NetBSD Problem Report #59177
From www@netbsd.org Fri Mar 14 15:48:26 2025
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits)
client-signature RSA-PSS (2048 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 5CE991A9239
for <gnats-bugs@gnats.NetBSD.org>; Fri, 14 Mar 2025 15:48:26 +0000 (UTC)
Message-Id: <20250314154824.ED5771A923C@mollari.NetBSD.org>
Date: Fri, 14 Mar 2025 15:48:24 +0000 (UTC)
From: randrianasulu@gmail.com
Reply-To: randrianasulu@gmail.com
To: gnats-bugs@NetBSD.org
Subject: NetBSD/macppc -current fails to boot on qemu
X-Send-Pr-Version: www-1.0
>Number: 59177
>Category: port-macppc
>Synopsis: NetBSD/macppc -current fails to boot on qemu
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: port-macppc-maintainer
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Mar 14 15:50:00 +0000 2025
>Last-Modified: Sat May 31 14:00:01 +0000 2025
>Originator: Andrew Randrianasulu
>Release: 10.1
>Organization:
n/a
>Environment:
tbsd10 10.1_STABLE NetBSD 10.1_STABLE (GENERIC) #0: Sun Jan 12 12:03:45 UTC 2025 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
Tried to build NetBSD from source using this build.sh lines:
./build.sh -U -j8 -O ~/obj -m macppc -a powerpc tools
./build.sh -U -j8 -O ~/obj -m macppc -a powerpc release
./build.sh -U -j8 -O ~/obj -m macppc -a powerpc iso-image
They all report success, but resulting iso fails early in boot process:
netbsd10$ qemu-system-ppc -cdrom ~/obj/releasedir/images/NetBSD-10.99.12-macppc.iso -L /usr/pkg/share/qemu/ -boot d -prom-env 'boot-device=cd:,ofwboot.xcf /netbsd.macppc -c ' -d guest_errors,unimp -nographic
Invalid write at addr 0x3A5288, size 4, region 'ppc_heathrow.bios', reason: rejected
Invalid write at addr 0x3A528C, size 4, region 'ppc_heathrow.bios', reason: rejected
Invalid write at addr 0x3A5290, size 4, region 'ppc_heathrow.bios', reason: rejected
Invalid write at addr 0x3A5294, size 4, region 'ppc_heathrow.bios', reason: rejected
Invalid write at addr 0x3A5298, size 4, region 'ppc_heathrow.bios', reason: rejected
Invalid write at addr 0x3A529C, size 4, region 'ppc_heathrow.bios', reason: rejected
Invalid write at addr 0x3A52A0, size 4, region 'ppc_heathrow.bios', reason: rejected
Invalid write at addr 0x3A52A4, size 4, region 'ppc_heathrow.bios', reason: rejected
Invalid write at addr 0x3A52A8, size 4, region 'ppc_heathrow.bios', reason: rejected
Invalid write at addr 0x3A52AC, size 4, region 'ppc_heathrow.bios', reason: rejected
Invalid write at addr 0x3A52B0, size 4, region 'ppc_heathrow.bios', reason: rejected
Invalid write at addr 0x3A52B4, size 4, region 'ppc_heathrow.bios', reason: rejected
Invalid write at addr 0x3A52B8, size 4, region 'ppc_heathrow.bios', reason: rejected
Invalid write at addr 0x3A52BC, size 4, region 'ppc_heathrow.bios', reason: re
>> =============================================================
>> OpenBIOS 1.1 [Mar 7 2023 22:21]
>> Configuration device id QEMU version 1 machine id 2
>> CPUs: 1
>> Memory: 128M
>> UUID: 00000000-0000-0000-0000-000000000000
>> CPU type PowerPC,750
milliseconds isn't unique.
Welcome to OpenBIOS v1.1 built on Mar 7 2023 22:21
Trying cd:,ofwboot.xcf...
>> switching to new context:
>> NetBSD/macppc OpenFirmware Boot, Revision 1.15 (Fri Mar 14 14:31:24 UTC 2025)
>> Open Firmware version 3.x
>> Open Firmware running in virtual-mode.
6898956+117828=0x6b1554
start=0x100000
[ 1.0000000] Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003,
[ 1.0000000] 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013,
[ 1.0000000] 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023,
[ 1.0000000] 2024, 2025
[ 1.0000000] The NetBSD Foundation, Inc. All rights reserved.
