GSOC qemu Boot Mac OS >= 8.5 on PowerPC system

[mcayland]

@Cat_7: thanks for testing! I was able to post the patchset upstream just before the holidays: http://www.openfirmware.info/pipermail/ ... 08933.html so I'm just waiting for an ACK from one of the PPC maintainers before I commit.

Also note that your use of -prom-env is incorrect (the fwcfg interface accepts only one argument at a time) and so boot-args isn't being set with your example - you need to set each variable separately with -prom-env, i.e. "-prom-env 'auto-boot?=true' -prom-env 'boot-args=-v' instead of "-prom-env 'auto-boot?=true boot-args=-v'".

If you try this on your 10.0/10.1 images then you should get a text console when you get the panic - if you can post the module name from the backtrace then that will give a hint as to which part of the emulation is causing the problem.

Also it seems that Apple removed g3beige support from 10.3 onwards so not having -M g3beige boot 10.3 and 10.4 is expected, although it seems some people have managed to hack around this.

[LightBulbFun]

with regards to 10.0/10.1 not booting I have played around with this a lot and from what i can tell it locks up trying to load the window server I don't get a Kernel panic as such but it will just stop booting (in verbose mode it will load through everything but the moment it gets to the window server point it stops) even using a HDD disk image with 10.1.5 installed it still locks up... although OS X DP3 will make it to a GUI but none of the drop down menus work so i cant select a HDD target to install to

[Cat_7]

10.1 gives me 4 messages about

AppleMacRiscPCI: bad range 2 (80000000:00080000)
AppleMacRiscPCI: bad range 2 (80000000:00008100)
AppleMacRiscPCI: bad range 2 (81000000:01000000)
AppleMacRiscPCI: bad range 2 (82000000:00010000)

Qemu discussions lists seem to mention these have something to do with macio_ide?
https://lists.gnu.org/archive/html/qemu ... 00101.html

Boot process also shows "automatic reboot in progress"

Best wishes for the new year!
Cat_7

[LightBulbFun]

the AppleMacRISCPCI bad range thing happens on all versions of OS X when running in QEMU when doing mac99 emulation. but what happens when I try to boot 10.0 or 10.1 is that it will boot up "fine" ie i can boot into single user mode no problem etc but when it goes to load the GUI/Window server it hangs so evidently it does not like the Video card QEMU emulates or something related to that... I know 10.0 and 10.1 can be quite picky when it comes to video cards etc

[kataetheweirdo]

It makes sense, given that QEMU only emulates a generic VGA card and might not even match the 'fake' video card the early versions of Mac OS X trying to aim for. Looking through Apple's open source directory seems to confirm this as it trying to manage addresses not handled by QEMU's fake video card.

[adespoton]

Here's an image with some details from PearPC 0.5 -- I've never had an issue with crashes on my 10.1 VM. Maybe we can figure out where the two differ to figure out what's going wrong in qemu?

10.0 of course won't run in PearPC, but theoretically should run in qemu if 9.1 does.

[Cat_7]

Hi,

Just a wild hunch, but I was wondering whether there might be an issue related to power management. I saw powermanagement-related entries in the logs from macsbug booting 9.2 just before the hang. And also while booting 10.1/10.0.

Best,
Cat_7

[mcayland]

@Cat_7, @LightBulbFun: happy new year to you both!

It just so happens that investigating another bug report I found that any PCI accesses are incorrect under Darwin/OS X with current QEMU git master OpenBIOS, i.e. any driver that tries to change the configuration or read/write registers from the card will fail

Can you try the test OpenBIOS binary below on a g3beige machine and let me know whether or not if makes any difference to 10.0/10.1 at all? I'm wondering if 10.0/10.1 fail because the video drivers are trying to change the card configuration from the default as set by the BIOS:

https://www.ilande.co.uk/tmp/openbios/o ... ppc-pcifix

In theory this BIOS should also fix the QEMU RTL8139 network card in Darwin/OS X (the logs look correct now) but I can't quite figure out how to bring up a network card manually on my Darwin installation here...

