Skip to content

qemu-system-arm: ../accel/tcg/cpu-exec.c:917: cpu_loop_exec_tb: Assertion `icount_enabled()' failed.

Host environment

  • Operating system: Debian/Sid
  • OS/kernel version: Linux noys4 6.1.0-6-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.15-1 (2023-03-05) x86_64 GNU/Linux
  • Architecture: x86_64
  • QEMU flavor: qemu-system-arm
  • QEMU version: QEMU emulator version 7.2.90 (v8.0.0-rc0-31-g61b0608b68-dirty)
  • QEMU command line: 
    qemu-system-arm \
  -kernel /path/to/bootstrap.elf \
  -serial stdio \
  -display none \
  -m 1536 \
  -cpu cortex-a15 \
  -smp 1,cores=1,maxcpus=1 \
  -machine virt,virtualization=true \
  -machine highmem=off

Emulated/Virtualized environment

  • Operating system: Custom (L4Re)
  • OS/kernel version: Git
  • Architecture: ARM

Description of problem

When starting the guest, the mentioned assertion is triggered very soon:

qemu-system-arm: ../accel/tcg/cpu-exec.c:917: cpu_loop_exec_tb: Assertion `icount_enabled()' failed.

I'm able to successfully boot the same image with QEMU 7.2.0.

The last output from the qemu logging with -d guest_errors,in_asm,int,pcall,cpu is

----------------
IN:
0x40209100:  e92d4ff0  push     {r4, r5, r6, r7, r8, sb, sl, fp, lr}
0x40209104:  e28db020  add      fp, sp, #0x20
0x40209108:  e24b3f49  sub      r3, fp, #0x124
0x4020910c:  e24ddf43  sub      sp, sp, #0x10c
0x40209110:  e1a0e00f  mov      lr, pc
0x40209114:  e3e0f0ff  mvn      pc, #0xff

R00=4021000c R01=4020a5f8 R02=0000000f R03=40209100
R04=40210018 R05=40210018 R06=4020c000 R07=40002000
R08=00000000 R09=00000000 R10=00000000 R11=4020d7fc
R12=00000000 R13=4020d7f0 R14=4020074c R15=40209100
PSR=2000011f --C- A sys32
----------------
IN:
0xffffff00:  ee1d0f50  mrc      p15, #0, r0, c13, c0, #2

R00=4021000c R01=4020a5f8 R02=0000000f R03=4020d6c8
R04=40210018 R05=40210018 R06=4020c000 R07=40002000
R08=00000000 R09=00000000 R10=00000000 R11=4020d7ec
R12=00000000 R13=4020d6c0 R14=40209118 R15=ffffff00
PSR=2000011f --C- A sys32

Please note that the L4Re OS uses mvn pc, #0xff to switch from EL1 to EL2 (system call).

Steps to reproduce

  1. Boot the attached image with the provided command line to trigger the assertion

Additional information

I will attach the bootstrap image to this ticket.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information