-monitor.c:642) ==23790== by 0x547932: device_init_func (vl.c:2367) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5B27A8: pci_std_vga_mmio_region_init (vga-pci.c:219) ==23790== by 0x5B2A6E: pci_std_vga_realize (vga-pci.c:259) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x545B83: qdev_device_add (qdev-monitor.c:642) ==23790== by 0x547932: device_init_func (vl.c:2367) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5EB4D5: pci_bridge_region_init (pci_bridge.c:190) ==23790== by 0x5EB968: pci_bridge_initfn (pci_bridge.c:384) ==23790== by 0x5E0F9F: rp_realize (pcie_root_port.c:65) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x5E13DD: gen_rp_realize (gen_pcie_root_port.c:78) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5EB502: pci_bridge_region_init (pci_bridge.c:196) ==23790== by 0x5EB968: pci_bridge_initfn (pci_bridge.c:384) ==23790== by 0x5E0F9F: rp_realize (pcie_root_port.c:65) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x5E13DD: gen_rp_realize (gen_pcie_root_port.c:78) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5EB539: pci_bridge_region_init (pci_bridge.c:202) ==23790== by 0x5EB968: pci_bridge_initfn (pci_bridge.c:384) ==23790== by 0x5E0F9F: rp_realize (pcie_root_port.c:65) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x5E13DD: gen_rp_realize (gen_pcie_root_port.c:78) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5EC56D: msix_init (msix.c:333) ==23790== by 0x5EC6F6: msix_init_exclusive_bar (msix.c:371) ==23790== by 0x5E14BB: gen_rp_interrupts_init (gen_pcie_root_port.c:48) ==23790== by 0x5E0FE4: rp_realize (pcie_root_port.c:76) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x5E13DD: gen_rp_realize (gen_pcie_root_port.c:78) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5EC59D: msix_init (msix.c:336) ==23790== by 0x5EC6F6: msix_init_exclusive_bar (msix.c:371) ==23790== by 0x5E14BB: gen_rp_interrupts_init (gen_pcie_root_port.c:48) ==23790== by 0x5E0FE4: rp_realize (pcie_root_port.c:76) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x5E13DD: gen_rp_realize (gen_pcie_root_port.c:78) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x585DED: debugcon_isa_realizefn (debugcon.c:111) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x545B83: qdev_device_add (qdev-monitor.c:642) ==23790== by 0x547932: device_init_func (vl.c:2367) ==23790== by 0x7659C1: qemu_opts_foreach (qemu-option.c:1171) ==23790== by 0x3FDEAF: main (vl.c:4541) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x60B914: usb_xhci_realize (hcd-xhci.c:3432) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x545B83: qdev_device_add (qdev-monitor.c:642) ==23790== by 0x547932: device_init_func (vl.c:2367) ==23790== by 0x7659C1: qemu_opts_foreach (qemu-option.c:1171) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x60B924: usb_xhci_realize (hcd-xhci.c:3433) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x545B83: qdev_device_add (qdev-monitor.c:642) ==23790== by 0x547932: device_init_func (vl.c:2367) ==23790== by 0x7659C1: qemu_opts_foreach (qemu-option.c:1171) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x60B934: usb_xhci_realize (hcd-xhci.c:3434) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x545B83: qdev_device_add (qdev-monitor.c:642) ==23790== by 0x547932: device_init_func (vl.c:2367) ==23790== by 0x7659C1: qemu_opts_foreach (qemu-option.c:1171) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x60B944: usb_xhci_realize (hcd-xhci.c:3435) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x545B83: qdev_device_add (qdev-monitor.c:642) ==23790== by 0x547932: device_init_func (vl.c:2367) ==23790== by 0x7659C1: qemu_opts_foreach (qemu-option.c:1171) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x60B9AA: usb_xhci_realize (hcd-xhci.c:3443) ==23790== by 0x5EA917: pci_qdev_realize (pci.c:2100) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x545B83: qdev_device_add (qdev-monitor.c:642) ==23790== by 0x547932: device_init_func (vl.c:2367) ==23790== by 0x7659C1: qemu_opts_foreach (qemu-option.c:1171) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x621236: virtio_pci_modern_region_map (virtio-pci.c:1462) ==23790== by 0x621524: virtio_pci_modern_mem_region_map (virtio-pci.c:1476) ==23790== by 0x621524: virtio_pci_device_plugged (virtio-pci.c:1595) ==23790== by 0x61E175: virtio_bus_device_plugged (virtio-bus.c:74) ==23790== by 0x4B0C9F: virtio_device_realize (virtio.c:2560) ==23790== by 0x587A53: device_set_realized (qdev.c:834) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x622604: virtio_pci_realize (virtio-pci.c:1786) ==23790== ==23790== Warning: noted but unhandled ioctl 0xaea2 with no size/direction hints. ==23790== This could cause spurious value errors to appear. ==23790== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper. ==23790== Thread 6: ==23790== Syscall param ioctl(generic) points to uninitialised byte(s) ==23790== at 0xA141CCB: ioctl (in /usr/lib64/libc-2.28.so) ==23790== by 0x46E2A8: kvm_vcpu_ioctl (kvm-all.c:2159) ==23790== by 0x5336D2: kvm_put_xsave (kvm.c:1837) ==23790== by 0x5336D2: kvm_arch_put_registers (kvm.c:3094) ==23790== by 0x46B1C1: do_kvm_cpu_synchronize_post_init (kvm-all.c:1883) ==23790== by 0x55455A: process_queued_cpu_work (cpus-common.c:342) ==23790== by 0x44656F: qemu_kvm_cpu_thread_fn (cpus.c:1286) ==23790== by 0x44656F: qemu_kvm_cpu_thread_fn (cpus.c:1254) ==23790== by 0x757343: qemu_thread_start (qemu-thread-posix.c:502) ==23790== by 0x9E372DD: start_thread (in /usr/lib64/libpthread-2.28.so) ==23790== by 0xA14B2D2: clone (in /usr/lib64/libc-2.28.so) ==23790== Address 0x12c65a90 is 2,704 bytes inside a block of size 4,096 alloc'd ==23790== at 0x4C3351C: memalign (vg_replace_malloc.c:908) ==23790== by 0x4C33629: posix_memalign (vg_replace_malloc.c:1072) ==23790== by 0x756479: qemu_try_memalign (oslib-posix.c:183) ==23790== by 0x7564CC: qemu_memalign (oslib-posix.c:199) ==23790== by 0x531A4A: kvm_arch_init_vcpu (kvm.c:1332) ==23790== by 0x446536: qemu_kvm_cpu_thread_fn (cpus.c:1267) ==23790== by 0x757343: qemu_thread_start (qemu-thread-posix.c:502) ==23790== by 0x9E372DD: start_thread (in /usr/lib64/libpthread-2.28.so) ==23790== by 0xA14B2D2: clone (in /usr/lib64/libc-2.28.so) ==23790== ==23790== Syscall param ioctl(generic) points to uninitialised byte(s) ==23790== at 0xA141CCB: ioctl (in /usr/lib64/libc-2.28.so) ==23790== by 0x46E2A8: kvm_vcpu_ioctl (kvm-all.c:2159) ==23790== by 0x534E34: kvm_put_debugregs (kvm.c:3041) ==23790== by 0x534E34: kvm_arch_put_registers (kvm.c:3130) ==23790== by 0x46B1C1: do_kvm_cpu_synchronize_post_init (kvm-all.c:1883) ==23790== by 0x55455A: process_queued_cpu_work (cpus-common.c:342) ==23790== by 0x44656F: qemu_kvm_cpu_thread_fn (cpus.c:1286) ==23790== by 0x44656F: qemu_kvm_cpu_thread_fn (cpus.c:1254) ==23790== by 0x757343: qemu_thread_start (qemu-thread-posix.c:502) ==23790== by 0x9E372DD: start_thread (in /usr/lib64/libpthread-2.28.so) ==23790== by 0xA14B2D2: clone (in /usr/lib64/libc-2.28.so) ==23790== Address 0x13d93670 is on thread 6's stack ==23790== in frame #2, created by kvm_arch_put_registers (kvm.c:3068) ==23790== ==23790== Thread 1: ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5E9E15: pci_init_bus_master (pci.c:96) ==23790== by 0x5E9E54: pcibus_machine_done (pci.c:108) ==23790== by 0x763513: notifier_list_notify (notify.c:40) ==23790== by 0x3FDF9A: qemu_run_machine_init_done_notifiers (vl.c:2691) ==23790== by 0x3FDF9A: main (vl.c:4594) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x58E22A: rom_set_mr (loader.c:907) ==23790== by 0x58F0B8: rom_add_blob (loader.c:1042) ==23790== by 0x4D2726: acpi_add_rom_blob (acpi-build.c:2852) ==23790== by 0x4D72FF: acpi_setup (acpi-build.c:2897) ==23790== by 0x4C2FF4: pc_machine_done (pc.c:2292) ==23790== by 0x763513: notifier_list_notify (notify.c:40) ==23790== by 0x3FDF9A: qemu_run_machine_init_done_notifiers (vl.c:2691) ==23790== by 0x3FDF9A: main (vl.c:4594) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x53001A: register_smram_listener (kvm.c:1549) ==23790== by 0x763513: notifier_list_notify (notify.c:40) ==23790== by 0x3FDF9A: qemu_run_machine_init_done_notifiers (vl.c:2691) ==23790== by 0x3FDF9A: main (vl.c:4594) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x530046: register_smram_listener (kvm.c:1554) ==23790== by 0x763513: notifier_list_notify (notify.c:40) ==23790== by 0x3FDF9A: qemu_run_machine_init_done_notifiers (vl.c:2691) ==23790== by 0x3FDF9A: main (vl.c:4594) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5E5D20: mch_update (q35.c:484) ==23790== by 0x58753C: qdev_reset_one (qdev.c:259) ==23790== by 0x58AA9F: qbus_walk_children (bus.c:52) ==23790== by 0x586EEF: qdev_walk_children (qdev.c:567) ==23790== by 0x58AA9F: qbus_walk_children (bus.c:52) ==23790== by 0x58AC61: qemu_devices_reset (reset.c:69) ==23790== by 0x4C16AE: pc_machine_reset (pc.c:3270) ==23790== by 0x549459: qemu_system_reset (vl.c:1738) ==23790== by 0x3FDFBF: main (vl.c:4607) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5E5D28: mch_update (q35.c:485) ==23790== by 0x58753C: qdev_reset_one (qdev.c:259) ==23790== by 0x58AA9F: qbus_walk_children (bus.c:52) ==23790== by 0x586EEF: qdev_walk_children (qdev.c:567) ==23790== by 0x58AA9F: qbus_walk_children (bus.c:52) ==23790== by 0x58AC61: qemu_devices_reset (reset.c:69) ==23790== by 0x4C16AE: pc_machine_reset (pc.c:3270) ==23790== by 0x549459: qemu_system_reset (vl.c:1738) ==23790== by 0x3FDFBF: main (vl.c:4607) ==23790== ==23790== Thread 6: ==23790== Syscall param ioctl(generic) points to uninitialised byte(s) ==23790== at 0xA141CCB: ioctl (in /usr/lib64/libc-2.28.so) ==23790== by 0x46E2A8: kvm_vcpu_ioctl (kvm-all.c:2159) ==23790== by 0x534E34: kvm_put_debugregs (kvm.c:3041) ==23790== by 0x534E34: kvm_arch_put_registers (kvm.c:3130) ==23790== by 0x46B1A1: do_kvm_cpu_synchronize_post_reset (kvm-all.c:1872) ==23790== by 0x55455A: process_queued_cpu_work (cpus-common.c:342) ==23790== by 0x44656F: qemu_kvm_cpu_thread_fn (cpus.c:1286) ==23790== by 0x44656F: qemu_kvm_cpu_thread_fn (cpus.c:1254) ==23790== by 