[adespoton]

When we were looking at networking on Shoebill, we found that after bringing up the card, we had to fill the buffer before the OS would talk to the card correctly, otherwise it would just throw an error. Maybe something like this is happening in Darwin, where the card is active and the interface is there, but the buffer isn't primed to process data on that interrupt?

This is a layer I've never really completely understood, as it usually seems to just work, but when it fails, it seems to require some layer of voodoo to get it functional.

[Cat_7]

Hi,

I don't see much difference. The boot process hangs at the same spot. With the new openbios I see both ata-3 and ata-4 where earlier there were only 2 ata-3.

There is a regression in booting Mac OS 9, however. I get the "no valid state..." message.
(the same happened with a 10.3 image after I tried to allow the classic startup to change the content of the OS9 system folder I copied to the disk).

Networking works. I tested with 10.3 and 10.4! It can be started with:
-netdev user,id=network0 -device rtl8139,netdev=network0
(you need the efi-rtl8139.rom file)
This allows the card to show up in the OSX preferences with the correct DHCP slirp settings:
ip 10.0.2.15, mask 255.255.255.0, router 10.0.2.2

btw: to reply to your question on the mailing list: this creates an en1 device in OSX, en0 is the built-in ethernet device.

After upgrading to 10.4.11 trough the network connection, OSX now no longer recognises the rtl8139 card. I guess the appropriate kext is no longer included, and we would thus need a separate one to get the card to work.

But, oh my, the mouse is in trouble With g3beige it disappears often, not so with mac99. And networking makes the system become unresponsive quite easily.

Best,
Cat_7

[LightBulbFun]

Played around with it a bit CD ROM emulation on the mac99 machine is broken again and 10.0 install CD hangs at the same place (had to use g3beige of corse). quickly tried networking with Tiger but im not sure if i have the network setup right on the host system for it and the Emulated RTL8139 ethernet card never showed up inside Tiger... keep in mind this is just me having a quick stab at it. later on I may image 10.0.4 that I have installed on my PowerMac1,1 and see what that does in QEMU

[mcayland]

@LightBulbFun: Yeah, it was just a test of the PCI fix and is based upon master and so doesn't have things such as the ata-3 fix included, or the OS 9 bootloader hack. I'll try and get upstream what I can when people are back from the holidays.

As for RTL8139, I don't think the driver is included in 10.2 (or at least it doesn't located a kext for me on darwinppc-602.iso which is loosely based upon 10.2) and indeed the FAQ mentions you need to do some work: http://www.emaculation.com/doku.php/ppc ... mu-for-osx

@Cat_7: if you get a moment, it is worth updating the FAQ at http://www.emaculation.com/doku.php/ppc ... mu-for-osx as the information on there is quite old. In particular, the QEMU 1.6 binary is extremely out of date - the colour bug has been fixed for a long time (bug in pixman for Mac), and I really wouldn't recommend running anything < 2.4 due to the possibility of disk corruption.

[Cat_7]

Realtek drivers for Mac OS 8.6/9/10.0/10.1/10.2 are available at the realtek site.
http://www.realtek.com.tw/downloads/dow ... 39B%28L%29

(see category Others)

I haven't found a way to use the Apple RTL8139 kext from 10.3 and early 10.4 in later OSX versions.

@Cat_7: if you get a moment, it is worth updating the FAQ at http://www.emaculation.com/doku.php/ppc ... mu-for-osx as the information on there is quite old. In particular, the QEMU 1.6 binary is extremely out of date - the colour bug has been fixed for a long time (bug in pixman for Mac), and I really wouldn't recommend running anything < 2.4 due to the possibility of disk corruption.

That is some task given there is no easy way to distribute Qemu for OSX

Best,
Cat_7

[LightBulbFun]

I had a quick poke around with 10.4.11 and it still has the RTL8139 driver so the fact it works in 10.4 but not 10.4.11 in QEMU could mean 2 things 1 the 10.4 kext has a device id listed that 10.4.11 does not have that matches QEMUs networking card (ill have to dig out a 10.4 kext to check) or something else in QEMU breaks networking in 10.4.11 but not 10.4

[Cat_7]

In 10.4.11 I pulled the 8139 kext out of the IONetworkingFamily.kext and added the old pre 10.4.11 kext to the extensions folder and rebuilt the kextcache. This doesn't work, due to some dependencies not being found.