[ 1.0000000] Copyright (c) 1982, 1986, 1989, 1991, 1993
[ 1.0000000] The Regents of the University of California. All rights reserved.
[ 1.0000000] NetBSD 10.99.12 (INSTALL) #10: Fri Mar 14 18:23:55 MSK 2025
[ 1.0000000] guest@netbsd10:/home/guest/obj/sys/arch/macppc/compile/INSTALL
[ 1.0000000] total memory = 128 MB
[ 1.0000000] avail memory = 107 MB
[ 1.0000000] found heathrow PIC at 81080000
[ 1.0000000] trap: kernel read DSI trap @ 0x41a2fedc by 0xfff1059c (DSISR 0x40000000, err=14), lr 0xfff1055c
[ 1.0000000] panic: trap
[ 1.0000190] rebooting
EXIT[ 1.0000190] trap: kernel read DSI trap @ 0x41a2fedc by 0xfff1059c (DSISR 0x40000000, err=14), lr 0xfff1055c
[ 1.0000190] Skipping crash dump on recursive panic
[ 1.0000190] panic: trap
[ 1.0000190] rebooting
EXIT[ 1.0000190] trap: kernel read DSI trap @ 0x41a2fedc by 0xfff1059c (DSISR 0x40000000, err=14), lr 0xfff1055c
[ 1.0000190] Skipping crash dump on recursive panic
[ 1.0000190] panic: trap
[ 1.0000190] rebooting
EXIT[ 1.0000190] trap: kernel read DSI trap @ 0x41a2fedc by 0xfff1059c (DSISR 0x40000000, err=14), lr 0xfff1055c
[ 1.0000190] Skipping crash dump on recursive panic
[ 1.0000190] panic: trap
[ 1.0000190] rebooting
EXIT[ 1.0000190] trap: kernel read DSI trap @ 0x41a2fedc by 0xfff1059c (DSISR 0x40000000, err=14), lr 0xfff1055c
[ 1.0000190] Skipping crash dump on recursive panic
[ 1.0000190] panic: trap
[ 1.0000190] rebooting
EXIT[ 1.0000190] trap: kernel read DSI trap @ 0x41a2fedc by 0xfff1059c (DSISR 0x40000000, err=14), lr 0xfff1055c
[ 1.0000190] Skipping crash dump on recursive panic
[ 1.0000190] panic: trap
[ 1.0000190] rebooting
EXIT[ 1.0000190] trap: kernel read DSI trap @ 0x41a2fedc by 0xfff1059c (DSISR 0x40000000, err=14), lr 0xfff1055c
[ 1.0000190] Skipping crash dump on recursive panic
[ 1.0000190] panic: trap
[ 1.0000190] rebooting
and so on ...
>How-To-Repeat:
Install qemu from pkgsrc
Build -current version of NetBSD/macppc on NetBSD 10.1/amd64
try to boot resulted iso on qemu.
>Fix:
>Audit-Trail:
From: Tobias Nygren <tnn@NetBSD.org>
To: gnats-bugs@netbsd.org
Cc: Jason Thorpe <thorpej@me.com>
Subject: Re: port-macppc/59177: NetBSD/macppc -current fails to boot on qemu
Date: Sat, 31 May 2025 12:36:54 +0200
Since NetBSD 9 boots fine in QEMU, I spent last evening bisecting
src between 2020 and 2025. Basically following this guide[1] and
afterwards repetitively swapping out the kernel through a vnd(4) mount.
The first sign of problems appeared February 2021, where we transition
from a working kernel to one that panics with mutex_vector_enter:
locking against myself during uvm_fault_internal very early.
This commit sequence is a candidate for when the regression was introduced:
https://mail-index.netbsd.org/source-changes/2021/02/24/msg127234.html
https://mail-index.netbsd.org/source-changes/2021/02/24/msg127235.html
https://mail-index.netbsd.org/source-changes/2021/02/24/msg127236.html
[1] https://www.reddit.com/r/BSD/comments/a0re4e/tip_to_install_netbsdmacppc_in_qemusystemppc/
From: Tobias Nygren <tnn@NetBSD.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: port-macppc/59177: NetBSD/macppc -current fails to boot on qemu
Date: Sat, 31 May 2025 15:56:23 +0200
This is a multi-part message in MIME format.
