Segmentation fault in qemu on macOS 15.0-15.3

[0xdea]

brew gist-logs <formula> link OR brew config AND brew doctor output

raptor@fnord ~ % brew config
HOMEBREW_VERSION: 4.4.32
ORIGIN: https://github.com/Homebrew/brew
HEAD: 12a3d4a6f1eedf483855716b989d828443438f79
Last commit: 18 hours ago
Branch: stable
Core tap JSON: 23 Apr 08:36 UTC
Core cask tap JSON: 23 Apr 08:36 UTC
HOMEBREW_PREFIX: /opt/homebrew
HOMEBREW_CASK_OPTS: []
HOMEBREW_MAKE_JOBS: 8
Homebrew Ruby: 3.3.8 => /opt/homebrew/Library/Homebrew/vendor/portable-ruby/3.3.8/bin/ruby
CPU: octa-core 64-bit arm_ibiza
Clang: 16.0.0 build 1600
Git: 2.39.5 => /Library/Developer/CommandLineTools/usr/bin/git
Curl: 8.7.1 => /usr/bin/curl
macOS: 15.3.2-arm64
CLT: 16.2.0.0.1.1733547573
Xcode: N/A
Rosetta 2: false

raptor@fnord ~ % brew doctor
Your system is ready to brew.

Verification

• My brew doctor output says Your system is ready to brew. and am still able to reproduce my issue.
• I ran brew update and am still able to reproduce my issue.
• I have resolved all warnings from brew doctor and that did not fix my problem.
• I searched for recent similar issues at https://github.com/Homebrew/homebrew-core/issues?q=is%3Aissue and found no duplicates.

What were you trying to do (and why)?

I'm trying to run qemu-system-x86_64 on my ARM Mac.

What happened (include all command output)?

Most qemu-system binaries produce a segmentation fauilt:

raptor@fnord rust_os % qemu-system-x86_64
zsh: segmentation fault  qemu-system-x86_64
raptor@fnord rust_os % qemu-system-mips
zsh: segmentation fault  qemu-system-mips
raptor@fnord rust_os % qemu-system-sparc
zsh: segmentation fault  qemu-system-sparc
...

Some of them work properly:

raptor@fnord rust_os % qemu-system-aarch64
qemu-system-aarch64: No machine specified, and there is no default
Use -machine help to list supported machines
raptor@fnord rust_os % qemu-system-arm
qemu-system-arm: No machine specified, and there is no default
Use -machine help to list supported machines
raptor@fnord rust_os % qemu-system-avr
qemu-system-avr: No machine specified, and there is no default
Use -machine help to list supported machines
...

What did you expect to happen?

I expected all qemu-system binaries to work properly on my ARM Mac.

Step-by-step reproduction instructions (by running brew commands)

brew install qemu
qemu-system-x86_64

[vhive-jonathan-carse]

Reproducible on my machine, version 10.0.0 is unusable
Thanks ChatGPT for guiding me on how to install v9 :)

[alebcay]

Can't reproduce this.

$ brew config
HOMEBREW_VERSION: 4.4.32-50-g8a5babc
ORIGIN: https://github.com/Homebrew/brew
HEAD: 8a5babc4247b363da068dca16f15417cee359dc0
Last commit: 2 hours ago
Branch: master
Core tap HEAD: 598f524eabb0db3dc8d96296900139940957a131
Core tap last commit: 30 minutes ago
Core tap JSON: 24 Apr 21:20 UTC
Core cask tap HEAD: d9d69fa4389c1932ab18a8316b106180293a61ab
Core cask tap last commit: 2 hours ago
Core cask tap JSON: 24 Apr 21:20 UTC
HOMEBREW_PREFIX: /opt/homebrew
HOMEBREW_CASK_OPTS: []
HOMEBREW_EDITOR: /Applications/VSCodium.app/Contents/Resources/app/bin/codium
HOMEBREW_MAKE_JOBS: 10
HOMEBREW_SORBET_RUNTIME: set
Homebrew Ruby: 3.4.3 => /opt/homebrew/Library/Homebrew/vendor/portable-ruby/3.4.3/bin/ruby
CPU: deca-core 64-bit arm_blizzard_avalanche
Clang: 17.0.0 build 1700
Git: 2.39.5 => /Applications/Xcode.app/Contents/Developer/usr/bin/git
Curl: 8.7.1 => /usr/bin/curl
macOS: 15.4.1-arm64
CLT: 16.3.0.0.1.1742442376
Xcode: 16.3
Rosetta 2: false