I did not yet try to add the old kext under plugins in the IONetworkingFamily.kext. But my guess is that that leads to the same problem.

We could edit the kext in 10.4.11 to include the correct device id, but I'n not in favour of going that way

Best,
Cat_7

[mcayland]

@Cat_7: if you get a moment, it is worth updating the FAQ at http://www.emaculation.com/doku.php/ppc ... mu-for-osx as the information on there is quite old. In particular, the QEMU 1.6 binary is extremely out of date - the colour bug has been fixed for a long time (bug in pixman for Mac), and I really wouldn't recommend running anything < 2.4 due to the possibility of disk corruption.

That is some task given there is no easy way to distribute Qemu for OSX

Really? I'm sure someone posted some updated binaries up-thread somewhere. It just seems a shame that there seems to be new interest in QEMU as a result of GSoC and anyone coming to the forums gets taken to a set of binaries that are a few years old with known bugs and no OS 9 fixes I hope that someone manages to figure out a way to provide something more up-to-date.

[mcayland]

@LightBulbFun: I've finally got around to setting up Darwin 8.0.1 here with the latest OpenBIOS patches and I can confirm that the rtl8139 works fine under both g3beige and mac99

@Cat_7: Look at Apple's open source site, it looks like the rtl8139 driver matches directly on the PCI ID (see the embedded plist in http://www.opensource.apple.com/source/ ... ct.pbxproj). Does the rtl8139 show up in 10.4.11 with ioreg and/or kextstat? Otherwise it will need someone to enable debugging in QEMU to see what is happening.

Also I've updated my OpenBIOS with the latest set of patches for testing (including ata-3, rtl8139 and OS 9): https://www.ilande.co.uk/tmp/openbios/openbios-ppc

[mcayland]

ok I did some more tests I got a lot more RW errors in tiger (even after unzipping a fresh image) I Figured a place to put my screen shots may be tempory tho, but here is one of the latest openBIOS the one built on the 24th.
it hung soon after that Hope this helps (this was booting from a 10.4.6 install Dvd image)

I've spent some time on this today and it's a simple overflow bug - patch posted at https://lists.gnu.org/archive/html/qemu ... 00011.html if you want to test yourself. With this I can boot the 10.4.6 DVD to the installer with the OpenBIOS linked above and running QEMU with -M mac99 -cpu G3

[mcayland]

@Cat_7: I've just been testing latest qemu git master with the latest OpenBIOS and OS 9 boot now gets slightly further in my OpenTransport-only test ISO.

MacsBug is now showing the exception a few stack frames further, with the last recognisable 68K stack frame being "AINI 7F58 05AA Install MacTCP" if that helps give any further clues, although it's still called from OTRunPortScanners via "AINI 8042 05AA Startup ASLM PPC".

[adespoton]

That would seem to imply that we've done the scan, found the open interface, and are now attempting to bind TCP to it. Any way of verifying if it has set up the TCP buffer yet at time of crash?

[Cat_7]

Hi,

I created an updated Qemu for OSX download. See here: http://www.emaculation.com/forum/viewto ... =34&t=8848
and updated the Qemu for OSX installation guide on the wiki page: http://www.emaculation.com/doku.php/ppc ... mu-for-osx

Best,
Cat_7

[PeterHolbrook]

Many thanks, Cat_7. That's useful.

[mcayland]

@Cat_7: wow that's an amazing job you've done there on the binary and documentation updates!

Before I go delving into Macsbug again, I think I may have a little poke around to see if I can work out what's happening with the PCI range warnings - it could be a similar bug to the one that stopped PCI devices such as rtl8139 from working properly i.e. it calculates the wrong addresses for accessing hardware devices which is bound to cause exceptions such as this.

[sentient06]

Gentlemen, I managed to install QEMU 2.5 in my Snow Leopard machine via Homebrew.

I installed gcc 4.8 first, via homebrew as well and then Qemu.

Code: Select all

$ sudo xcode-select -switch /XCode3/
$ brew install gcc48 --cc=gcc-4.2
$ brew install qemu --cc=gcc-4.8

That should do the trick.

Cheers!

[Cat_7]

Got a new log from a crash from test.raw with OT ASML modules extension enabled. This is with latest qemu and openbios. Please see below for a crash log in the command window that sometimes happens before MacOS reaches the debugger.

MacsBug 6.6.3, Copyright Apple Computer, Inc. 1981-2000

PowerPC unmapped memory exception at AAFE0700

7-Jan-2016 11:24:21 PM (since boot = 26 seconds)
Machine = #406 (NewWorldMac), System $0922, sysu = $01008000
ROM version $077D, $45F6, $0001 (ROMBase $FFC00000)
VM is on; paging is currently safe (and it probably isn't VM's fault)
NIL^ = $FFC10000
Stack space used = +206188484
Address AAFE0700 is not in RAM or ROM
PowerPC 740/750 Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = AAFE0700 CR 0010 0010 0010 0010 0000 0100 0010 1000
LR = 006B3534 <>=O XEVO
CTR = AAFE0700
MSR = 00000000 SOC Compare Count
Int = 0 XER 000 01 00 MQ = 00000000

