port-evbarm/56579: Illegal Instruction in armv8_pmu_intr [QEMU, Hypervisor.framework, Apple M1]

[tnn%nygren.pp.se@localhost]

>Number:         56579
>Category:       port-evbarm
>Synopsis:       Illegal Instruction in armv8_pmu_intr [QEMU, Hypervisor.framework, Apple M1]
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-evbarm-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Dec 25 15:40:00 +0000 2021
>Originator:     Tobias Nygren
>Release:        9.99.93
>Organization:
>Environment:
NetBSD m1 9.99.93 NetBSD 9.99.93 (GENERIC64) #1: Sat Dec 25 04:26:21 UTC 2021 
>Description:
aarch64 kernel panics after going multiuser when run in QEMU on Apple M1 with macOS-provided hypervisor. According to Linux, the M1 SoC does not have a standard PMUv3 so we probably shouldn't try to attach it.

panic: Trap: fatal Unknown Reason (Illegal Instruction):
fp ffffc000bfb7fc30 armv8_pmu_intr() at ffffc000000bb1ec netbsd:armv8_pmu_intr+0xc
fp ffffc000bfb7fc60 pic_dispatch() at ffffc000000028d8 netbsd:pic_dispatch+0x28
fp ffffc000bfb7fca0 armgic_irq_handler() at ffffc00000005220 netbsd:armgic_irq_handler+0xe0
fp ffffc000bfb7fdf8 cpu_idle() at ffffc000000ad2e4 netbsd:cpu_idle+0x40
fp ffffc000bfb7fe40 idle_loop() at ffffc00000538350 netbsd:idle_loop+0x180

Dump of assembler code for function armv8_pmu_intr:
   0xffffc000000bb1e0 <+0>:	stp	x29, x30, [sp, #-48]!
   0xffffc000000bb1e4 <+4>:	mov	x29, sp
   0xffffc000000bb1e8 <+8>:	str	x19, [sp, #16]
   0xffffc000000bb1ec <+12>:	mrs	x19, pmovsset_el0 <-- panics here

>How-To-Repeat:
Install latest qemu from pkgsrc on macOS 12.0.1 and run:

qemu-system-aarch64 \
  -M virt,accel=hvf,highmem=off -cpu cortex-a72 -m 4g \
  -drive if=none,file=netbsd.bin,id=hd0 -device virtio-blk-device,drive=hd0 \
  -netdev type=user,id=net0 -device virtio-net-device,netdev=net0,mac=00:11:22:33:44:55 \
  -bios QEMU_EFI.fd \
  -nographic

>Fix:
A workaround is to compile a kernel without "armpmu* at fdt?".