$ brew info qemu
==> qemu: stable 10.0.0 (bottled), HEAD
Generic machine emulator and virtualizer
https://www.qemu.org/
Installed
/opt/homebrew/Cellar/qemu/10.0.0 (169 files, 681.8MB) *
  Poured from bottle using the formulae.brew.sh API on 2025-04-24 at 17:21:36
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/q/qemu.rb
License: GPL-2.0-only
==> Dependencies
Build: libtool ✔, meson ✔, ninja ✔, pkgconf ✔, python@3.13 ✔, spice-protocol ✘
Required: capstone ✔, dtc ✔, glib ✔, gnutls ✔, jpeg-turbo ✔, libpng ✔, libslirp ✔, libssh ✔, libusb ✔, lzo ✔, ncurses ✔, nettle ✔, pixman ✔, snappy ✔, vde ✔, zstd ✔
==> Options
--HEAD
	Install HEAD version
==> Analytics
install: 39,382 (30 days), 111,020 (90 days), 452,850 (365 days)
install-on-request: 38,095 (30 days), 106,708 (90 days), 402,037 (365 days)
build-error: 1,144 (30 days)

$ qemu-system-x86_64
[QEMU window appears]
$ qemu-system-mips
[QEMU window appears]
$ qemu-system-aarch64
qemu-system-aarch64: No machine specified, and there is no default
Use -machine help to list supported machines
$ qemu-system-avr
qemu-system-avr: No machine specified, and there is no default
Use -machine help to list supported machines

I still get the same output messages ("no default machine" etc.) when I try the ones listed above that are still working - maybe it has something to do with the window drawing/initialization code?

It may be helpful if someone who is able to reproduce this can run it with a debugger and find where it's crashing, e.g. lldb -- $(which qemu-system-x86_64).

[0xdea]

Thank you for looking into this! Here's the debugger's output:

raptor@fnord ~ % lldb -- $(which qemu-system-x86_64)
(lldb) target create "/opt/homebrew/bin/qemu-system-x86_64"
Current executable set to '/opt/homebrew/bin/qemu-system-x86_64' (arm64).
(lldb) r
Process 41157 launched: '/opt/homebrew/bin/qemu-system-x86_64' (arm64)
Process 41157 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGUSR2
    frame #0: 0x0000000194a48cc0 libsystem_kernel.dylib`__sigsuspend + 8
libsystem_kernel.dylib`__sigsuspend:
->  0x194a48cc0 <+8>:  b.lo   0x194a48ce0    ; <+40>
    0x194a48cc4 <+12>: pacibsp
    0x194a48cc8 <+16>: stp    x29, x30, [sp, #-0x10]!
    0x194a48ccc <+20>: mov    x29, sp
Target 0: (qemu-system-x86_64) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGUSR2
  * frame #0: 0x0000000194a48cc0 libsystem_kernel.dylib`__sigsuspend + 8
    frame #1: 0x00000001004e0538 qemu-system-x86_64`qemu_coroutine_new + 308
    frame #2: 0x00000001004df220 qemu-system-x86_64`qemu_coroutine_create + 252
    frame #3: 0x000000010043bc1c qemu-system-x86_64`monitor_init_globals + 88
    frame #4: 0x00000001001eb514 qemu-system-x86_64`qemu_init_subsystems + 204
    frame #5: 0x00000001001ebf5c qemu-system-x86_64`qemu_init + 476
    frame #6: 0x000000010043d520 qemu-system-x86_64`main + 36
    frame #7: 0x00000001946fc274 dyld`start + 2840
(lldb) c
Process 41157 resuming
Process 41157 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x0000000000000000
error: memory read failed for 0x0
Target 0: (qemu-system-x86_64) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x0000000000000000
    frame #1: 0x00000001004d3818 qemu-system-x86_64`get_opt_value + 52
    frame #2: 0x00000001004d4d40 qemu-system-x86_64`get_opt_name_value + 148
    frame #3: 0x00000001004d4f60 qemu-system-x86_64`opts_do_parse + 104
    frame #4: 0x00000001004d5184 qemu-system-x86_64`opts_parse + 272
    frame #5: 0x00000001001ee3c8 qemu-system-x86_64`qemu_init + 9800
    frame #6: 0x000000010043d520 qemu-system-x86_64`main + 36
    frame #7: 0x00000001946fc274 dyld`start + 2840
(lldb) x/10i 0x00000001004d3818
    0x1004d3818: mov    x21, x0
    0x1004d381c: sub    x24, x0, x20
    0x1004d3820: ldrb   w8, [x0]
    0x1004d3824: cbz    w8, 0x1004d3838 ; <+84>
    0x1004d3828: ldrb   w8, [x21, #0x1]
    0x1004d382c: cmp    w8, #0x2c
    0x1004d3830: cinc   x22, x24, eq
    0x1004d3834: b      0x1004d383c    ; <+88>
    0x1004d3838: mov    x22, x24
    0x1004d383c: add    x25, x22, x23
(lldb)