R0 = AAFE0700 R8 = FFC10000 R16 = 0068F2A0 R24 = 0C0B1A94
SP = 0C0B1A18 R9 = 00000000 R17 = 00694330 R25 = 0068DA84
TOC = 00000000 R10 = 00000009 R18 = 0C0B1B90 R26 = 005A6B50
R3 = 00000000 R11 = 0068DB74 R19 = 00000020 R27 = 00000000
R4 = 00695640 R12 = 000C004C R20 = 43443030 R28 = 00000000
R5 = 000905E8 R13 = 00596F30 R21 = 00689688 R29 = 00695640
R6 = 00000000 R14 = 00004D2C R22 = 0C0B1A90 R30 = 0068DB74
R7 = 00000000 R15 = 0C0C0190 R23 = 00000001 R31 = 0069563C
Unable to access that address
Heap zones
#1 Mod 10240K 00002800 to 00A027FF SysZone^ ApplZone^ TheZone^ TargetZone
#2 Mod 6K 00029220 to 0002AC0F ROM read-only zone
#3 Mod 6K 00A02800 to 00A03FFF
#4 Mod 6K 00A02800 to 00A03FFF
#5 Mod 9215K 10100000 to 109FFFDF
#6 Mod 216K 102413D0 to 102773CF
#7 Mod 94K 10317450 to 1032F02F
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 00029220 is ok
The heap at 00A02800 is ok
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 0017 #23 0029D290 #2740880 (#2676K)
Nonrelocatable 091B #2331 0051381C #5322780 (#5198K)
Relocatable 030D #781 0024F510 #2422032 (#2365K)
Locked 00D3 #211 0019AE70 #1683056 (#1643K)
Purgeable and not locked 0043 #67 0001B4F0 #111856 (#109K)
Heap size 0C3F #3135 009FFFBC #10485692 (#9M)
The target heap is the heap at 00A02800
Totaling the heap at 00A02800
Total Blocks Total of Block Sizes
Free 0001 #1 00001650 #5712
Nonrelocatable 0003 #3 0000016C #364
Relocatable 0000 #0 00000000 #0
Locked 0000 #0 00000000 #0
Purgeable and not locked 0000 #0 00000000 #0
Heap size 0004 #4 000017BC #6076
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 0017 #23 0029D290 #2740880 (#2676K)
Nonrelocatable 091B #2331 0051381C #5322780 (#5198K)
Relocatable 030D #781 0024F510 #2422032 (#2365K)
Locked 00D3 #211 0019AE70 #1683056 (#1643K)
Purgeable and not locked 0043 #67 0001B4F0 #111856 (#109K)
Heap size 0C3F #3135 009FFFBC #10485692 (#9M)
Displaying File Control Blocks
FRef Name VRef Type Fl ForkID LogEOF
0002 System FFFF zsys mW rsrc 006BCB37
0006 **** EXTENTS B-TREE FFFF •••• mw data 00400000
000A **** CATALOG B-TREE FFFF •••• mw data 00400000
000E **** VOLUME BITMAP FFFF •••• mw data 00010000
00A2 USB Device Extension FFFF ndrv mw data 00060B86
00A6 HID Library FFFF shlb mw data 000054B8
00B2 USB Software Locator FFFF ndrv mw data 00004672
00EA Open Transport FFFF otsl mw data 00111312
00EE Open Transport FFFF otsl mw rsrc 0003DDE6
0116 Shared Library Manager PPC FFFF INIT mw rsrc 00033D36
012A Open Transport ASLM Modules FFFF libr mw rsrc 00097F5E
0202 Mac OS ROM FFFF tbxi mW rsrc 000960FF
0286 Apple Enet DLPI Support FFFF shlb mw data 00013E38
028A EnetShimLib FFFF shlb mw data 00001C3C
028E Shared Library Manager PPC FFFF INIT mw rsrc 00033D36
0292 Open Transport ASLM Modules FFFF libr mw rsrc 00097F5E
0296 StdLog FFFF TEXT mW data 00001300
0342 VM Storage FFFF ZSYS mW data 10A00000
035A System Resources FFFF zsyr mw rsrc 000FFC67
03E6 System FFFF zsys mw data 006DC2C0
040A Mac OS ROM FFFF tbxi mw data 002AAB86
0412 Type 1 Scaler FFFF sclr mw data 000875A7
043A FontAnnexFile FFFF xfnt mW data 000002DC
0486 Language Kit Preferences FFFF pref mW rsrc 000001E4
#384 FCBs, #54 in use (including #30 fonts not listed), #330 free
Displaying Volume Control Blocks
vRef VolName Flg dRef Drv# FSID NumBlks BlkSiz FilCnt DirCnt BlsdDir VCBPtr
FFFF qemu os922 dsh FFCA 0008 0000 0007FF38 001000 000B9A 0001D9 0000001B 00158C60
#1 VCBs
Displaying Drive Queue
Drive Volume Flags dRef Driver Name FSID Size QElem at
0008 qemu os922 leiS FFCA .ATADisk 0000 003FFB36 00187B96
#1 drive
Displaying Driver Control Entries
dRef dNum Driver Flg Ver qHead Stor/Ver Dely Drvr at DCE at
FFFA 0005 .AIn bPC #9 00000000 00000000 0000 005A25D4 0058E5A0
FFF9 0006 .AOut bPC #9 00000000 00000000 0000 005A2694 0058E5F0
FFF8 0007 .BIn bPC #9 00000000 00000000 0000 005A2754 0058E640
FFF7 0008 .BOut bPC #9 00000000 00000000 0000 005A2814 00596A20
FFCF 0030 .EDisk bPC #0 00000000 00000000 003C FFCB6350 000DA470
FFCE 0031 .LANDisk bPC #1 00000000 00000000 0000 000DA710 000ECB40
FFCD 0032 .Display_Video_Apple_COFB bPO #0 00000000 00.00d00 0000 000ECF78 000ECF40
FFCC 0033 .ATALoad bPO #0 00000000 001829A0 0001 FFD9CAF0 00182950
FFCB 0034 .swmdrvr bPO #0 00000000 0000510C 0001 0055DCE0 001C8780
FFCA 0035 .ATADisk bPO #0 00000000 00187A12 0065 0018B86E 00187420
FFC9 0036 .HDI bPO #0 00000000 0058B1A0 0000 005A6B90 00187F50
FFC8 0037 .Display_Video_Apple_Offsc… bPO #0 00000000 01.00f00 0000 0059A428 0059A3F0
FFC7 0038 .ASLM bPO #2 00000000 00000000 0000 005D0220 000C59B0
#96 Unit Table entries, #13 in use, #83 free
Displaying resource information:
Map $00004B60, flags $FF80, file $0116 = Shared Library Manager PPC
> Map $00004D18, flags $FF80, file $012A = Open Transport ASLM Modules
+ Map $000058F4, flags $FF9A, file $0202 = Mac OS ROM
+ Map $0000587C, flags $FF9E, file $0003 = •ROM resources that override System•
S Map $00005A44, flags $FF8D, file $0002 = System
Map $000042E4, flags $FF9C, file $00EE = Open Transport
Map $00004ED4, flags $FF9C, file $0486 = Language Kit Preferences
Map $00005828, flags $FF94, file $035A = System Resources
[Skipped $001E maps belonging to font files]
Calling chain using A6/R1 links
Back chain ISA Caller
0C0B2FBC 68K 0C0BF3A0
0C0B2E79 PPC FFCECE1C EmToNatEndMoveParams+00014
0C0B2E00 PPC FFCDFCC0 GetSharedLibrary+000D0
0C0B2D90 PPC FFCDD280 FragPrepare+003AC
0C0B2B30 PPC FFCE2AEC GetIndSymbol+02A34
0C0B2AC0 PPC FFCE233C GetIndSymbol+02284
0C0B2A60 PPC FFCE20EC GetIndSymbol+02034
0C0B29E0 PPC 3F2DEBA0 BootOpenTransport+00090
0C0B29A0 68K 005DCE4A 'lmgr 0000 00EE'+0008A
0C0B28FA 68K 005DD458 lmgrDispatch+0001E
0C0B28E6 68K 005DD398 DoFullAppleTalkBoot+0005A
0C0B28C6 68K 005E8B6E 'AINI 8042 00EE Startup ASLM PPC'+000DE
0C0B2866 68K 005E91CA LoadLibraryManagerEntry+0012C
0C0B25AF PPC FFCECE1C EmToNatEndMoveParams+00014
0C0B2540 PPC 00664898
0C0B2488 PPC 00677284
0C0B23F0 PPC 0067EC28
0C0B23A8 PPC 0067EB2C
0C0B2350 PPC 00679520
0C0B2238 PPC 0067F678
0C0B20A0 PPC 0069ACFC
0C0B2068 PPC 0069926C
0C0B2028 PPC 0069A408 ResidentOpenTransport+0083C
0C0B1E98 PPC 00699B24 DoLoadUnload()+00060
0C0B1E48 PPC 3F324C7C OTRunPortScanners+00200
0C0B1DB8 PPC 0067D94C
0C0B1D60 PPC 0067D774
0C0B1D10 PPC 0067EC40
0C0B1CC8 PPC 0067EB2C
0C0B1C70 PPC 0067950C
0C0B1B58 PPC 0067F260
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
0C0B1DC0 PPC 3F324C7C OTRunPortScanners+00200
0C0B1D80 PPC 0067376C
0C0B1D78 0C0B1D70 PPC 006ACA54
0C0B1D68 0C0B1D60 PPC 0067D94C
0C0B1D18 0C0B1D10 PPC 0067D774
0C0B1CE0 0C0B1CD8 PPC 0067CA24
0C0B1CD0 0C0B1CC8 PPC 0067EC40
0C0B1C88 0C0B1C80 PPC 0067C9D0
0C0B1C78 0C0B1C70 PPC 0067EB2C
0C0B1C28 PPC 0067AD28
0C0B1C24 PPC 00679248
0C0B1C1E 68K 001E0064
0C0B1BDC 68K 00004D2A
0C0B1BD2 68K 001E0064
0C0B1BA4 68K 0067923E
0C0B1B80 PPC 0066C394
0C0B1B68 PPC FFD0E2B4 GetToolboxTrapAddress+00028
0C0B1B60 0C0B1B58 PPC 0067950C
0C0B1B20 PPC 0066D5C4
0C0B1B1C PPC 0067F244
0C0B1AD4 68K 00004D2A
0C0B1A9C 0C0B1A94 PPC 0067F238
0C0B1A88 0C0B1A80 PPC 00673404
0C0B1A70 0C0B1A68 PPC 0067ADAC
0C0B1A60 0C0B1A58 PPC 0067F260
0C0B1A28 PPC 006B41E0
0C0B1A20 0C0B1A18 PPC 00673318
Displaying memory from sp
0C0B1A18 0C0B 1A58 0069 56C4 0067 331C 0000 012A •••X•iVƒ•g3••••*
0C0B1A28 006B 41E4 006A B9C4 0068 8780 0068 6038 •kA‰•jπƒ•háÄ•h`8
0C0B1A38 0000 0010 0068 DA84 0068 DB74 0110 0100 •••••h⁄Ñ•h€t••••
0C0B1A48 0000 0000 0069 5640 0068 DB74 0069 563C •••••iV@•h€t•iV<
0C0B1A58 0C0B 1B58 0000 00AA 0067 F264 0000 0000 •••X•••™•gÚd••••
0C0B1A68 0C0B 1AB8 0068 6038 0067 ADB0 0068 6038 •••∏•h`8•g≠∞•h`8
0C0B1A78 0C0B 1AB8 0068 6038 0C0B 1AC0 0000 1002 •••∏•h`8•••¿••••
0C0B1A88 0067 3408 0C0B 1AB0 0059 6F30 0C0B 1B9C •g4••••∞•Yo0•••ú
Displaying memory from 0
00000000 FFC1 0000 FFC1 0000 FFC0 49B0 FFC0 49B2 ˇ¡••ˇ¡••ˇ¿I∞ˇ¿I≤
00000010 FFC0 49B4 FFC0 49B6 FFC0 49B8 FFC0 49BA ˇ¿I¥ˇ¿I∂ˇ¿I∏ˇ¿I∫
Closing log


