Segmentation fault in qemu on macOS 15.0-15.3

[0xdea]

brew gist-logs <formula> link OR brew config AND brew doctor output

raptor@fnord ~ % brew config
HOMEBREW_VERSION: 4.4.32
ORIGIN: https://github.com/Homebrew/brew
HEAD: 12a3d4a6f1eedf483855716b989d828443438f79
Last commit: 18 hours ago
Branch: stable
Core tap JSON: 23 Apr 08:36 UTC
Core cask tap JSON: 23 Apr 08:36 UTC
HOMEBREW_PREFIX: /opt/homebrew
HOMEBREW_CASK_OPTS: []
HOMEBREW_MAKE_JOBS: 8
Homebrew Ruby: 3.3.8 => /opt/homebrew/Library/Homebrew/vendor/portable-ruby/3.3.8/bin/ruby
CPU: octa-core 64-bit arm_ibiza
Clang: 16.0.0 build 1600
Git: 2.39.5 => /Library/Developer/CommandLineTools/usr/bin/git
Curl: 8.7.1 => /usr/bin/curl
macOS: 15.3.2-arm64
CLT: 16.2.0.0.1.1733547573
Xcode: N/A
Rosetta 2: false

raptor@fnord ~ % brew doctor
Your system is ready to brew.

Verification

• My brew doctor output says Your system is ready to brew. and am still able to reproduce my issue.
• I ran brew update and am still able to reproduce my issue.
• I have resolved all warnings from brew doctor and that did not fix my problem.
• I searched for recent similar issues at https://github.com/Homebrew/homebrew-core/issues?q=is%3Aissue and found no duplicates.

What were you trying to do (and why)?

I'm trying to run qemu-system-x86_64 on my ARM Mac.

What happened (include all command output)?

Most qemu-system binaries produce a segmentation fauilt:

raptor@fnord rust_os % qemu-system-x86_64
zsh: segmentation fault  qemu-system-x86_64
raptor@fnord rust_os % qemu-system-mips
zsh: segmentation fault  qemu-system-mips
raptor@fnord rust_os % qemu-system-sparc
zsh: segmentation fault  qemu-system-sparc
...

Some of them work properly:

raptor@fnord rust_os % qemu-system-aarch64
qemu-system-aarch64: No machine specified, and there is no default
Use -machine help to list supported machines
raptor@fnord rust_os % qemu-system-arm
qemu-system-arm: No machine specified, and there is no default
Use -machine help to list supported machines
raptor@fnord rust_os % qemu-system-avr
qemu-system-avr: No machine specified, and there is no default
Use -machine help to list supported machines
...

What did you expect to happen?

I expected all qemu-system binaries to work properly on my ARM Mac.

Step-by-step reproduction instructions (by running brew commands)

brew install qemu
qemu-system-x86_64

[vhive-jonathan-carse]

Reproducible on my machine, version 10.0.0 is unusable
Thanks ChatGPT for guiding me on how to install v9 :)

[alebcay]

Can't reproduce this.

$ brew config
HOMEBREW_VERSION: 4.4.32-50-g8a5babc
ORIGIN: https://github.com/Homebrew/brew
HEAD: 8a5babc4247b363da068dca16f15417cee359dc0
Last commit: 2 hours ago
Branch: master
Core tap HEAD: 598f524eabb0db3dc8d96296900139940957a131
Core tap last commit: 30 minutes ago
Core tap JSON: 24 Apr 21:20 UTC
Core cask tap HEAD: d9d69fa4389c1932ab18a8316b106180293a61ab
Core cask tap last commit: 2 hours ago
Core cask tap JSON: 24 Apr 21:20 UTC
HOMEBREW_PREFIX: /opt/homebrew
HOMEBREW_CASK_OPTS: []
HOMEBREW_EDITOR: /Applications/VSCodium.app/Contents/Resources/app/bin/codium
HOMEBREW_MAKE_JOBS: 10
HOMEBREW_SORBET_RUNTIME: set
Homebrew Ruby: 3.4.3 => /opt/homebrew/Library/Homebrew/vendor/portable-ruby/3.4.3/bin/ruby
CPU: deca-core 64-bit arm_blizzard_avalanche
Clang: 17.0.0 build 1700
Git: 2.39.5 => /Applications/Xcode.app/Contents/Developer/usr/bin/git
Curl: 8.7.1 => /usr/bin/curl
macOS: 15.4.1-arm64
CLT: 16.3.0.0.1.1742442376
Xcode: 16.3
Rosetta 2: false