Also:

raptor@fnord ~ % lldb --core /cores/core.41202 -- $(which qemu-system-x86_64)
(lldb) target create "/opt/homebrew/bin/qemu-system-x86_64" --core "/cores/core.41202"
Core file '/cores/core.41202' (arm64) was loaded.
(lldb) bt
* thread #1, stop reason = ESR_EC_IABORT_EL0 (fault address: 0x0)
  * frame #0: 0x0000000000000000
    frame #1: 0x000000010313f818 qemu-system-x86_64`get_opt_value + 52
    frame #2: 0x0000000103140d40 qemu-system-x86_64`get_opt_name_value + 148
    frame #3: 0x0000000103140f60 qemu-system-x86_64`opts_do_parse + 104
    frame #4: 0x0000000103141184 qemu-system-x86_64`opts_parse + 272
    frame #5: 0x0000000102e5a3c8 qemu-system-x86_64`qemu_init + 9800
    frame #6: 0x00000001030a9520 qemu-system-x86_64`main + 36
    frame #7: 0x00000001946fc274 dyld`start + 2840

If you'd like me to share the coredump file or do other tests, just let me know.

[0xdea]

Ok, based on @alebcay's brew config output, I updated my OS to macOS 15.4.1-arm64 and now the issue magically disappeared. Weird, but I'm happy it seems solved now!

[vhive-jonathan-carse]

Ok, based on @alebcay's brew config output, I updated my OS to macOS 15.4.1-arm64 and now the issue magically disappeared. Weird, but I'm happy it seems solved now!

I can reproduce on my machine, Mac 15.3.2-arm64 (24D81)

[alebcay]

Thanks for the backtrace, I and/or someone will take a closer look when time permits.

For anyone still seeing the issue, it may also be worth trying brew install --build-from-source qemu to see if QEMU 10 built locally on your machine works. That would help with confirming if the prebuilt binaries (built by Homebrew's CI on 15.4[.1] machines) are not compatible on earlier 15.x machines.

[IanSeyler]

I had this issue as well. I updated macOS to 15.4.1 and now qemu is working.

[dtrodrigues]

I had this issue on 15.3.1. Building from source resolves the issue, so it does seem that the qemu bottle built on 15.4 is not compatible with 15.3 machines.

[Bo98]

Probably because Qemu is picking up strchrnul, introduced in macOS 15.4. We could maybe force the build to temporarily ignore it, though our support for older minor/patch versions of macOS is limited. 15.4 has also been out for a month now.

It's very much possible other formulae may be affected going forward if they use strchrnul and realistically it's going to be hard to stop them all.

[tranngocsongtruc]

Confirmed that I updated MacOS Sequoia from 15.0.1 to 15.4.1 and it worked

[jcalvopinam]

Reproducible on my machine, version 10.0.0 is unusable Thanks ChatGPT for guiding me on how to install v9 :)

The same error here! I'm running on mac m2 15.3.2
How did you do that? I've tried, but I keep still getting the Segmentation fault :/

my last alternative is to upgrade the operating system

[OMikkel]

Same issue with v10 of emu, please revert the formula back to v9.2.3 asap as v10 is unstable

[Bo98]

Same issue with v10 of emu, please revert the formula back to v9.2.3 asap as v10 is unstable

Is there anything blocking you from using macOS 15.4?

If it's an issue we'll accept a PR backporting https://gitlab.com/qemu-project/qemu/-/commit/a5b30be534538dc6e44a68ce9734e45dd08f52ec that should fix compatibility with old versions of macOS 15.

[OMikkel]

Nothing is blocking me from updating my os, but i dont want to.
V9.2.3 was working just fine and if v10 is not compatible with sequioa, brew should install v9.2.3 instead.
I am not sure what a PR backporting is, so I can’t really comment on that.