0x757343: qemu_thread_start (qemu-thread-posix.c:502) ==23790== by 0x9E372DD: start_thread (in /usr/lib64/libpthread-2.28.so) ==23790== by 0xA14B2D2: clone (in /usr/lib64/libc-2.28.so) ==23790== Address 0x13d93670 is on thread 6's stack ==23790== in frame #2, created by kvm_arch_put_registers (kvm.c:3068) ==23790== (qemu) c (qemu) ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5E5C62: mch_update_pciexbar (q35.c:340) ==23790== by 0x5E5ED7: mch_write_config (q35.c:467) ==23790== by 0x5EE739: pci_host_config_write_common (pci_host.c:87) ==23790== by 0x45A082: memory_region_write_accessor (memory.c:502) ==23790== by 0x458235: access_with_adjusted_size (memory.c:568) ==23790== by 0x45C0EF: memory_region_dispatch_write (memory.c:1496) ==23790== by 0x402BA2: flatview_write_continue (exec.c:3279) ==23790== by 0x402DC5: flatview_write (exec.c:3318) ==23790== by 0x406F4E: address_space_write (exec.c:3408) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5EB6ED: pci_bridge_write_config (pci_bridge.c:270) ==23790== by 0x5E119E: rp_write_config (pcie_root_port.c:34) ==23790== by 0x5EE739: pci_host_config_write_common (pci_host.c:87) ==23790== by 0x45A082: memory_region_write_accessor (memory.c:502) ==23790== by 0x458235: access_with_adjusted_size (memory.c:568) ==23790== by 0x45C0EF: memory_region_dispatch_write (memory.c:1496) ==23790== by 0x402BA2: flatview_write_continue (exec.c:3279) ==23790== by 0x402DC5: flatview_write (exec.c:3318) ==23790== by 0x406F4E: address_space_write (exec.c:3408) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5E753C: pci_update_mappings (pci.c:1382) ==23790== by 0x5E7AB0: pci_default_write_config (pci.c:1438) ==23790== by 0x5EE739: pci_host_config_write_common (pci_host.c:87) ==23790== by 0x45A082: memory_region_write_accessor (memory.c:502) ==23790== by 0x458235: access_with_adjusted_size (memory.c:568) ==23790== by 0x45C0EF: memory_region_dispatch_write (memory.c:1496) ==23790== by 0x402BA2: flatview_write_continue (exec.c:3279) ==23790== by 0x402DC5: flatview_write (exec.c:3318) ==23790== by 0x406F4E: address_space_write (exec.c:3408) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x499C52: ich9_lpc_pmbase_sci_update (lpc_ich9.c:460) ==23790== by 0x49A9ED: ich9_lpc_config_write (lpc_ich9.c:520) ==23790== by 0x5EE739: pci_host_config_write_common (pci_host.c:87) ==23790== by 0x45A082: memory_region_write_accessor (memory.c:502) ==23790== by 0x458235: access_with_adjusted_size (memory.c:568) ==23790== by 0x45C0EF: memory_region_dispatch_write (memory.c:1496) ==23790== by 0x402BA2: flatview_write_continue (exec.c:3279) ==23790== by 0x402DC5: flatview_write (exec.c:3318) ==23790== by 0x406F4E: address_space_write (exec.c:3408) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x49AB3A: ich9_lpc_config_write (lpc_ich9.c:523) ==23790== by 0x5EE739: pci_host_config_write_common (pci_host.c:87) ==23790== by 0x45A082: memory_region_write_accessor (memory.c:502) ==23790== by 0x458235: access_with_adjusted_size (memory.c:568) ==23790== by 0x45C0EF: memory_region_dispatch_write (memory.c:1496) ==23790== by 0x402BA2: flatview_write_continue (exec.c:3279) ==23790== by 0x402DC5: flatview_write (exec.c:3318) ==23790== by 0x406F4E: address_space_write (exec.c:3408) ==23790== by 0x46E5A3: kvm_handle_io (kvm-all.c:1790) ==23790== by 0x46E5A3: kvm_cpu_exec (kvm-all.c:2036) ==23790== ==23790== Warning: noted but unhandled ioctl 0xaeb7 with no size/direction hints. ==23790== This could cause spurious value errors to appear. ==23790== See README_MISSING_SYSCALL_OR_IOCTL for guidance on writing a proper wrapper. ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5E74AC: pci_update_mappings (pci.c:1374) ==23790== by 0x5E7A5F: pci_default_write_config (pci.c:1438) ==23790== by 0x5EE739: pci_host_config_write_common (pci_host.c:87) ==23790== by 0x45A082: memory_region_write_accessor (memory.c:502) ==23790== by 0x458235: access_with_adjusted_size (memory.c:568) ==23790== by 0x45C0EF: memory_region_dispatch_write (memory.c:1496) ==23790== by 0x402BA2: flatview_write_continue (exec.c:3279) ==23790== by 0x402DC5: flatview_write (exec.c:3318) ==23790== by 0x406F4E: address_space_write (exec.c:3408) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5E7B22: pci_default_write_config (pci.c:1442) ==23790== by 0x5EE739: pci_host_config_write_common (pci_host.c:87) ==23790== by 0x45A082: memory_region_write_accessor (memory.c:502) ==23790== by 0x458235: access_with_adjusted_size (memory.c:568) ==23790== by 0x45C0EF: memory_region_dispatch_write (memory.c:1496) ==23790== by 0x402BA2: flatview_write_continue (exec.c:3279) ==23790== by 0x402DC5: flatview_write (exec.c:3318) ==23790== by 0x406F4E: address_space_write (exec.c:3408) ==23790== by 0x46E5A3: kvm_handle_io (kvm-all.c:1790) ==23790== by 0x46E5A3: kvm_cpu_exec (kvm-all.c:2036) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x4CF88F: vapic_map_rom_writable (kvmvapic.c:612) ==23790== by 0x4CF88F: vapic_prepare (kvmvapic.c:621) ==23790== by 0x4CFE49: vapic_write (kvmvapic.c:669) ==23790== by 0x45A082: memory_region_write_accessor (memory.c:502) ==23790== by 0x458235: access_with_adjusted_size (memory.c:568) ==23790== by 0x45C0EF: memory_region_dispatch_write (memory.c:1496) ==23790== by 0x402BA2: flatview_write_continue (exec.c:3279) ==23790== by 0x402DC5: flatview_write (exec.c:3318) ==23790== by 0x406F4E: address_space_write (exec.c:3408) ==23790== by 0x46E5A3: kvm_handle_io (kvm-all.c:1790) ==23790== by 0x46E5A3: kvm_cpu_exec (kvm-all.c:2036) ==23790== ==23790== Syscall param ioctl(generic) points to uninitialised byte(s) ==23790== at 0xA141CCB: ioctl (in /usr/lib64/libc-2.28.so) ==23790== by 0x46E2A8: kvm_vcpu_ioctl (kvm-all.c:2159) ==23790== by 0x534E34: kvm_put_debugregs (kvm.c:3041) ==23790== by 0x534E34: kvm_arch_put_registers (kvm.c:3130) ==23790== by 0x46E4B4: kvm_cpu_exec (kvm-all.c:1976) ==23790== by 0x446595: qemu_kvm_cpu_thread_fn (cpus.c:1281) ==23790== by 0x446595: qemu_kvm_cpu_thread_fn (cpus.c:1254) ==23790== by 0x757343: qemu_thread_start (qemu-thread-posix.c:502) ==23790== by 0x9E372DD: start_thread (in /usr/lib64/libpthread-2.28.so) ==23790== by 0xA14B2D2: clone (in /usr/lib64/libc-2.28.so) ==23790== Address 0x13d93640 is on thread 6's stack ==23790== in frame #2, created by kvm_arch_put_registers (kvm.c:3068) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x5E5EE7: mch_write_config (q35.c:462) ==23790== by 0x5EE739: pci_host_config_write_common (pci_host.c:87) ==23790== by 0x45A082: memory_region_write_accessor (memory.c:502) ==23790== by 0x458235: access_with_adjusted_size (memory.c:568) ==23790== by 0x45C0EF: memory_region_dispatch_write (memory.c:1496) ==23790== by 0x402BA2: flatview_write_continue (exec.c:3279) ==23790== by 0x402DC5: flatview_write (exec.c:3318) ==23790== by 0x406F4E: address_space_write (exec.c:3408) ==23790== by 0x46E5A3: kvm_handle_io (kvm-all.c:1790) ==23790== by 0x46E5A3: kvm_cpu_exec (kvm-all.c:2036) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x56C23E: acpi_switch_to_modern_cphp (cpu_hotplug.c:106) ==23790== by 0x56B317: ich9_pm_set_cpu_hotplug_legacy (ich9.c:351) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x45A082: memory_region_write_accessor (memory.c:502) ==23790== by 0x458235: access_with_adjusted_size (memory.c:568) ==23790== by 0x45C0EF: memory_region_dispatch_write (memory.c:1496) ==23790== by 0x402BA2: flatview_write_continue (exec.c:3279) ==23790== ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x56B317: ich9_pm_set_cpu_hotplug_legacy (ich9.c:351) ==23790== by 0x685E5A: property_set_bool (object.c:2074) ==23790== by 0x68A352: object_property_set_qobject (qom-qobject.c:27) ==23790== by 0x687BC8: object_property_set_bool (object.c:1332) ==23790== by 0x45A082: memory_region_write_accessor (memory.c:502) ==23790== by 0x458235: access_with_adjusted_size (memory.c:568) ==23790== by 0x45C0EF: memory_region_dispatch_write (memory.c:1496) ==23790== by 0x402BA2: flatview_write_continue (exec.c:3279) ==23790== by 0x402DC5: flatview_write (exec.c:3318) ==23790== ==23790== Thread 8: ==23790== Syscall param ioctl(generic) points to uninitialised byte(s) ==23790== at 0xA141CCB: ioctl (in /usr/lib64/libc-2.28.so) ==23790== by 0x46BF75: kvm_vm_ioctl (kvm-all.c:2141) ==23790== by 0x46D0DF: kvm_irqchip_send_msi (kvm-all.c:1181) ==23790== by 0x4D7B9A: kvm_send_msi (apic.c:185) ==23790== by 0x4D7C07: kvm_apic_mem_write (apic.c:203) ==23790== by 0x45A082: memory_region_write_accessor (memory.c:502) ==23790== by 0x458235: access_with_adjusted_size (memory.c:568) ==23790== by 0x45C0EF: memory_region_dispatch_write (memory.c:1496) ==23790== by 0x4094EE: address_space_stl_internal (memory_ldst.inc.c:349) ==23790== by 0x4094EE: address_space_stl_le (memory_ldst.inc.c:386) ==23790== by 0x5E11B6: rp_write_config (pcie_root_port.c:36) ==23790== by 0x5EE739: pci_host_config_write_common (pci_host.c:87) ==23790== by 0x45A082: memory_region_write_accessor (memory.c:502) ==23790== Address 0x14d95220 is on thread 8's stack ==23790== in frame #2, created by kvm_irqchip_send_msi (kvm-all.c:1170) ==23790== ==23790== Thread 6: ==23790== Conditional jump or move depends on uninitialised value(s) ==23790== at 0x4C376E6: __memcmp_sse4_1 (vg_replace_strmem.c:1112) ==23790== by 0x4B6E88: vhost_commit (vhost.c:444) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1088) ==23790== by 0x45BBED: memory_region_transaction_commit (memory.c:1068) ==23790== by 0x48F0FB: vga_update_memory_access (vga.c:194) ==23790== by 0x48F0FB: vga_update_memory_access (vga.c:154) ==23790== by 0x45A082: memory_region_write_accessor (memory.c:502) ==23790== by 0x458235: access_with_adjusted_size (memory.c:568) ==23790== by 0x45C0EF: memory_region_dispatch_write (memory.c:1496) ==23790== by 0x402BA2: flatview_write_continue (exec.c:3279) ==23790== by 0x402DC5: flatview_write (exec.c:3318) ==23790== by 0x406F4E: address_space_write (exec.c:3408) ==23790== by 0x46E529: kvm_cpu_exec (kvm-all.c:2046) ==23790== by 0x446595: qemu_kvm_cpu_thread_fn (cpus.c:1281) ==23790== by 