qemu: fatal: Trying to execute code outside RAM or ROM at 0x80810088

NIP 80810088 LR 00633d54 CTR 80810088 XER 00000100 CPU#0
MSR 0000d032 HID0 00810000 HF 00004000 idx 0
TB 00000000 2131235200 DECR 00887963
GPR00 0000000080810088 000000000c0b1a18 0000000038640001 0000000000000000
GPR04 000000000061f980 00000000000905e8 0000000000000000 0000000000000000
GPR08 00000000ffc10000 0000000000000000 0000000000000009 00000000006103c4
GPR12 00000000000c004c 00000000005955f0 0000000000004d2c 000000000c0c0190
GPR16 00000000005bd410 0000000000613e30 000000000c0b1b90 0000000000000020
GPR20 0000000043443030 000000000060bed8 000000000c0b1a90 0000000000000001
GPR24 000000000c0b1a94 00000000006102d4 0000000000598280 0000000000000000
GPR28 0000000000000000 000000000061f980 00000000006103c4 000000000061f97c
CR 22220428 [ E E E E - G E L ] RES ffffffff
FPR00 0000000082004000 0000000000000000 0000000000000000 0000000000000000
FPR04 41c8e8b4b1000000 4330000001318675 4330000000000000 4330000000000000
FPR08 41ddd54fa9000000 0000000000000000 0000000000000000 0000000000000000
FPR12 3f847b718aeb3db1 fffffffffcf10591 0000000000000000 0000000000000000
FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPSCR 82004000
SRR0 80810088 SRR1 4000d032 PVR 00080301 VRSAVE 00000000
SPRG0 0fbfe000 SPRG1 0c0b1a18 SPRG2 00633d54 SPRG3 0fbfe420
SPRG4 00000000 SPRG5 00000000 SPRG6 00000000 SPRG7 00000000
SDR1 0fc0001f DAR 3f2909d8 DSISR 40000000
/Users/hsp/_qemu_easy/qemu_os9.command: line 3: 1234 Abort trap: 6 ./qemu-system-ppc -bios ./openbios-ppc -boot c -M mac99 -m 256 -cpu G3 -prom-env 'auto-boot?=true' -prom-env 'boot-args=-v' -g 1024x768x32 -netdev user,id=network0 -device rtl8139,netdev=network0 -serial none -usbdevice mouse -drive file=./test.raw,format=raw,media=disk