Description of problem: qemu-kvm seg-faults / crashes when ran under a PAE enabled i686 kernel. Version-Release number of selected component (if applicable): Running Fedora 9 with latest updates. kernel-PAE-2.6.25.4-30.fc9.i686 qemu-0.9.1-5.fc9.i386 qemu-img-0.9.1-5.fc9.i386 How reproducible: Everytime when running under kernel-PAE.i686. Steps to Reproduce: 1. Boot into kernel-PAE.i686 2. qemu-kvm osimagefile Actual results: root@tinybox winxp_qemu # qemu-kvm winxp_qemu.img unhandled vm exit: 0x3f60101 vcpu_id 0 rax 000000002446ff20 rbx 000000008054269c rcx 0000000000000000 rdx 0000000000008052 rsi 00000000805426c8 rdi 0000000000000000 rsp 00000000804d7000 rbp 000000008052d44d r8 0000000000000000 r9 0000000000000000 r10 0000000000000000 r11 0000000000000000 r12 0000000000000000 r13 0000000000000000 r14 0000000000000000 r15 0000000000000000 rip 0000000080540470 rflags 00000086 cs 0008 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type b l 0 g 0 avl 0) ds 0023 (00000000/ffffffff p 1 dpl 3 db 1 s 1 type 3 l 0 g 1 avl 0) es 0023 (00000000/ffffffff p 1 dpl 3 db 1 s 1 type 3 l 0 g 1 avl 0) ss 0010 (00000000/ffffffff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0) fs 0030 (ffdff000/00001fff p 1 dpl 0 db 1 s 1 type 3 l 0 g 1 avl 0) gs 0000 (00000000/0000ffff p 1 dpl 0 db 0 s 1 type 3 l 0 g 0 avl 0) tr 0028 (80042000/000020ab p 1 dpl 0 db 0 s 0 type 9 l 0 g 0 avl 0) ldt 0000 (00000000/0000ffff p 0 dpl 0 db 0 s 0 type 0 l 0 g 0 avl 0) gdt 8003f000/3ff idt 8003f400/7ff cr0 8001003d cr2 804d6ffc cr3 abc000 cr4 20 cr8 0 efer 0 Aborted root@tinybox winxp_qemu # dmesg | grep kvm kvm: 3646: cpu0 unhandled rdmsr: 0xc0000080 kvm: inject_page_fault: double fault 0x804d6ffc kvm: 3646: cpu0 task_switch_interception: task switch is unsupported kvm: 12053: cpu0 unhandled rdmsr: 0xc0000080 kvm: inject_page_fault: double fault 0x804d6ffc kvm: 12053: cpu0 task_switch_interception: task switch is unsupported Expected results: This command works just fine when use a the regular kernel.i686. One would assume that it should work fine under the kernel-PAE.i686. Additional info: The image file works just fine if running the kernel.i686 and using kvm or if just use plain qemu to load the image file. root@tinybox winxp_qemu # cat /proc/sys/kernel/tainted 0
Looks like brain-deadness in the KVM code. Seems to be fixed in 2.6.26...
It may be a duplicate of Bug 437028 (wrmsr).
It is possible that it is similiar or related to Bug 437028. I will grab a test kernel 2.6.26 kernel srpm from koji and recompile it for F9 and test it.
The problem seems to be fixed in 2.6.26 rc6 kernel. I am going to close out this bug report with a resolution of the fix being in Rawhide.
(In reply to comment #2) > It may be a duplicate of Bug 437028 (wrmsr). > No, just total brain-deadness in the KVM code assuming that 32-bit kernels don't want to do anything with the EFER. Do we want the fix in F9?
I would take it but it is not a must have. I am currently am just running the 2.6.26 r6 kernel I pulled from koji and recompiled it for F9. As long as gcc is not updated in F9 to the current level so that I do not run into this problem: https://bugzilla.redhat.com/show_bug.cgi?id=451068. I do not mind recompiling my own kernel from the stuff that is in koji.