Comment 4 for bug 1860553

It seems halt instruction is not implemented for qemu-user, only for qemu-system:

1286 #ifndef CONFIG_USER_ONLY
...
1365 static DisasJumpType gen_mtpr(DisasContext *ctx, TCGv vb, int regno)
1366 {
1367 int data;
1368
1369 switch (regno) {
...
1390 case 252:
1391 /* HALT */
1392 gen_helper_halt(vb);
1393 return DISAS_PC_STALE;
...
1437 }
1438 #endif /* !USER_ONLY*/

...
2673 case 0x1D:
2674 /* HW_MTPR (PALcode) */
2675 #ifndef CONFIG_USER_ONLY
2676 REQUIRE_TB_FLAG(ENV_FLAG_PAL_MODE);
2677 vb = load_gpr(ctx, rb);
2678 ret = gen_mtpr(ctx, vb, insn & 0xffff);
2679 break;
2680 #else
2681 goto invalid_opc;
2682 #endif