0x446595: qemu_kvm_cpu_thread_fn (cpus.c:1254) ==23790== (qemu) info status VM status: running (qemu) system_powerdown (qemu) ==23790== Syscall param ioctl(generic) points to uninitialised byte(s) ==23790== at 0xA141CCB: ioctl (in /usr/lib64/libc-2.28.so) ==23790== by 0x46E2A8: kvm_vcpu_ioctl (kvm-all.c:2159) ==23790== by 0x52FE61: kvm_get_tsc (kvm.c:191) ==23790== by 0x52FE61: do_kvm_synchronize_tsc (kvm.c:203) ==23790== by 0x55455A: process_queued_cpu_work (cpus-common.c:342) ==23790== by 0x44656F: qemu_kvm_cpu_thread_fn (cpus.c:1286) ==23790== by 0x44656F: qemu_kvm_cpu_thread_fn (cpus.c:1254) ==23790== by 0x757343: qemu_thread_start (qemu-thread-posix.c:502) ==23790== by 0x9E372DD: start_thread (in /usr/lib64/libpthread-2.28.so) ==23790== by 0xA14B2D2: clone (in /usr/lib64/libc-2.28.so) ==23790== Address 0x13d936d4 is on thread 6's stack ==23790== in frame #2, created by do_kvm_synchronize_tsc (kvm.c:202) ==23790== ==23790== ==23790== HEAP SUMMARY: ==23790== in use at exit: 14,500,685 bytes in 33,869 blocks ==23790== total heap usage: 1,915,275 allocs, 1,881,422 frees, 2,913,114,343 bytes allocated ==23790== ==23790== LEAK SUMMARY: ==23790== definitely lost: 19,181 bytes in 1,198 blocks ==23790== indirectly lost: 192 bytes in 12 blocks ==23790== possibly lost: 10,472 bytes in 37 blocks ==23790== still reachable: 14,470,840 bytes in 32,622 blocks ==23790== of which reachable via heuristic: ==23790== newarray : 1,600 bytes in 18 blocks ==23790== suppressed: 0 bytes in 0 blocks ==23790== Rerun with --leak-check=full to see details of leaked memory ==23790== ==23790== Use --track-origins=yes to see where uninitialised values come from ==23790== For lists of detected and suppressed errors, rerun with: -s ==23790== ERROR SUMMARY: 11188 errors from 76 contexts (suppressed: 0 from 0) In guest: # lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 20G 0 disk ├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 19G 0 part ├─rhel_bootp--73--131--233-root 253:0 0 17G 0 lvm / └─rhel_bootp--73--131--233-swap 253:1 0 2G 0 lvm [SWAP] sdb 8:16 0 130G 0 disk [root@bootp-73-131-224 ~]# sh t.sh /dev/sdb Persistent reservation out cdb: 5f 06 00 00 00 00 00 00 18 00 PR out: command (Register and ignore existing key) successful PR generation=0x1e, 2 registered reservation keys follow: 0x123aaa 0x123aaa Persistent reservation out cdb: 5f 01 05 00 00 00 00 00 18 00 PR out: command (Reserve) successful PR generation=0x1e, Reservation follows: Key=0x123aaa scope: LU_SCOPE, type: Write Exclusive, registrants only Persistent reservation out cdb: 5f 02 05 00 00 00 00 00 18 00 PR out: command (Release) successful PR generation=0x1e, there is NO reservation held Persistent reservation out cdb: 5f 00 05 00 00 00 00 00 18 00 PR out: command (Register) successful PR generation=0x20, there are NO registered reservation keys
Created attachment 1581325 [details] screenshot
Let me try to summarize our findings so far. qemu-kvm crashes when the guest executes certain sg_persist commands. We've tried several versions: qemu-kvm-4.0.0-4.module+el8.1.0+3356+cda7f1ee crash comment#2 qemu-kvm-3.1.0-27.module+el8.0.1+3253+c5371cb3 works comment#4 qemu-kvm-2.12.0-76.module+el8.1.0+3351+d11c20fa works comment#5 An attempt to reproduce with qemu-kvm running under valgrind (comment#8) made the crash go away. Instead the guest shows an unhelpful error message on login. Fresh login works. The stack backtrace for the crash (comment#2) shows thread 1 in free(). Corrupted heap?
