port-mac68k: PB520: Many commands die with Ill. instr. Place found

Subject: PB520: Many commands die with Ill. instr. Place found
To: None <port-mac68k@NetBSD.ORG>
From: Erik Bertelsen <erik@sockdev.uni-c.dk>
List: port-mac68k
Date: 08/15/1996 09:15:40
I have had several (many ::)) e-mail exchanges with Scott Reynolds about
what is causing many programs to die with the message "Illegal Instruction"
on NetBSD running on a PB520.

I'm running a kernel from Japan that runs on a Powerbook 550. The special
thing about the PB550 is that it contains a full 68040 incl. an FPU, while
the other PB500 models have the 68LC040 with no FPU.

The Japanese kernel boots fine on the PB520 including functioning screen,
keyboard, and disk system !! The SCSI chip seems to be the old one used on
the 68030 Mac's and the kernel exists with either the ncrscsi or the sbc
driver. 

My (and several other peoples') problem is that even if the kernel
contains FPU emulation code, several programs die with an Illegal
instruction when executing some FPU instruction. 

We also found out that all programs using printf will die this way, e.g. 
"cat /etc/rc.local /dev/tty" will succeed, while "cat xx" will fail while
trying to tell that xx is not the name of an existing file.

As mount had problems, we fought for a time with no writable disk, and
therefore no core dumps or anything else to analyze and with any program
that we could want to use to analyze the problems also dying, this was
somewhat frustrating. 

In an inspired moment, I tried to mount the /usr partition even if the /
partition was still mounted r/o in single user mode, i.e.  by issuing a
"mount_ffs /dev/sd0g /usr" command. Now I can get core dumps from the
dying programs after cd'ing to /usr. 

Next step is to rebuild libc and all applications in /usr/src/bin
with "cc -g". This is an overnight process on my IIcx ...

Now I have about a dozen core files from different programs in /bin, but
they all die at line 162 in vfprintf.c. 

Below is a listing from gdb, and -- as expected -- the illegal instruc-
tion seems to be an FPU instruction, i.e. fmovemx.

I hope that some other people can help with finding out how to proceed
further.

Thanks to Scott for being a sparring partner and for giving me ideas to
try out. Maybe he (or anyone else) can tell us why this instruction
SIGILL's even when FPU emulation is compiled into the kernel.

System environment on the PB:
- Installed one of the latest snaps, i.e. either 1.2_ALPHA OR _BETA.
  The file dates on the tarballs says 20 June 1996.
- Installed the Japanese PB550 kernel. This kernel contains patches to
  the kernel sources that we don't have, so we can't rebuild it with
  more detailed diagnostics. That has been a show stopper for many
  ideas.
- Installled the no-mc68881 version of libm, but this has no effect
  on anything in /bin -- these are statically linked.
- All programs that have been rebuilt, have been built on my Mac IIcx
  running NetBSD/mac68k 1.2_BETA, the sources are kept up to date with
  sup on an almost daily basis.

best regards
Erik Bertelsen


GDB is free software and you are welcome to distribute copies of it
 under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.11 (m68k-netbsd), Copyright 1993 Free Software Foundation, Inc...
Core was generated by `date'.
Program terminated with signal 4, Illegal instruction.
#0  0x8ac2 in vfprintf (fp=0xec2a, fmt0=0x2 "", ap=0x0)
    at /home/src/lib/libc/stdio/vfprintf.c:162
162     {
(gdb) where
#0  0x8ac2 in vfprintf (fp=0xec2a, fmt0=0x2 "", ap=0x0)
    at /home/src/lib/libc/stdio/vfprintf.c:162
#1  0x7664 in printf (fmt=0x2784 "%s\n")
    at /home/src/lib/libc/stdio/printf.c:70
#2  0x29d0 in main (argc=0, argv=0xffffce08) at /home/src/bin/date/date.c:145
(gdb) disas
Dump of assembler code for function vfprintf:
0x8aba <vfprintf>:      linkw fp,#-492
0x8abe <vfprintf+4>:    fmovemx fp2,sp@-
0x8ac2 <vfprintf+8>:    moveml d2-d7/a2-a5,sp@-
0x8ac6 <vfprintf+12>:   movel fp@(12),d4
0x8aca <vfprintf+16>:   movel fp@(16),d6
0x8ace <vfprintf+20>:   bsrl 0xca7a <localeconv>
0x8ad4 <vfprintf+26>:   moveal d0,a0
0x8ad6 <vfprintf+28>:   movel a0@,fp@(-470)
0x8ada <vfprintf+32>:   moveal fp@(8),a1
0x8ade <vfprintf+36>:   btst #3,a1@(13)
0x8ae4 <vfprintf+42>:   beqs 0x8aec <vfprintf+50>
0x8ae6 <vfprintf+44>:   tstl a1@(16)
0x8aea <vfprintf+48>:   bnes 0x8b02 <vfprintf+72>
0x8aec <vfprintf+50>:   movel fp@(8),sp@-