[Qemu-ppc] Why are these memory addresses wrong?

[BALATON Zoltan]

Hello,

Can someone explain what is happening here and maybe have an idea where to 
look for a solution?

I'm trying to debug u-boot running on QEMU with ppc 440 where I came 
across a problem with mmio addresses coming out wrong. The code below is 
supposed to write to 0xdec80000 plus some offset which is also where the 
memory region is mapped in QEMU according to info mtree and what u-boot 
thinks it uses if I print the address from the C code:

extern inline void out_le32(volatile unsigned __iomem *addr, int val)
{
printf("out_le32: *%p = %d\n", addr, val);
        __asm__ __volatile__("sync; stwbrx %1,0,%2" : "=m" (*addr) :
                             "r" (val), "r" (addr));
}

But when it actually tries to do it running on QEMU this is what I see 
(this is without the printf for brevity but results are the same):

IN:
0x0ffb7fdc:  lis     r8,-8504
0x0ffb7fe0:  li      r9,0
0x0ffb7fe4:  ori     r8,r8,152
0x0ffb7fe8:  sync
0x0ffb7fec:  stwbrx  r9,0,r8
0x0ffb7ff0:  lis     r10,-8504
0x0ffb7ff4:  ori     r10,r10,164
0x0ffb7ff8:  sync
0x0ffb7ffc:  stwbrx  r9,0,r10

out_le32: *dec80098 = 0
Unassigned mem write 0000000c0ec80098 = 0x0
out_le32: *dec800a4 = 0
Unassigned mem write 0000000c0ec800a4 = 0x0

If I've done the math correctly, -8504 corresponds to 0x1ec8 which is 
already not what I expect but then the access is not even to that address 
but somewhere else. I can't understand why this happens. Am I missing 
something obvious or have I found a bug?

Thank you,
BALATON Zoltan