$ brew info qemu
==> qemu: stable 10.0.0 (bottled), HEAD
Generic machine emulator and virtualizer
https://www.qemu.org/
Installed
/opt/homebrew/Cellar/qemu/10.0.0 (169 files, 681.8MB) *
  Poured from bottle using the formulae.brew.sh API on 2025-04-24 at 17:21:36
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/q/qemu.rb
License: GPL-2.0-only
==> Dependencies
Build: libtool ✔, meson ✔, ninja ✔, pkgconf ✔, python@3.13 ✔, spice-protocol ✘
Required: capstone ✔, dtc ✔, glib ✔, gnutls ✔, jpeg-turbo ✔, libpng ✔, libslirp ✔, libssh ✔, libusb ✔, lzo ✔, ncurses ✔, nettle ✔, pixman ✔, snappy ✔, vde ✔, zstd ✔
==> Options
--HEAD
	Install HEAD version
==> Analytics
install: 39,382 (30 days), 111,020 (90 days), 452,850 (365 days)
install-on-request: 38,095 (30 days), 106,708 (90 days), 402,037 (365 days)
build-error: 1,144 (30 days)

$ qemu-system-x86_64
[QEMU window appears]
$ qemu-system-mips
[QEMU window appears]
$ qemu-system-aarch64
qemu-system-aarch64: No machine specified, and there is no default
Use -machine help to list supported machines
$ qemu-system-avr
qemu-system-avr: No machine specified, and there is no default
Use -machine help to list supported machines

I still get the same output messages ("no default machine" etc.) when I try the ones listed above that are still working - maybe it has something to do with the window drawing/initialization code?

It may be helpful if someone who is able to reproduce this can run it with a debugger and find where it's crashing, e.g. lldb -- $(which qemu-system-x86_64).

[0xdea]

Thank you for looking into this! Here's the debugger's output:

raptor@fnord ~ % lldb -- $(which qemu-system-x86_64)
(lldb) target create "/opt/homebrew/bin/qemu-system-x86_64"
Current executable set to '/opt/homebrew/bin/qemu-system-x86_64' (arm64).
(lldb) r
Process 41157 launched: '/opt/homebrew/bin/qemu-system-x86_64' (arm64)
Process 41157 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGUSR2
    frame #0: 0x0000000194a48cc0 libsystem_kernel.dylib`__sigsuspend + 8
libsystem_kernel.dylib`__sigsuspend:
->  0x194a48cc0 <+8>:  b.lo   0x194a48ce0    ; <+40>
    0x194a48cc4 <+12>: pacibsp
    0x194a48cc8 <+16>: stp    x29, x30, [sp, #-0x10]!
    0x194a48ccc <+20>: mov    x29, sp
Target 0: (qemu-system-x86_64) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGUSR2
  * frame #0: 0x0000000194a48cc0 libsystem_kernel.dylib`__sigsuspend + 8
    frame #1: 0x00000001004e0538 qemu-system-x86_64`qemu_coroutine_new + 308
    frame #2: 0x00000001004df220 qemu-system-x86_64`qemu_coroutine_create + 252
    frame #3: 0x000000010043bc1c qemu-system-x86_64`monitor_init_globals + 88
    frame #4: 0x00000001001eb514 qemu-system-x86_64`qemu_init_subsystems + 204
    frame #5: 0x00000001001ebf5c qemu-system-x86_64`qemu_init + 476
    frame #6: 0x000000010043d520 qemu-system-x86_64`main + 36
    frame #7: 0x00000001946fc274 dyld`start + 2840
(lldb) c
Process 41157 resuming
Process 41157 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
    frame #0: 0x0000000000000000
error: memory read failed for 0x0
Target 0: (qemu-system-x86_64) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0)
  * frame #0: 0x0000000000000000
    frame #1: 0x00000001004d3818 qemu-system-x86_64`get_opt_value + 52
    frame #2: 0x00000001004d4d40 qemu-system-x86_64`get_opt_name_value + 148
    frame #3: 0x00000001004d4f60 qemu-system-x86_64`opts_do_parse + 104
    frame #4: 0x00000001004d5184 qemu-system-x86_64`opts_parse + 272
    frame #5: 0x00000001001ee3c8 qemu-system-x86_64`qemu_init + 9800
    frame #6: 0x000000010043d520 qemu-system-x86_64`main + 36
    frame #7: 0x00000001946fc274 dyld`start + 2840
(lldb) x/10i 0x00000001004d3818
    0x1004d3818: mov    x21, x0
    0x1004d381c: sub    x24, x0, x20
    0x1004d3820: ldrb   w8, [x0]
    0x1004d3824: cbz    w8, 0x1004d3838 ; <+84>
    0x1004d3828: ldrb   w8, [x21, #0x1]
    0x1004d382c: cmp    w8, #0x2c
    0x1004d3830: cinc   x22, x24, eq
    0x1004d3834: b      0x1004d383c    ; <+88>
    0x1004d3838: mov    x22, x24
    0x1004d383c: add    x25, x22, x23
(lldb)

