files: 0.912
TCG: 0.869
device: 0.851
graphic: 0.838
architecture: 0.793
network: 0.765
vnc: 0.748
boot: 0.729
peripherals: 0.716
PID: 0.706
kernel: 0.698
ppc: 0.683
socket: 0.654
mistranslation: 0.628
risc-v: 0.627
semantic: 0.575
arm: 0.566
x86: 0.557
performance: 0.546
hypervisor: 0.514
VMM: 0.503
register: 0.487
permissions: 0.458
debug: 0.439
i386: 0.349
virtual: 0.296
KVM: 0.172
user-level: 0.168
assembly: 0.151

rdhpr %htstate unimplemented in translator
Description of problem:
I accidentally mixed up a copy of T1 and T2 sun4v firmwares and was able to trigger the following TCG assert ``tcg_reg_alloc_mov: Assertion `ts->val_type == TEMP_VAL_REG' failed.`` upon boot.

Having discovered my mistake I was expecting the guest to crash at some point but without triggering an
assert.
Steps to reproduce:
1. Download the attached file bug.tar.gz and extract it

2. Apply the following diff to update the UART address for the T2 firmware

```
diff --git a/hw/sparc64/niagara.c b/hw/sparc64/niagara.c
index ccad2c43a3..7af64bd50f 100644
--- a/hw/sparc64/niagara.c
+++ b/hw/sparc64/niagara.c
@@ -51,7 +51,7 @@ typedef struct NiagaraBoardState {
 
 #define NIAGARA_PARTITION_RAM_BASE 0x80000000ULL
 
-#define NIAGARA_UART_BASE   0x1f10000000ULL
+#define NIAGARA_UART_BASE   0xfff0c2c000ULL
 
 #define NIAGARA_NVRAM_BASE  0x1f11000000ULL
 #define NIAGARA_NVRAM_SIZE  0x2000
```

3. Run `./qemu-system-sparc64 -M niagara -L ./bug/ -m 256 -nographic`
Additional information: