---------------- IN: 0xf102f044: dcbst r0,r6 OUT: [size=59] 0x607b4fc0: mov -0x24(%r14),%ebp 0x607b4fc4: test %ebp,%ebp 0x607b4fc6: jl 0x607b4ff1 0x607b4fcc: mov 0x18(%r14),%ebp 0x607b4fd0: addr32 movzbl 0x0(%ebp),%ebp 0x607b4fd5: xchg %ax,%ax 0x607b4fd7: jmpq 0x607b4fdc 0x607b4fdc: movl $0xf102f048,0x26c(%r14) 0x607b4fe7: mov $0x607b4f00,%eax 0x607b4fec: jmpq 0x60638018 0x607b4ff1: mov $0x607b4f03,%eax 0x607b4ff6: jmpq 0x60638018 Process 9510 stopped * thread #1, name = 'qemu-ppc', stop reason = signal SIGSEGV: invalid address (fault address: 0x0) frame #0: 0x00000000607b4fd0 JIT(0x8609f5000)`code_gen_buffer + 1560483 JIT(0x8609f5000)`code_gen_buffer: -> 0x607b4fd0 <+1560483>: movzbl (%ebp), %ebp 0x607b4fd5 <+1560488>: nop 0x607b4fd7 <+1560490>: jmp 0x607b4fdc ; <+1560495> 0x607b4fdc <+1560495>: movl $0xf102f048, 0x26c(%r14) ; imm = 0xF102F048 (lldb) up frame #1: 0x00000000602d7791 qemu-ppc`cpu_tb_exec(cpu=0x0000000860954300, itb=0x00000000607b4f00) at cpu-exec.c:171:11 168 #endif /* DEBUG_DISAS */ 169 170 cpu->can_do_io = !use_icount; -> 171 ret = tcg_qemu_tb_exec(env, tb_ptr); 172 cpu->can_do_io = 1; 173 last_tb = (TranslationBlock *)(ret & ~TB_EXIT_MASK); 174 tb_exit = ret & TB_EXIT_MASK; (lldb) print/x env->gpr (target_ulong [32]) $0 = { [0] = 0xf102f00c [1] = 0xf6ffce80 [2] = 0x00000000 [3] = 0x10011424 [4] = 0x00000000 [5] = 0x10011424 [6] = 0x00000000 [7] = 0xf105243c [8] = 0x00000000 [9] = 0x00000007 [10] = 0xf0fdf2b4 [11] = 0x0000002e [12] = 0x00000017 [13] = 0x00000000 [14] = 0x00000000 [15] = 0x00000000 [16] = 0x10031560 [17] = 0x00000000 [18] = 0x01100002 [19] = 0x00000001 [20] = 0x100005e0 [21] = 0x100005e8 [22] = 0x100005e8 [23] = 0x00000000 [24] = 0xf6ffcefc [25] = 0x00000004 [26] = 0x10000094 [27] = 0xf105243c [28] = 0x100107f0 [29] = 0x00000c34 [30] = 0xf1041228 [31] = 0x00000000 } (lldb) print/x env->nip (target_ulong) $1 = 0xf102f044 (lldb)