Also:

raptor@fnord ~ % lldb --core /cores/core.41202 -- $(which qemu-system-x86_64)
(lldb) target create "/opt/homebrew/bin/qemu-system-x86_64" --core "/cores/core.41202"
Core file '/cores/core.41202' (arm64) was loaded.
(lldb) bt
* thread #1, stop reason = ESR_EC_IABORT_EL0 (fault address: 0x0)
  * frame #0: 0x0000000000000000
    frame #1: 0x000000010313f818 qemu-system-x86_64`get_opt_value + 52
    frame #2: 0x0000000103140d40 qemu-system-x86_64`get_opt_name_value + 148
    frame #3: 0x0000000103140f60 qemu-system-x86_64`opts_do_parse + 104
    frame #4: 0x0000000103141184 qemu-system-x86_64`opts_parse + 272
    frame #5: 0x0000000102e5a3c8 qemu-system-x86_64`qemu_init + 9800
    frame #6: 0x00000001030a9520 qemu-system-x86_64`main + 36
    frame #7: 0x00000001946fc274 dyld`start + 2840

If you'd like me to share the coredump file or do other tests, just let me know.

[0xdea]

Ok, based on @alebcay's brew config output, I updated my OS to macOS 15.4.1-arm64 and now the issue magically disappeared. Weird, but I'm happy it seems solved now!

[vhive-jonathan-carse]

Ok, based on @alebcay's brew config output, I updated my OS to macOS 15.4.1-arm64 and now the issue magically disappeared. Weird, but I'm happy it seems solved now!

I can reproduce on my machine, Mac 15.3.2-arm64 (24D81)

[alebcay]

Thanks for the backtrace, I and/or someone will take a closer look when time permits.

For anyone still seeing the issue, it may also be worth trying brew install --build-from-source qemu to see if QEMU 10 built locally on your machine works. That would help with confirming if the prebuilt binaries (built by Homebrew's CI on 15.4[.1] machines) are not compatible on earlier 15.x machines.

[IanSeyler]

I had this issue as well. I updated macOS to 15.4.1 and now qemu is working.

[dtrodrigues]

I had this issue on 15.3.1. Building from source resolves the issue, so it does seem that the qemu bottle built on 15.4 is not compatible with 15.3 machines.

[Bo98]

Probably because Qemu is picking up strchrnul, introduced in macOS 15.4. We could maybe force the build to temporarily ignore it, though our support for older minor/patch versions of macOS is limited. 15.4 has also been out for a month now.

It's very much possible other formulae may be affected going forward if they use strchrnul and realistically it's going to be hard to stop them all.

[tranngocsongtruc]

Confirmed that I updated MacOS Sequoia from 15.0.1 to 15.4.1 and it worked