The crash (comment#2) is due to an invalid g_free(). Proposed upstream fix: https://lists.nongnu.org/archive/html/qemu-devel/2019-08/msg04708.html According to Xueqiang Wei's testing, this fixes the crash, and unmasks the next bug: "sh test-persistent.sh /dev/sdb" now fails in the guest with multipath (pass-through /dev/mapper/mpatha). We'll need to dig deeper.
According to Comment 1, retested on latest slow train. Persistent reservation works well, so just hit it on fast train. Versions: Host: kernel-4.18.0-144.el8.x86_64 qemu-kvm-2.12.0-88.module+el8.1.0+4233+bc44be3f Guest: kernel-4.18.0-138.el8.x86_64 # multipath -ll mpathb (360050763008084e6e0000000000001a8) dm-4 IBM,2145 size=100G features='1 queue_if_no_path' hwhandler='1 alua' wp=rw |-+- policy='service-time 0' prio=50 status=active | `- 2:0:1:0 sde 8:64 active ready running `-+- policy='service-time 0' prio=10 status=enabled `- 2:0:0:0 sdd 8:48 active ready running mpatha (360050763008084e6e0000000000001a4) dm-3 IBM,2145 size=100G features='1 queue_if_no_path' hwhandler='1 alua' wp=rw |-+- policy='service-time 0' prio=50 status=active | `- 1:0:1:0 sdc 8:32 active ready running `-+- policy='service-time 0' prio=10 status=enabled `- 1:0:0:0 sdb 8:16 active ready running pass-through /dev/sdb, then test persistent reservation. # sh test-persistent.sh /dev/sdb Persistent reservation out cdb: 5f 06 00 00 00 00 00 00 18 00 PR out: command (Register and ignore existing key) successful PR generation=0x43, 1 registered reservation key follows: 0x123aaa Persistent reservation out cdb: 5f 01 05 00 00 00 00 00 18 00 PR out: command (Reserve) successful PR generation=0x43, Reservation follows: Key=0x123aaa scope: LU_SCOPE, type: Write Exclusive, registrants only Persistent reservation out cdb: 5f 02 05 00 00 00 00 00 18 00 PR out: command (Release) successful PR generation=0x43, there is NO reservation held Persistent reservation out cdb: 5f 00 05 00 00 00 00 00 18 00 PR out: command (Register) successful PR generation=0x44, there are NO registered reservation keys pass-through /dev/mapper/mpatha, then test persistent reservation. # sh test-persistent.sh /dev/sdb Persistent reservation out cdb: 5f 06 00 00 00 00 00 00 18 00 PR out: command (Register and ignore existing key) successful PR generation=0x46, 2 registered reservation keys follow: 0x123aaa 0x123aaa Persistent reservation out cdb: 5f 01 05 00 00 00 00 00 18 00 PR out: command (Reserve) successful PR generation=0x46, Reservation follows: Key=0x123aaa scope: LU_SCOPE, type: Write Exclusive, registrants only Persistent reservation out cdb: 5f 02 05 00 00 00 00 00 18 00 PR out: command (Release) successful PR generation=0x46, there is NO reservation held Persistent reservation out cdb: 5f 00 05 00 00 00 00 00 18 00 PR out: command (Register) successful PR generation=0x48, there are NO registered reservation keys
So, looking at logs you show, it *looks* like everything works as expected. That is when you stop the qemu-pr-helper, it is expected that guest won't be able to do persistent reservations, and when you start it again, it will start working again without even need to restart the guest again. I think I am missing something though.