--Multipart=_Sat__31_May_2025_15_56_23_+0200_MWlCQJBXL+3Nmzpc
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
I reverted the asm portion of the suspect change locally and HEAD now boots.
It was pointed out privately that this is likely some QEMU firmware bug.
Anyway, I'll attach the diff for reference.
# uname -a
NetBSD 10.99.14 NetBSD 10.99.14 (GENERIC) #6: Sat May 31 15:48:46 CEST 2025 tnn@altra.rymdfartsverket.se:/work/macppc-bisect/HEAD/obj/sys/arch/macppc/compile/GENERIC macppc
--Multipart=_Sat__31_May_2025_15_56_23_+0200_MWlCQJBXL+3Nmzpc
Content-Type: text/plain;
name="powerpc.diff.txt"
Content-Disposition: attachment;
filename="powerpc.diff.txt"
Content-Transfer-Encoding: 7bit
? sys/arch/powerpc/powerpc/wd
? sys/arch/powerpc/powerpc/wdwd
Index: sys/arch/powerpc/oea/ofw_subr.S
===================================================================
RCS file: /cvsroot/src/sys/arch/powerpc/oea/ofw_subr.S,v
retrieving revision 1.20
diff -p -u -r1.20 ofw_subr.S
--- sys/arch/powerpc/oea/ofw_subr.S 28 Feb 2021 19:01:11 -0000 1.20
+++ sys/arch/powerpc/oea/ofw_subr.S 31 May 2025 13:49:56 -0000
@@ -52,7 +52,7 @@
/* MSR used in OpenFirmware */
.globl ofwmsr
- .comm ofwmsr,4,4
+ .comm ofwmsr,20,4
#ifdef FIRMWORKSBUGS
.lcomm ofwreal_incharge,4,4
@@ -101,7 +101,16 @@ ENTRY_NOPROFILE(ofwinit)
/* Save the MSR that OpenFirmware is using. */
mfmsr %r0
lis %r9,ofwmsr@ha
- stw %r0,ofwmsr@l(%r9)
+ stwu %r0,ofwmsr@l(%r9)
+
+ mfsprg0 %r0 /* save SPRGs */
+ stw %r0,4(%r9)
+ mfsprg1 %r0
+ stw %r0,8(%r9)
+ mfsprg2 %r0
+ stw %r0,12(%r9)
+ mfsprg3 %r0
+ stw %r0,16(%r9)
lis %r8,OF_buffer@ha
addi %r8,%r8,OF_buffer@l
@@ -148,6 +157,19 @@ ENTRY_NOPROFILE(openfirmware_trampoline)
*/
stwu %r1,-48(%r1)
+ lis %r4,ofentry@ha /* get firmware entry point */
+ lwz %r4,ofentry@l(%r4)
+ mtlr %r4
+
+ mfsprg0 %r5 /* save current sprg0 (curcpu) */
+ stw %r5,16(%r1)
+ mfsprg1 %r5 /* save current sprg1 */
+ stw %r5,20(%r1)
+ mfsprg2 %r5 /* save current sprg1 */
+ stw %r5,24(%r1)
+ mfsprg3 %r5 /* save current sprg3 */
+ stw %r5,28(%r1)
+
#ifdef FIRMWORKSBUGS
lis %r4,ofwreal_incharge@ha
lwz %r4,ofwreal_incharge@l(%r4)
@@ -195,33 +217,21 @@ ENTRY_NOPROFILE(openfirmware_trampoline)
cmpwi %r5,0
bne 1b
2:
- /* curcpu()->ci_battable = &ofw_battable */
- GET_CPUINFO(%r4)
- lis %r5,_C_LABEL(ofw_battable)@ha
- addi %r5,%r5,_C_LABEL(ofw_battable)@l
- stw %r5,CI_BATTABLE(%r4)
-
- lis %r4,ofentry@ha /* get firmware entry point */
- lwz %r4,ofentry@l(%r4)
- mtlr %r4
-
- lis %r4,ofwmsr@ha /* load Open Firmware MSR */
- lwz %r5,ofwmsr@l(%r4)
+ lis %r4,ofwmsr+16@ha /* Open Firmware msr + sprg[0-3] */
+ lwzu %r5,ofwmsr+16@l(%r4)
+ mtsprg3 %r5
+ lwz %r5,-4(%r4)
+ mtsprg2 %r5
