rdhpr %htstate unimplemented in translator

Host environment

• Operating system: Debian 10
• OS/kernel version: Linux kentang 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linux
• Architecture: x86_64
• QEMU flavor: qemu-system-sparc64 built using ./configure --target-list=sparc64-softmmu --enable-debug --disable-strip --enable-debug-tcg
• QEMU version: QEMU emulator version 6.2.50 current git master (7a1043ce)
• QEMU command line:

  ./qemu-system-sparc64 -M niagara -L ./bug/ -m 256 -nographic

Emulated/Virtualized environment

• Operating system: None
• OS/kernel version: None
• Architecture: sun4v

Description of problem

I accidentally mixed up a copy of T1 and T2 sun4v firmwares and was able to trigger the following TCG assert tcg_reg_alloc_mov: Assertion `ts->val_type == TEMP_VAL_REG' failed. upon boot.

Having discovered my mistake I was expecting the guest to crash at some point but without triggering an assert.

Steps to reproduce

1. Download the attached file bug.tar.gz and extract it

2. Apply the following diff to update the UART address for the T2 firmware

diff --git a/hw/sparc64/niagara.c b/hw/sparc64/niagara.c
index ccad2c43a3..7af64bd50f 100644
--- a/hw/sparc64/niagara.c
+++ b/hw/sparc64/niagara.c
@@ -51,7 +51,7 @@ typedef struct NiagaraBoardState {
 
 #define NIAGARA_PARTITION_RAM_BASE 0x80000000ULL
 
-#define NIAGARA_UART_BASE   0x1f10000000ULL
+#define NIAGARA_UART_BASE   0xfff0c2c000ULL
 
 #define NIAGARA_NVRAM_BASE  0x1f11000000ULL
 #define NIAGARA_NVRAM_SIZE  0x2000

3. Run ./qemu-system-sparc64 -M niagara -L ./bug/ -m 256 -nographic

Additional information