Good thinking, trying that.
I worked through some of the cpu features, and when removing the line:
<feature policy='require' name='pku'/>
the test VM on 5.10.0-22-amd64 booted successfully.
https://www.kernel.org/doc/Documentation/x86/protection-keys.txt
"Memory Protection Keys provides a mechanism for enforcing page-based
protections"
"The kernel will send a SIGSEGV in both cases, but si_code will be set
to SEGV_PKERR when violating protection keys versus SEGV_ACCERR when
the plain mprotect() permissions are violated."
So, sounds like a memory protection system which can result in seg faults.
AFAICT the host system is running just fine with PKU feature on hosts
running either 5.10.0-21-amd64 or 5.10.0-22-amd64, and the host kernel
doesn't seem to affect the guest's behaviour either, only if the guest
is running 5.10.0-22-amd64 with PKU passed through.
I don't know the best bug tracker to create a ticket in would be...
https://packages.debian.org/bullseye/linux-image-5.10.0-22-amd64 ?
Regards,
--
Alan Jackson | Systems Administrator
NetValue Limited