+ lwz %r5,-8(%r4)
+ mtsprg1 %r5
+ lwz %r5,-12(%r4)
+ mtsprg0 %r5
+ lwz %r5,-16(%r4)
mtmsr %r5
isync
blrl /* call Open Firmware */
- li %r0,0 /* ensure disable MMU is disabled */
- mtmsr %r0
- isync
-
- /* curcpu()->ci_battable = &battable */
- GET_CPUINFO(%r4)
- lis %r5,_C_LABEL(battable)@ha
- addi %r5,%r5,_C_LABEL(battable)@l
- stw %r5,CI_BATTABLE(%r4)
-
lis %r4,clsrsave@ha /* restore saved SRs */
addi %r4,%r4,clsrsave@l
li %r5,0
@@ -236,6 +246,15 @@ ENTRY_NOPROFILE(openfirmware_trampoline)
mtmsr %r4
isync
4:
+ lwz %r5,16(%r1) /* restore saved sprgs (curcpu) */
+ mtsprg0 %r5
+ lwz %r5,20(%r1)
+ mtsprg1 %r5
+ lwz %r5,24(%r1)
+ mtsprg2 %r5
+ lwz %r5,28(%r1)
+ mtsprg3 %r5
+
addi %r1,%r1,48 /* pop stack frame and save area */
lwz %r0,4(%r1) /* return address */
mtlr %r0
Index: sys/arch/powerpc/powerpc/trap_subr.S
===================================================================
RCS file: /cvsroot/src/sys/arch/powerpc/powerpc/trap_subr.S,v
retrieving revision 1.87
diff -p -u -r1.87 trap_subr.S
--- sys/arch/powerpc/powerpc/trap_subr.S 29 Apr 2025 14:33:26 -0000 1.87
+++ sys/arch/powerpc/powerpc/trap_subr.S 31 May 2025 13:49:56 -0000
@@ -268,20 +268,14 @@ _C_LABEL(dsitrap):
rlwinm %r31,%r31,3+(32-BAT_ADDR_SHIFT),BAT_ADDR_SHIFT-3,28
/* get segment * 8 */
- /* Get address of this CPU's current battable */
- GET_CPUINFO(%r30)
- ldreg %r30,CI_BATTABLE(%r30)
-
- /* Add offset to the slot we care about. */
- add %r31,%r31,%r30
-
/* get batu */
- ldreg %r30,0(%r31)
+ addis %r31,%r31,_C_LABEL(battable)@ha
+ ldreg %r30,_C_LABEL(battable)@l(%r31)
mtcr %r30
bf 30,1f /* branch if supervisor valid is
false */
/* get batl */
- ldreg %r31,SZREG(%r31)
+ ldreg %r31,_C_LABEL(battable)+SZREG@l(%r31)
/* We randomly use the highest two bat registers here */
mftb %r28
mtcr %r28
@@ -369,21 +363,15 @@ _C_LABEL(dsi601trap):
mfdar %r31 /* get fault address */
rlwinm %r31,%r31,12,20,28 /* get "segment" battable offset */
- /* Get address of this CPU's current battable */
- GET_CPUINFO(%r30)
- ldreg %r30,CI_BATTABLE(%r30)
-
- /* Add offset to the slot we care about. */
- add %r31,%r31,%r30
-
/* get batl */
- ldreg %r30,SZREG(%r31)
+ addis %r31,%r31,_C_LABEL(battable)@ha
+ ldreg %r30,_C_LABEL(battable)+SZREG@l(%r31)
mtcr %r30
bf 25,1f /* branch if Valid is false,
presently assumes supervisor only */
/* get batu */
- ldreg %r31,0(%r31)
+ ldreg %r31,_C_LABEL(battable)@l(%r31)
/* We randomly use the highest two bat registers here */
mfspr %r28,SPR_RTCL_R
andi. %r28,%r28,128
--Multipart=_Sat__31_May_2025_15_56_23_+0200_MWlCQJBXL+3Nmzpc--
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2025
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home